# broad range of non-alphanumeric characters.
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
- domains = +local_domains : +unix_domains
+ domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
# from mounting certain kinds of attack on remote sites.
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
- domains = !+local_domains : !+unix_domains
+ domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
- domains = +local_domains : +unix_domains : +relay_to_domains
+ domains = +local_domains : +relay_to_domains
# Deny unless the sender address can be verified.
.ifdef CHECK_RCPT_VERIFY_SENDER
deny
message = Sender verification failed
- !acl = acl_whitelist_local_deny
+ !acl = acl_local_deny_exceptions
!verify = sender
.endif
- # hcoop-change: Add recommended lines from
- # /usr/share/doc/mailman/README.EXIM.gz so that bounce messages
- # get through, even if they are from a malformed address
-
- # Accept bounces to lists even if callbacks or other checks would fail
- warn
- message = X-WhitelistedRCPT-nohdrfromcallback: Yes
- condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
- {def:domain} \
- {eq {${lookup{$local_part@$domain}lsearch{MAILMAN_DB}}} \
- {true}}} \
- {yes}{no}}
-
- accept
- condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
- {def:domain} \
- {eq {${lookup{$local_part@$domain}lsearch{MAILMAN_DB}}} \
- {true}}} \
- {yes}{no}}
-
# Verify senders listed in local_sender_callout with a callout.
#
# In smarthost and satellite setups, this causes the callout to be
# done to the smarthost. Verification will thus only be reliable if the
# smarthost does reject illegal addresses in the SMTP dialog.
deny
- !acl = acl_whitelist_local_deny
+ !acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
# relaying. Any other domain is rejected as being unacceptable for relaying.
require
message = relay not permitted
- domains = +local_domains : +unix_domains : +relay_to_domains
+ domains = +local_domains : +relay_to_domains
# We also require all accepted addresses to be verifiable. This check will
# domains is to use a callout (add /callout), but please read the
# documentation about callouts before doing this.
deny
- !acl = acl_whitelist_local_deny
+ !acl = acl_local_deny_exceptions
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
# the black list. See exim4-config_files(5) for details.
deny
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
+ !acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
# RCPT statements rejected.
#
# The explicit white lists are honored as well as negative items in
- # the black list. See /usr/share/doc/exim4-config/default_acl for details.
+ # the black list. See exim4-config_files(5) for details.
deny
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_whitelist_local_deny
+ !acl = acl_local_deny_exceptions
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
.ifdef CHECK_RCPT_SPF
deny
message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
- Please see http://www.openspf.org/why.html?sender=$sender_address&ip=$sender_host_address
+ Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain {mfrom}{helo}};identity=${if def:sender_address_domain {$sender_address}{$sender_helo_name}};ip=$sender_host_address
log_message = SPF check failed.
+ !acl = acl_local_deny_exceptions
condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
{no}{${if eq {$runrc}{1}{yes}{no}}}}