X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ffiles%2Fcommon%2Fexim4.conf;h=1d2c4481b7f4c56a976ab59cad0d242220a0a2e0;hb=14d14644e6a24663d0d09777c7988b9d32190637;hp=979cefac47194496ba28eba757fd6b638da0eb64;hpb=c3b45e9d62f33d4825f42829e150be6a6ab1a85f;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/files/common/exim4.conf b/modules/exim/files/common/exim4.conf index 979cefac4..1d2c4481b 100644 --- a/modules/exim/files/common/exim4.conf +++ b/modules/exim/files/common/exim4.conf @@ -121,7 +121,7 @@ localpartlist local_only_users = lsearch;/etc/exim4/localusers # accept mail for them. domainlist rcpthosts = partial-lsearch;/etc/exim4/rcpthosts hostlist debianhosts = 127.0.0.1 : net-lsearch;/var/lib/misc/thishost/debianhosts -domainlist mailhubdomains = lsearch;/etc/exim4/mailertable +domainlist mailhubdomains = lsearch;/etc/exim4/manualroute .ifndef RESERVEDADDRS RESERVEDADDRS = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : \ @@ -197,7 +197,7 @@ queue_list_requires_admin = false av_scanner = CLAMAV .endif -.ifdef HAVE_USER_DEBBUGS MAIL_RELAY +.ifdef HAVE_USER_DEBBUGS MAIL_RELAY STUPID_FIREWALL daemon_smtp_ports = 25 : 587 .endif @@ -316,6 +316,9 @@ check_helo: #!!# ACL that is used after the RCPT command on the submission port check_submission: + # Accept if the source is local SMTP (i.e. not over TCP/IP). + # We do this by testing for an empty sending host field. + accept hosts = : 127.0.0.1 # Defer after too many bad RCPT TO's. Legit MTAs will retry later. # This is a rough pass at preventing addres harvesting or other mail blasts. @@ -331,6 +334,16 @@ check_submission: ratelimit = 5 / 60m / per_rcpt / $sender_host_address message = sorry, only 5 reports per hour for submission + accept domains = +localhost + endpass + message = unknown user + verify = recipient + + accept domains = +mailhubdomains + endpass + message = unknown user + verify = recipient/callout=30s,defer_ok,use_sender,no_cache + accept domains = +submission_domains endpass message = unknown user @@ -625,7 +638,7 @@ check_recipient: accept domains = +mailhubdomains endpass message = unknown user - verify = recipient/callout,defer_ok + verify = recipient/callout=30s,defer_ok,use_sender,no_cache accept domains = +handled_domains endpass @@ -747,8 +760,8 @@ relay_manualroute: driver = manualroute domains = +mailhubdomains transport = remote_smtp - route_data = ${lookup{$domain}lsearch{/etc/exim4/mailertable}} - require_files = /etc/exim4/mailertable + route_data = ${lookup{$domain}lsearch{/etc/exim4/manualroute}} + require_files = /etc/exim4/manualroute bsmtp: debug_print = "R: bsmtp for $local_part@$domain" @@ -770,6 +783,17 @@ ipliteral: transport = remote_smtp ignore_target_hosts = +reservedaddrs +.ifdef SMARTHOST +smarthost: + debug_print = "R: smarthost for $local_part@$domain" + driver = manualroute + domains = !+handled_domains + transport = remote_smtp_smarthost + route_list = * SMARTHOST + host_find_failed = defer + same_domain_copy_routing = yes + no_more +.endif # This router routes to remote hosts over SMTP using a DNS lookup. # Ignore reserved network responses, including localhost. dnslookup: @@ -1156,11 +1180,20 @@ remote_smtp: driver = smtp connect_timeout = 1m .ifdef USE_TLS - tls_tempfail_tryclear = true tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key - tls_verify_certificates = /etc/exim4/ssl/ca.crt - tls_crl = /etc/exim4/ssl/ca.crl +.endif + +remote_smtp_smarthost: + debug_print = "T: remote_smtp_smarthost for $local_part@$domain" + driver = smtp +.ifdef SMARTHST_PORT + port = SMARTHST_PORT +.endif +.ifdef USE_TLS + tls_tempfail_tryclear = false + tls_certificate = /etc/exim4/ssl/thishost.crt + tls_privatekey = /etc/exim4/ssl/thishost.key .endif # Send the message to procmail