av_scanner = CLAMAV
.endif
-.ifdef HAVE_USER_DEBBUGS MAIL_RELAY STUPID_FIREWALL
+.ifdef HAVE_USER_DEBBUGS MAIL_RELAY MAIL_IN_VIA_SUBMISSION
daemon_smtp_ports = 25 : 587
+.else
+.ifdef MAIL_IN_VIA_2025
+daemon_smtp_ports = 25 : 2025
+.endif
.endif
admin_groups = adm
log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation
+received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
+ {${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
+ ${if and {{eq {$tls_certificate_verified}{1}}{def:tls_peerdn}}{from $tls_peerdn\n\t}}\
+ by $primary_hostname ${if def:received_protocol {with $received_protocol}} ${if def:tls_cipher {($tls_cipher)\n\t}}\
+ (Exim $version_number)\n\t\
+ ${if def:sender_address {(envelope-from <$sender_address>)\n\t}}\
+ id $message_exim_id${if def:received_for {\n\tfor $received_for}}
+
# macro definitions.
# Do not wrap!
VDOMAINDATA = ${lookup{$domain}partial-lsearch{/etc/exim4/virtualdomains}{$value}}
#!!# ACL that is used after the RCPT command on the submission port
check_submission:
+ # Accept if the source is local SMTP (i.e. not over TCP/IP).
+ # We do this by testing for an empty sending host field.
+ accept hosts = : 127.0.0.1
# Defer after too many bad RCPT TO's. Legit MTAs will retry later.
# This is a rough pass at preventing addres harvesting or other mail blasts.
defer
ratelimit = 5 / 60m / per_rcpt / $sender_host_address
+ !hosts = +debianhosts
message = sorry, only 5 reports per hour for submission
+ accept domains = +local_domains
+ hosts = +debianhosts
+ endpass
+ message = unknown user
+ verify = recipient
+
+ accept domains = +mailhubdomains
+ endpass
+ message = unknown user
+ verify = recipient/callout=30s,defer_ok,use_sender,no_cache
+
accept domains = +submission_domains
endpass
message = unknown user
warn domains = rt.debian.org
set acl_m1 = RTMail
- set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if match{$local_part}{[^+]+\\+\\d+} {RTMailRecipientHasSubaddress}}}}
+ set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{[^+]+\\+\\d+}}{match{$local_part}{[^+]+\\+new}}} {RTMailRecipientHasSubaddress}}}}
warn domains = packages.qa.debian.org
set acl_m1 = PTSMail
accept domains = +mailhubdomains
endpass
message = unknown user
- verify = recipient/callout,defer_ok
+ verify = recipient/callout=30s,defer_ok,use_sender,no_cache
accept domains = +handled_domains
endpass
transport = remote_smtp
ignore_target_hosts = +reservedaddrs
+.ifdef SMARTHOST
+smarthost:
+ debug_print = "R: smarthost for $local_part@$domain"
+ driver = manualroute
+ domains = !+handled_domains
+ transport = remote_smtp_smarthost
+ route_list = * SMARTHOST
+ host_find_failed = defer
+ same_domain_copy_routing = yes
+ no_more
+.endif
# This router routes to remote hosts over SMTP using a DNS lookup.
# Ignore reserved network responses, including localhost.
dnslookup:
.endif
# This router delivers for rt.d.o
-rt:
+rt_force_new_verbose:
+ debug_print = "R: rt for $local_part+new@$domain"
+ driver = redirect
+ domains = rt.debian.org
+ require_files = /usr/bin/rt-mailgate : RT_QUEUE_MAP
+ local_parts = ${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}}
+ local_part_suffix = +new
+ pipe_transport = rt_pipe
+ data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+
+# FIXME: figure out how to generalize this approach so that all of the following would work
+# - rt+NNNN@rt.debian.org : attach correspondence to ticket (verbose)
+# - rt+NNNN-quiesce@rt.debian.org : attach correspondence to ticket (quiesce)
+# - rt+NNNN-<action>@rt.debian.org : attach correspondence to ticket (some action)
+# requires modification to custom condition in 'scrips'
+rt_force_new_quiesce:
+ debug_print = "R: rt for $local_part+new-quiesce@$domain"
+ driver = redirect
+ domains = rt.debian.org
+ require_files = /usr/bin/rt-mailgate : RT_QUEUE_MAP
+ local_parts = ${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}}
+ local_part_suffix = +new-quiesce
+ pipe_transport = rt_pipe
+ data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce"
+
+rt_otherwise:
debug_print = "R: rt for $local_part@$domain"
driver = redirect
domains = rt.debian.org
driver = smtp
connect_timeout = 1m
.ifdef USE_TLS
-# tls_tempfail_tryclear = true
tls_certificate = /etc/exim4/ssl/thishost.crt
tls_privatekey = /etc/exim4/ssl/thishost.key
-# tls_verify_certificates = /etc/exim4/ssl/ca.crt
-# tls_crl = /etc/exim4/ssl/ca.crl
+.endif
+
+remote_smtp_smarthost:
+ debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
+ driver = smtp
+.ifdef SMARTHST_PORT
+ port = SMARTHST_PORT
+.endif
+.ifdef USE_TLS
+ tls_tempfail_tryclear = false
+ tls_certificate = /etc/exim4/ssl/thishost.crt
+ tls_privatekey = /etc/exim4/ssl/thishost.key
.endif
# Send the message to procmail