X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Fconfigure.default;h=838926f97c77198aeba751053c76b7d88012c2f2;hp=4209ae8c11a9964f14df78ceb74271e41a3cfd9c;hb=b220576b3ba5396af6b3e0f45739f269079f8fc5;hpb=bdf9ce828c5e29351eabbd29c88c459522811b67 diff --git a/src/src/configure.default b/src/src/configure.default index 4209ae8c1..838926f97 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -107,8 +107,9 @@ hostlist relay_from_hosts = localhost # manual for details. The lists above are used in the access control lists for # checking incoming messages. The names of these ACLs are defined here: -acl_smtp_rcpt = acl_check_rcpt -acl_smtp_data = acl_check_data +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data_prdr = acl_check_prdr +acl_smtp_data = acl_check_data # You should not change those settings until you understand how ACLs work. @@ -504,12 +505,43 @@ acl_check_rcpt: # require verify = csa ############################################################################# + ############################################################################# + # If doing per-user content filtering then recipients with filters different + # to the first recipient must be deferred unless the sender talks PRDR. + # + # defer !condition = $prdr_requested + # condition = ${if > {0}{$receipients_count}} + # condition = ${if !eq {$acl_m_content_filter} \ + # {${lookup PER_RCPT_CONTENT_FILTER}}} + # warn !condition = $prdr_requested + # condition = ${if > {0}{$receipients_count}} + # set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER} + ############################################################################# + # At this point, the address has passed all the checks that have been # configured, so we accept it unconditionally. accept +# This ACL is used once per recipient, for multi-recipient messages, if +# we advertised PRDR. It can be used to perform receipient-dependent +# header- and body- based filtering and rejections. +# We set a variable to record that PRDR was active used, so that checking +# in the data ACL can be skipped. + +acl_check_prdr: + warn set acl_m_did_prdr = y + + ############################################################################# + # do lookup on filtering, with $local_part@$domain, deny on filter match + # + # deny set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER} + # condition = ... + ############################################################################# + + accept + # This ACL is used after the contents of a message have been received. This # is the ACL in which you can test a message's headers or body, and in # particular, this is where you can invoke external virus or spam scanners. @@ -549,6 +581,19 @@ acl_check_data: # X-Spam_bar: $spam_bar\n\ # X-Spam_report: $spam_report + ############################################################################# + # No more tests if PRDR was actively used. + # accept condition = ${if def:acl_m_did_prdr} + # + # To get here, all message recipients must have identical per-user + # content filtering (enforced by RCPT ACL). Do lookup for filter + # and deny on match. + # + # deny set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER} + # condition = ... + ############################################################################# + + # Accept the message. accept @@ -732,6 +777,7 @@ begin transports remote_smtp: driver = smtp + hosts_try_prdr = * message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} .ifdef _HAVE_DANE dnssec_request_domains = * @@ -748,6 +794,7 @@ remote_smtp: smarthost_smtp: driver = smtp + hosts_try_prdr = * message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} multi_domain #