X-Git-Url: https://git.hcoop.net/hcoop/zz_old/config/exim4-hopper.git/blobdiff_plain/ae57a972b72a972ee7701e558bfe8353d6aca1c6..d0abb10221cd119b621d6e1cd115d9fdaa36ec20:/conf.d/acl/30_exim4-config_check_rcpt

diff --git a/conf.d/acl/30_exim4-config_check_rcpt b/conf.d/acl/30_exim4-config_check_rcpt
index ac8bc53..a2506aa 100644
--- a/conf.d/acl/30_exim4-config_check_rcpt
+++ b/conf.d/acl/30_exim4-config_check_rcpt
@@ -53,7 +53,7 @@ acl_check_rcpt:
   # broad range of non-alphanumeric characters.
   .ifdef CHECK_RCPT_LOCAL_LOCALPARTS
   deny
-    domains = +local_domains
+    domains = +local_domains : +unix_domains
     local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
     message = restricted characters in address
   .endif
@@ -77,7 +77,7 @@ acl_check_rcpt:
   # from mounting certain kinds of attack on remote sites.
   .ifdef CHECK_RCPT_REMOTE_LOCALPARTS
   deny
-    domains = !+local_domains
+    domains = !+local_domains : !+unix_domains
     local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
     message = restricted characters in address
   .endif
@@ -92,7 +92,7 @@ acl_check_rcpt:
     .else
     local_parts = CHECK_RCPT_POSTMASTER
     .endif
-    domains = +local_domains : +relay_to_domains
+    domains = +local_domains : +unix_domains : +relay_to_domains
 
 
   # Deny unless the sender address can be verified.
@@ -108,7 +108,7 @@ acl_check_rcpt:
   .ifdef CHECK_RCPT_VERIFY_SENDER
   deny
     message = Sender verification failed
-    !acl = acl_whitelist_local_deny
+    !acl = acl_local_deny_exceptions
     !verify = sender
   .endif
 
@@ -121,15 +121,15 @@ acl_check_rcpt:
     message = X-WhitelistedRCPT-nohdrfromcallback: Yes
     condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                           {def:domain} \
-                          {eq {${lookup{$local_part}lsearch{MAILMAN_DB}}} \
-                              {$domain}}} \
+                          {eq {${lookup{$local_part@$domain}lsearch{MAILMAN_DB}}} \
+                              {true}}} \
                      {yes}{no}}
 
   accept
     condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                           {def:domain} \
-                          {eq {${lookup{$local_part}lsearch{MAILMAN_DB}}} \
-                              {$domain}}} \
+                          {eq {${lookup{$local_part@$domain}lsearch{MAILMAN_DB}}} \
+                              {true}}} \
                      {yes}{no}}
 
   # Verify senders listed in local_sender_callout with a callout.
@@ -138,7 +138,7 @@ acl_check_rcpt:
   # done to the smarthost. Verification will thus only be reliable if the
   # smarthost does reject illegal addresses in the SMTP dialog.
   deny
-    !acl = acl_whitelist_local_deny
+    !acl = acl_local_deny_exceptions
     senders = ${if exists{CONFDIR/local_sender_callout}\
                          {CONFDIR/local_sender_callout}\
                    {}}
@@ -182,7 +182,7 @@ acl_check_rcpt:
   # relaying. Any other domain is rejected as being unacceptable for relaying.
   require
     message = relay not permitted
-    domains = +local_domains : +relay_to_domains
+    domains = +local_domains : +unix_domains : +relay_to_domains
 
 
   # We also require all accepted addresses to be verifiable. This check will
@@ -199,7 +199,7 @@ acl_check_rcpt:
   # domains is to use a callout (add /callout), but please read the
   # documentation about callouts before doing this.
   deny
-    !acl = acl_whitelist_local_deny
+    !acl = acl_local_deny_exceptions
     recipients = ${if exists{CONFDIR/local_rcpt_callout}\
                             {CONFDIR/local_rcpt_callout}\
                       {}}
@@ -214,7 +214,7 @@ acl_check_rcpt:
   # the black list. See exim4-config_files(5) for details.
   deny
     message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
-    !acl = acl_whitelist_local_deny
+    !acl = acl_local_deny_exceptions
     senders = ${if exists{CONFDIR/local_sender_blacklist}\
                    {CONFDIR/local_sender_blacklist}\
                    {}}
@@ -227,10 +227,10 @@ acl_check_rcpt:
   # RCPT statements rejected.
   #
   # The explicit white lists are honored as well as negative items in
-  # the black list. See /usr/share/doc/exim4-config/default_acl for details.
+  # the black list. See exim4-config_files(5) for details.
   deny
     message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
-    !acl = acl_whitelist_local_deny
+    !acl = acl_local_deny_exceptions
     hosts = ${if exists{CONFDIR/local_host_blacklist}\
                  {CONFDIR/local_host_blacklist}\
                  {}}
@@ -263,8 +263,9 @@ acl_check_rcpt:
   .ifdef CHECK_RCPT_SPF
   deny
     message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.  \
-              Please see http://www.openspf.org/why.html?sender=$sender_address&ip=$sender_host_address
+              Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain {mfrom}{helo}};identity=${if def:sender_address_domain {$sender_address}{$sender_helo_name}};ip=$sender_host_address
     log_message = SPF check failed.
+    !acl = acl_local_deny_exceptions
     condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
                      {no}{${if eq {$runrc}{1}{yes}{no}}}}