exim-{retiolum,smarthost} module: simplify ACL

This commit is contained in:
tv 2017-10-16 00:45:27 +02:00
parent 25c07e2c0a
commit 1bbeb858db
2 changed files with 36 additions and 84 deletions

View File

@ -43,7 +43,6 @@ let
primary_hostname = ${cfg.primary_hostname} primary_hostname = ${cfg.primary_hostname}
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
acl_smtp_rcpt = acl_check_rcpt acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data acl_smtp_data = acl_check_data
@ -61,41 +60,15 @@ let
begin acl begin acl
acl_check_rcpt: acl_check_rcpt:
accept hosts = : deny
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
message = restricted characters in address
accept local_parts = postmaster
domains = +local_domains
#accept
# hosts = *.r
# domains = *.r
# control = dkim_disable_verify
#require verify = sender
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
accept accept
domains = +local_domains : +relay_to_domains
deny
message = relay not permitted
acl_check_data: acl_check_data:
@ -104,29 +77,19 @@ let
begin routers begin routers
retiolum: local:
driver = manualroute
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
route_list = ^.* $0 byname
no_more
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
local_user:
# debug_print = "R: local_user for $local_part@$domain"
driver = accept driver = accept
domains = +local_domains
check_local_user check_local_user
# local_part_suffix = +* : -* # local_part_suffix = +*
# local_part_suffix_optional # local_part_suffix_optional
transport = home_maildir transport = home_maildir
cannot_route_message = Unknown user
remote:
driver = manualroute
domains = +relay_to_domains
transport = remote_smtp
route_list = ^.* $0 byname
begin transports begin transports

View File

@ -157,39 +157,28 @@ let
begin acl begin acl
acl_check_rcpt: acl_check_rcpt:
accept hosts = : deny
control = dkim_disable_verify
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
message = restricted characters in address
accept local_parts = postmaster
domains = +local_domains
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
accept authenticated = *
control = submission
control = dkim_disable_verify
accept message = relay not permitted 2
recipients = lsearch*@;${lsearch.internet-aliases}
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require
message = unknown user
verify = recipient/callout
accept accept
recipients = lsearch*@;${lsearch.internet-aliases}
accept
authenticated = *
control = dkim_disable_verify
control = submission
accept
control = dkim_disable_verify
control = submission
hosts = +relay_from_hosts
accept
domains = +local_domains : +relay_to_domains
deny
message = relay not permitted
acl_check_data: acl_check_data: