diff options
author | lassulus <lassulus@lassul.us> | 2022-12-06 13:51:12 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2022-12-06 13:51:12 +0100 |
commit | 68ef6e07e3ee4964dcebc2733a8f6c065628a7b7 (patch) | |
tree | c87f0f690a550e7e4e6a8276f1b3c17738972d05 | |
parent | 45ce420a0c5fc783d364107a3ad290615ddaa7e6 (diff) | |
parent | 2f17a36ab546bc1271649ce03504a6d4db0738e9 (diff) |
Merge remote-tracking branch 'ni/master' into 22.11
-rw-r--r-- | krebs/3modules/exim-smarthost.nix | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index fe149448b..5923b610d 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -123,10 +123,12 @@ let # XXX We abuse local_domains to mean "domains, we're the gateway for". domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} + domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains} hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts} - acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data + acl_smtp_mail = acl_check_mail + acl_smtp_rcpt = acl_check_rcpt never_users = root @@ -173,11 +175,41 @@ let acl_check_data: warn - sender_domains = ${concatStringsSep ":" cfg.sender_domains} + sender_domains = +sender_domains set acl_m_special_dom = $sender_address_domain accept + acl_check_mail: + accept + sender_domains = +sender_domains + hosts = +relay_from_hosts + deny + spf = fail : softfail + log_message = spf=$spf_result + message = SPF validation failed: \ + $sender_host_address is not allowed to send mail from \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + deny + spf = permerror + log_message = spf=$spf_result + message = SPF validation failed: \ + syntax error in SPF record(s) for \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + defer + spf = temperror + log_message = spf=$spf_result; deferred + message = temporary error during SPF validation; \ + please try again later + warn + spf = none : neutral + log_message = spf=$spf_result + accept + add_header = $spf_received begin routers |