# broad range of non-alphanumeric characters.
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
- domains = +local_domains
+ domains = +local_domains : +unix_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
# from mounting certain kinds of attack on remote sites.
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
- domains = !+local_domains
+ domains = !+local_domains : !+unix_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
- domains = +local_domains : +relay_to_domains
+ domains = +local_domains : +unix_domains : +relay_to_domains
# Deny unless the sender address can be verified.
!verify = sender
.endif
+ # hcoop-change: Add recommended lines from
+ # /usr/share/doc/mailman/README.EXIM.gz so that bounce messages
+ # get through, even if they are from a malformed address
+
+ # Accept bounces to lists even if callbacks or other checks would fail
+ warn
+ message = X-WhitelistedRCPT-nohdrfromcallback: Yes
+ condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
+ {def:domain} \
+ {eq {${lookup{$local_part@$domain}lsearch{MAILMAN_DB}}} \
+ {true}}} \
+ {yes}{no}}
+
+ accept
+ condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
+ {def:domain} \
+ {eq {${lookup{$local_part@$domain}lsearch{MAILMAN_DB}}} \
+ {true}}} \
+ {yes}{no}}
+
# Verify senders listed in local_sender_callout with a callout.
#
# In smarthost and satellite setups, this causes the callout to be
# relaying. Any other domain is rejected as being unacceptable for relaying.
require
message = relay not permitted
- domains = +local_domains : +relay_to_domains
+ domains = +local_domains : +unix_domains : +relay_to_domains
# We also require all accepted addresses to be verifiable. This check will