really accept localhost

[mirror/dsa-puppet.git] / modules / exim / files / common / exim4.conf

diff --git a/modules/exim/files/common/exim4.conf b/modules/exim/files/common/exim4.conf
index b84b477..e1ff1df 100644 (file)
--- a/modules/exim/files/common/exim4.conf
+++ b/modules/exim/files/common/exim4.conf
@@ -121,7 +121,7 @@ localpartlist local_only_users = lsearch;/etc/exim4/localusers
 # accept mail for them.
 domainlist rcpthosts = partial-lsearch;/etc/exim4/rcpthosts
 hostlist debianhosts = 127.0.0.1 : net-lsearch;/var/lib/misc/thishost/debianhosts
-domainlist mailhubdomains = lsearch;/etc/exim4/mailertable
+domainlist mailhubdomains = lsearch;/etc/exim4/manualroute
 
 .ifndef RESERVEDADDRS
 RESERVEDADDRS = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : \
@@ -197,7 +197,7 @@ queue_list_requires_admin = false
 av_scanner = CLAMAV
 .endif
 
-.ifdef HAVE_USER_DEBBUGS
+.ifdef HAVE_USER_DEBBUGS MAIL_RELAY STUPID_FIREWALL
 daemon_smtp_ports = 25 : 587
 .endif
 
@@ -316,9 +316,16 @@ check_helo:
 #!!# ACL that is used after the RCPT command on the submission port
 check_submission:
 
+  # Accept if the source is local SMTP (i.e. not over TCP/IP).
+  # We do this by testing for an empty sending host field.
+  accept  hosts = : 127.0.0.1
   # Defer after too many bad RCPT TO's.  Legit MTAs will retry later.
   # This is a rough pass at preventing addres harvesting or other mail blasts.
 
+.ifdef MAIL_RELAY
+  accept  verify   = certificate
+.endif
+
   defer  log_message   = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count
          message       = Too many bad recipients, try again later
          condition     = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
@@ -337,6 +344,10 @@ check_submission:
 #!!# ACL that is used after the RCPT command
 check_recipient:
 
+.ifdef MAIL_RELAY
+  accept  verify   = certificate
+.endif
+
   # Defer after too many bad RCPT TO's.  Legit MTAs will retry later.
   # This is a rough pass at preventing addres harvesting or other mail blasts.
 
@@ -739,8 +750,8 @@ relay_manualroute:
   driver = manualroute
   domains = +mailhubdomains
   transport = remote_smtp
-  route_data = ${lookup{$domain}lsearch{/etc/exim4/mailertable}}
-  require_files = /etc/exim4/mailertable
+  route_data = ${lookup{$domain}lsearch{/etc/exim4/manualroute}}
+  require_files = /etc/exim4/manualroute
 
 bsmtp:
   debug_print = "R: bsmtp for $local_part@$domain"
@@ -762,6 +773,17 @@ ipliteral:
   transport = remote_smtp
   ignore_target_hosts = +reservedaddrs
 
+.ifdef SMARTHOST
+smarthost:
+  debug_print = "R: smarthost for $local_part@$domain"
+  driver = manualroute
+  domains = !+handled_domains
+  transport = remote_smtp_smarthost
+  route_list = * SMARTHOST
+  host_find_failed = defer
+  same_domain_copy_routing = yes
+  no_more
+.endif
 # This router routes to remote hosts over SMTP using a DNS lookup.
 # Ignore reserved network responses, including localhost.
 dnslookup:
@@ -1148,11 +1170,20 @@ remote_smtp:
   driver = smtp
   connect_timeout = 1m
 .ifdef USE_TLS
-  tls_tempfail_tryclear = true
   tls_certificate = /etc/exim4/ssl/thishost.crt
   tls_privatekey = /etc/exim4/ssl/thishost.key
-  tls_verify_certificates = /etc/exim4/ssl/ca.crt
-  tls_crl = /etc/exim4/ssl/ca.crl
+.endif
+
+remote_smtp_smarthost:
+  debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
+  driver = smtp
+.ifdef SMARTHST_PORT
+  port = SMARTHST_PORT
+.endif
+.ifdef USE_TLS
+  tls_tempfail_tryclear = false
+  tls_certificate = /etc/exim4/ssl/thishost.crt
+  tls_privatekey = /etc/exim4/ssl/thishost.key
 .endif
 
 # Send the message to procmail