Extend the current rules for submission to localhost port 25 to all of
the host's local addresses. The server won't try to talk to itself on
this port, so this is sensible, and there's probably crappy software out
there which assume that it works.
{false}}:>)
m4_define(<:ALLOW_PLAINTEXT_AUTH_P:>,
{false}}:>)
m4_define(<:ALLOW_PLAINTEXT_AUTH_P:>,
-<:or {{match_ip {$sender_host_address}{+localnet}} \
+<:or {{match_ip {$sender_host_address}{+thishost}} \
{and {{def:tls_cipher} {eq{$acl_c_mode}{submission}}}}}:>)
SECTION(auth)m4_dnl
{and {{def:tls_cipher} {eq{$acl_c_mode}{submission}}}}}:>)
SECTION(auth)m4_dnl
## Also, we're liable to get a subsequent HELO (e.g., after STARTTLS)
## and we should only care about the most recent one.
warn set acl_c_helo_warning = false
## Also, we're liable to get a subsequent HELO (e.g., after STARTTLS)
## and we should only care about the most recent one.
warn set acl_c_helo_warning = false
+ !condition = \
+ ${if and {{match_ip {$sender_host_address} \
+ {<; 127.0.0.0/8 ; ::1}} \
+ {match_domain {$sender_helo_name} \
+ {localhost : +thishost}}}}
!condition = \
${if exists {CONF_sysconf_dir/helo.conf} \
{${lookup {$sender_helo_name} \
!condition = \
${if exists {CONF_sysconf_dir/helo.conf} \
{${lookup {$sender_helo_name} \
check_submission:
## See whether this message needs hacking on.
check_submission:
## See whether this message needs hacking on.
- accept !hosts = +localnet
+ accept !hosts = +thishost
!condition = ${if ={$received_port}{CONF_submission_port}}
set acl_c_mode = relay
!condition = ${if ={$received_port}{CONF_submission_port}}
set acl_c_mode = relay
## loopback connection, then we can trust identd to tell us the right
## answer. So we should stash the right name somewhere consistent.
warn set acl_c_user = $authenticated_id
## loopback connection, then we can trust identd to tell us the right
## answer. So we should stash the right name somewhere consistent.
warn set acl_c_user = $authenticated_id
!authenticated = *
set acl_c_user = $sender_ident
## User must be authenticated.
deny message = Sender not authenticated
!authenticated = *
set acl_c_user = $sender_ident
## User must be authenticated.
deny message = Sender not authenticated
!authenticated = *
## Make sure that the local part is one that the authenticated sender
!authenticated = *
## Make sure that the local part is one that the authenticated sender
## Definitions for known networks.
hostlist localnet = <; \
127.0.0.0/8 ; ::1
## Definitions for known networks.
hostlist localnet = <; \
127.0.0.0/8 ; ::1
+hostlist thishost = <; \
+ +localnet ; @[]
hostlist border = <; \
62.49.204.144/28 ; 2001:470:1f09:1b98::/64 ; \
212.13.198.64/28 ; 2001:ba8:0:1d9::/64
hostlist border = <; \
62.49.204.144/28 ; 2001:470:1f09:1b98::/64 ; \
212.13.198.64/28 ; 2001:ba8:0:1d9::/64
~mdw / exim-config / commitdiff