makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

exim-{retiolum,smarthost} module: simplify ACL

Browse source
This commit is contained in:
tv 2017-10-16 00:45:27 +02:00
parent 25c07e2c0a
commit 1bbeb858db
2 changed files with 36 additions and 84 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
krebs/3modules/exim-retiolum.nix
View file

@ -43,7 +43,6 @@ let
primary_hostname = ${cfg.primary_hostname}
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
@ -61,41 +60,15 @@ let
begin acl
acl_check_rcpt:
accept hosts = :
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
#accept
# hosts = *.r
# domains = *.r
# control = dkim_disable_verify
#require verify = sender
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
deny
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
message = restricted characters in address
accept
domains = +local_domains : +relay_to_domains
deny
message = relay not permitted
acl_check_data:
@ -104,29 +77,19 @@ let
begin routers
retiolum:
driver = manualroute
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
route_list = ^.* $0 byname
no_more
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
local_user:
# debug_print = "R: local_user for $local_part@$domain"
local:
driver = accept
domains = +local_domains
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix = +*
# local_part_suffix_optional
transport = home_maildir
cannot_route_message = Unknown user
remote:
driver = manualroute
domains = +relay_to_domains
transport = remote_smtp
route_list = ^.* $0 byname
begin transports

51
krebs/3modules/exim-smarthost.nix
View file

@ -157,39 +157,28 @@ let
begin acl
acl_check_rcpt:
accept hosts = :
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
accept message = relay not permitted 2
recipients = lsearch*@;${lsearch.internet-aliases}
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require
message = unknown user
verify = recipient/callout
deny
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
message = restricted characters in address
accept
recipients = lsearch*@;${lsearch.internet-aliases}
accept
authenticated = *
control = dkim_disable_verify
control = submission
accept
control = dkim_disable_verify
control = submission
hosts = +relay_from_hosts
accept
domains = +local_domains : +relay_to_domains
deny
message = relay not permitted
acl_check_data: