# us. This is primarily only usefull for emergancy 'queue
# flushing' operations, but should be populated with a list
# of trusted machines. Wildcards are not permitted
+# mailhubdomains - Domains for which we are the MX, but the mail is relayed
+# elsewhere. This is designed for use with small volume or
+# restricted machines that need to use a smarthost for mail
+# traffic. We will relay for them based on ssl cert validation
+# but we need to teach exim how to route the mail to them. This is
+# that list.
# The division of files is designed so that all hosts may share rcpthosts
# and relayhosts, these could be replicated automatically if necessary.
# accept mail for them.
domainlist rcpthosts = partial-lsearch;/etc/exim4/rcpthosts
hostlist debianhosts = 127.0.0.1 : net-lsearch;/var/lib/misc/thishost/debianhosts
+domainlist mailhubdomains = lsearch;/etc/exim4/manualroute
.ifndef RESERVEDADDRS
RESERVEDADDRS = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : \
.ifdef USE_TLS
tls_certificate = /etc/exim4/ssl/thishost.crt
tls_privatekey = /etc/exim4/ssl/thishost.key
-.ifdef RELAY_HOST
tls_try_verify_hosts = *
tls_verify_certificates = /etc/exim4/ssl/ca.crt
tls_crl = /etc/exim4/ssl/ca.crl
.endif
-.endif
#system_filter = /etc/exim4/filter
#system_filter_file_transport = address_file
av_scanner = CLAMAV
.endif
-.ifdef HAVE_USER_DEBBUGS
+.ifdef HAVE_USER_DEBBUGS MAIL_RELAY
daemon_smtp_ports = 25 : 587
.endif
# Defer after too many bad RCPT TO's. Legit MTAs will retry later.
# This is a rough pass at preventing addres harvesting or other mail blasts.
+.ifdef MAIL_RELAY
+ accept verify = certificate
+.endif
+
defer log_message = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count
message = Too many bad recipients, try again later
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
#!!# ACL that is used after the RCPT command
check_recipient:
+.ifdef MAIL_RELAY
+ accept verify = certificate
+.endif
+
# Defer after too many bad RCPT TO's. Legit MTAs will retry later.
# This is a rough pass at preventing addres harvesting or other mail blasts.
!hosts = +debianhosts : WHITELIST
!verify = sender/callout
+ accept domains = +mailhubdomains
+ endpass
+ message = unknown user
+ verify = recipient/callout,defer_ok
+
accept domains = +handled_domains
endpass
message = unknown user
# An address is passed to each in turn until it is accepted. #
######################################################################
+relay_manualroute:
+ driver = manualroute
+ domains = +mailhubdomains
+ transport = remote_smtp
+ route_data = ${lookup{$domain}lsearch{/etc/exim4/manualroute}}
+ require_files = /etc/exim4/manualroute
+
bsmtp:
debug_print = "R: bsmtp for $local_part@$domain"
driver = manualroute
driver = smtp
connect_timeout = 1m
.ifdef USE_TLS
- tls_tempfail_tryclear = true
+# tls_tempfail_tryclear = true
tls_certificate = /etc/exim4/ssl/thishost.crt
tls_privatekey = /etc/exim4/ssl/thishost.key
+# tls_verify_certificates = /etc/exim4/ssl/ca.crt
+# tls_crl = /etc/exim4/ssl/ca.crl
.endif
# Send the message to procmail