summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-10-16 00:45:27 +0200
committertv <tv@krebsco.de>2017-10-16 01:44:36 +0200
commit1bbeb858db245ef1a95a298de704d384ca4aa4b8 (patch)
tree71c562d95b9f7b52230e51b6f8b52c748434fdc4 /krebs/3modules
parent25c07e2c0a8dece7cedeac0992d7cbc1de69f060 (diff)
exim-{retiolum,smarthost} module: simplify ACL
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/exim-retiolum.nix69
-rw-r--r--krebs/3modules/exim-smarthost.nix45
2 files changed, 33 insertions, 81 deletions
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index ca363c8d7..e08024977 100644
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -43,7 +43,6 @@ let
primary_hostname = ${cfg.primary_hostname}
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
- hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
@@ -61,41 +60,15 @@ let
begin acl
acl_check_rcpt:
- accept hosts = :
- control = dkim_disable_verify
-
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-
- accept local_parts = postmaster
- domains = +local_domains
-
- #accept
- # hosts = *.r
- # domains = *.r
- # control = dkim_disable_verify
-
- #require verify = sender
-
- accept hosts = +relay_from_hosts
- control = submission
- control = dkim_disable_verify
-
- accept authenticated = *
- control = submission
- control = dkim_disable_verify
-
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
-
- require verify = recipient
+ deny
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+ message = restricted characters in address
accept
+ domains = +local_domains : +relay_to_domains
+
+ deny
+ message = relay not permitted
acl_check_data:
@@ -104,29 +77,19 @@ let
begin routers
- retiolum:
- driver = manualroute
- domains = ! +local_domains : +relay_to_domains
- transport = remote_smtp
- route_list = ^.* $0 byname
- no_more
-
- nonlocal:
- debug_print = "R: nonlocal for $local_part@$domain"
- driver = redirect
- domains = ! +local_domains
- allow_fail
- data = :fail: Mailing to remote domains not supported
- no_more
-
- local_user:
- # debug_print = "R: local_user for $local_part@$domain"
+ local:
driver = accept
+ domains = +local_domains
check_local_user
- # local_part_suffix = +* : -*
+ # local_part_suffix = +*
# local_part_suffix_optional
transport = home_maildir
- cannot_route_message = Unknown user
+
+ remote:
+ driver = manualroute
+ domains = +relay_to_domains
+ transport = remote_smtp
+ route_list = ^.* $0 byname
begin transports
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index dd4a7ccc9..5f93ae937 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -157,39 +157,28 @@ let
begin acl
acl_check_rcpt:
- accept hosts = :
- control = dkim_disable_verify
+ deny
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+ message = restricted characters in address
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-
- accept local_parts = postmaster
- domains = +local_domains
-
- accept hosts = +relay_from_hosts
- control = submission
- control = dkim_disable_verify
-
- accept authenticated = *
- control = submission
- control = dkim_disable_verify
-
- accept message = relay not permitted 2
- recipients = lsearch*@;${lsearch.internet-aliases}
+ accept
+ recipients = lsearch*@;${lsearch.internet-aliases}
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
+ accept
+ authenticated = *
+ control = dkim_disable_verify
+ control = submission
- require
- message = unknown user
- verify = recipient/callout
+ accept
+ control = dkim_disable_verify
+ control = submission
+ hosts = +relay_from_hosts
accept
+ domains = +local_domains : +relay_to_domains
+
+ deny
+ message = relay not permitted
acl_check_data: