end
out
%>
+acl_smtp_predata = acl_check_predata
# accept domain literal syntax in e-mail addresses. To actually make use of
# this a router is also required
######################################################################
begin acl
+acl_localonly:
+ accept local_parts = +local_only_users
+ domains = +local_domains
+ hosts = !+debianhosts
+
+ deny
+
check_helo:
warn set acl_c1 = 0
condition = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}}
message = no mail should ever come from <$sender_address>
- deny local_parts = +local_only_users
- domains = +local_domains
- hosts = !+debianhosts
- message = mail for $local_part is only accepted internally
+ warn condition = ${if eq{$acl_m6}{}}
+ acl = acl_localonly
+ set acl_m6 = localonly
+ set acl_m7 = ${if eq{$acl_m7}{}{$local_part@$domain}{$acl_m7, $local_part@$domain}}
+
+ warn condition = ${if eq{$acl_m6}{}}
+ !acl = acl_localonly
+ set acl_m6 = normal
+
+ defer condition = ${if eq{$acl_m6}{localonly}}
+ !acl = acl_localonly
+ log_message = Only one profile at a time, please
+
+ defer condition = ${if eq{$acl_m6}{normal}}
+ acl = acl_localonly
+ log_message = Only one profile at a time, please
<%=
out=''
out
%>
+acl_check_predata:
+ deny condition = ${if eq{$acl_m6}{localonly}}
+ message = $acl_m7 does not send mail; nondelivery reports are rejected as fakes.
+
+ accept
+
+
#!!# ACL that is used after the DATA command
check_message:
require verify = header_syntax
projects / mirror / dsa-puppet.git / commitdiff