Add basic framework for PRDR use with per-user content filters to example config.

[exim.git] / src / src / configure.default

diff --git a/src/src/configure.default b/src/src/configure.default
index 4209ae8c11a9964f14df78ceb74271e41a3cfd9c..838926f97c77198aeba751053c76b7d88012c2f2 100644 (file)
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -107,8 +107,9 @@ hostlist   relay_from_hosts = localhost
 # manual for details. The lists above are used in the access control lists for
 # checking incoming messages. The names of these ACLs are defined here:
 
-acl_smtp_rcpt = acl_check_rcpt
-acl_smtp_data = acl_check_data
+acl_smtp_rcpt =                acl_check_rcpt
+acl_smtp_data_prdr =   acl_check_prdr
+acl_smtp_data =        acl_check_data
 
 # You should not change those settings until you understand how ACLs work.
 
@@ -504,12 +505,43 @@ acl_check_rcpt:
   # require verify = csa
   #############################################################################
 
+  #############################################################################
+  # If doing per-user content filtering then recipients with filters different
+  # to the first recipient must be deferred unless the sender talks PRDR.
+  #
+  # defer  !condition     = $prdr_requested
+  #        condition      = ${if > {0}{$receipients_count}}
+  #        condition      = ${if !eq {$acl_m_content_filter} \
+  #                                  {${lookup PER_RCPT_CONTENT_FILTER}}}
+  # warn   !condition     = $prdr_requested
+  #        condition      = ${if > {0}{$receipients_count}}
+  #        set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+  #############################################################################
+
   # At this point, the address has passed all the checks that have been
   # configured, so we accept it unconditionally.
 
   accept
 
 
+# This ACL is used once per recipient, for multi-recipient messages, if
+# we advertised PRDR.  It can be used to perform receipient-dependent
+# header- and body- based filtering and rejections.
+# We set a variable to record that PRDR was active used, so that checking
+# in the data ACL can be skipped.
+
+acl_check_prdr:
+  warn set acl_m_did_prdr =    y
+
+  #############################################################################
+  # do lookup on filtering, with $local_part@$domain, deny on filter match
+  #
+  # deny      set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+  #           condition    = ...
+  #############################################################################
+
+  accept
+
 # This ACL is used after the contents of a message have been received. This
 # is the ACL in which you can test a message's headers or body, and in
 # particular, this is where you can invoke external virus or spam scanners.
@@ -549,6 +581,19 @@ acl_check_data:
   #                      X-Spam_bar: $spam_bar\n\
   #                      X-Spam_report: $spam_report
 
+  #############################################################################
+  # No more tests if PRDR was actively used.
+  # accept   condition  = ${if def:acl_m_did_prdr}
+  #
+  # To get here, all message recipients must have identical per-user
+  # content filtering (enforced by RCPT ACL).  Do lookup for filter
+  # and deny on match.
+  #
+  # deny      set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+  #           condition    = ...
+  #############################################################################
+
+
   # Accept the message.
 
   accept
@@ -732,6 +777,7 @@ begin transports
 
 remote_smtp:
   driver = smtp
+  hosts_try_prdr = *
   message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
 .ifdef _HAVE_DANE
   dnssec_request_domains = *
@@ -748,6 +794,7 @@ remote_smtp:
 
 smarthost_smtp:
   driver = smtp
+  hosts_try_prdr = *
   message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
   multi_domain
   #