av_scanner = CLAMAV
.endif
-.ifdef HAVE_USER_DEBBUGS MAIL_RELAY
+.ifdef HAVE_USER_DEBBUGS MAIL_RELAY STUPID_FIREWALL
daemon_smtp_ports = 25 : 587
.endif
#!!# ACL that is used after the RCPT command on the submission port
check_submission:
+ # Accept if the source is local SMTP (i.e. not over TCP/IP).
+ # We do this by testing for an empty sending host field.
+ accept hosts = : 127.0.0.1
# Defer after too many bad RCPT TO's. Legit MTAs will retry later.
# This is a rough pass at preventing addres harvesting or other mail blasts.
defer
ratelimit = 5 / 60m / per_rcpt / $sender_host_address
+ !hosts = +debianhosts
message = sorry, only 5 reports per hour for submission
+ accept domains = +local_domains
+ hosts = +debianhosts
+ endpass
+ message = unknown user
+ verify = recipient
+
+ accept domains = +mailhubdomains
+ endpass
+ message = unknown user
+ verify = recipient/callout=30s,defer_ok,use_sender,no_cache
+
accept domains = +submission_domains
endpass
message = unknown user
accept domains = +mailhubdomains
endpass
message = unknown user
- verify = recipient/callout,defer_ok
+ verify = recipient/callout=30s,defer_ok,use_sender,no_cache
accept domains = +handled_domains
endpass
transport = remote_smtp
ignore_target_hosts = +reservedaddrs
+.ifdef SMARTHOST
+smarthost:
+ debug_print = "R: smarthost for $local_part@$domain"
+ driver = manualroute
+ domains = !+handled_domains
+ transport = remote_smtp_smarthost
+ route_list = * SMARTHOST
+ host_find_failed = defer
+ same_domain_copy_routing = yes
+ no_more
+.endif
# This router routes to remote hosts over SMTP using a DNS lookup.
# Ignore reserved network responses, including localhost.
dnslookup:
driver = smtp
connect_timeout = 1m
.ifdef USE_TLS
- tls_tempfail_tryclear = true
tls_certificate = /etc/exim4/ssl/thishost.crt
tls_privatekey = /etc/exim4/ssl/thishost.key
- tls_verify_certificates = /etc/exim4/ssl/ca.crt
- tls_crl = /etc/exim4/ssl/ca.crl
+.endif
+
+remote_smtp_smarthost:
+ debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
+ driver = smtp
+.ifdef SMARTHST_PORT
+ port = SMARTHST_PORT
+.endif
+.ifdef USE_TLS
+ tls_tempfail_tryclear = false
+ tls_certificate = /etc/exim4/ssl/thishost.crt
+ tls_privatekey = /etc/exim4/ssl/thishost.key
.endif
# Send the message to procmail