# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available
-# from the Exim ftp sites. The manual is also online at the Exim web sites.
+# from the Exim ftp sites. The manual is also online at the Exim website.
# This file is divided into several parts, all but the first of which are
# manual for details. The lists above are used in the access control lists for
# checking incoming messages. The names of these ACLs are defined here:
-acl_smtp_rcpt = acl_check_rcpt
-acl_smtp_data = acl_check_data
+acl_smtp_rcpt = acl_check_rcpt
+.ifdef _HAVE_PRDR
+acl_smtp_data_prdr = acl_check_prdr
+.endif
+acl_smtp_data = acl_check_data
# You should not change those settings until you understand how ACLs work.
# Enable an efficiency feature. We advertise the feature; clients
# may request to use it. For multi-recipient mails we then can
# reject or accept per-user after the message is received.
+# This supports recipient-dependent content filtering; without it
+# you have to temp-reject any recipients after the first that have
+# incompatible filtering, and do the filtering in the data ACL.
+# Even with this enabled, you must support the old style for peers
+# not flagging support for PRDR (visible via $prdr_requested).
#
+.ifdef _HAVE_PRDR
prdr_enable = true
+.endif
# By default, Exim expects all envelope addresses to be fully qualified, that
# detail than the default. Adjust to suit.
log_selector = +smtp_protocol_error +smtp_syntax_error \
- +tls_certificate_verified
+ +tls_certificate_verified
# If you want Exim to support the "percent hack" for certain domains,
# Insist that a HELO/EHLO was accepted.
- require message = nice hosts say HELO first
- condition = ${if def:sender_helo_name}
+ require message = nice hosts say HELO first
+ condition = ${if def:sender_helo_name}
# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
# require verify = csa
#############################################################################
+ #############################################################################
+ # If doing per-user content filtering then recipients with filters different
+ # to the first recipient must be deferred unless the sender talks PRDR.
+ #
+ # defer !condition = $prdr_requested
+ # condition = ${if > {0}{$receipients_count}}
+ # condition = ${if !eq {$acl_m_content_filter} \
+ # {${lookup PER_RCPT_CONTENT_FILTER}}}
+ # warn !condition = $prdr_requested
+ # condition = ${if > {0}{$receipients_count}}
+ # set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+ #############################################################################
+
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
accept
+# This ACL is used once per recipient, for multi-recipient messages, if
+# we advertised PRDR. It can be used to perform receipient-dependent
+# header- and body- based filtering and rejections.
+# We set a variable to record that PRDR was active used, so that checking
+# in the data ACL can be skipped.
+
+.ifdef _HAVE_PRDR
+acl_check_prdr:
+ warn set acl_m_did_prdr = y
+.endif
+
+ #############################################################################
+ # do lookup on filtering, with $local_part@$domain, deny on filter match
+ #
+ # deny set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+ # condition = ...
+ #############################################################################
+
+ accept
+
# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.
# Deny if the headers contain badly-formed addresses.
#
- deny !verify = header_syntax
- message = header syntax
- log_message = header syntax ($acl_verify_message)
+ deny !verify = header_syntax
+ message = header syntax
+ log_message = header syntax ($acl_verify_message)
# Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above.
# X-Spam_bar: $spam_bar\n\
# X-Spam_report: $spam_report
+ #############################################################################
+ # No more tests if PRDR was actively used.
+ # accept condition = ${if def:acl_m_did_prdr}
+ #
+ # To get here, all message recipients must have identical per-user
+ # content filtering (enforced by RCPT ACL). Do lookup for filter
+ # and deny on match.
+ #
+ # deny set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+ # condition = ...
+ #############################################################################
+
+
# Accept the message.
accept
transport = smarthost_smtp
route_data = ROUTER_SMARTHOST
ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
+.ifdef _HAVE_DNSSEC
+ dnssec_request_domains = *
+.endif
no_more
.else
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
# if ipv6-enabled then instead use:
# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
- dnssec_request_domains = *
no_more
# This closes the ROUTER_SMARTHOST ifdef around the choice of routing for
remote_smtp:
driver = smtp
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
-.ifdef _HAVE_DANE
- dnssec_request_domains = *
- hosts_try_dane = *
+.ifdef _HAVE_PRDR
+ hosts_try_prdr = *
.endif
tls_require_ciphers = SECURE192:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
.endif
.endif
+.ifdef _HAVE_PRDR
+ hosts_try_prdr = *
+.endif
# This transport is used for local delivery to user mailboxes in traditional
projects / exim.git / blobdiff