summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2022-12-06 13:51:12 +0100
committerlassulus <lassulus@lassul.us>2022-12-06 13:51:12 +0100
commit68ef6e07e3ee4964dcebc2733a8f6c065628a7b7 (patch)
treec87f0f690a550e7e4e6a8276f1b3c17738972d05 /krebs
parent45ce420a0c5fc783d364107a3ad290615ddaa7e6 (diff)
parent2f17a36ab546bc1271649ce03504a6d4db0738e9 (diff)
Merge remote-tracking branch 'ni/master' into 22.11
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/exim-smarthost.nix36
1 files changed, 34 insertions, 2 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index fe149448b..5923b610d 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -123,10 +123,12 @@ let
# XXX We abuse local_domains to mean "domains, we're the gateway for".
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
+ domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains}
hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts}
- acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
+ acl_smtp_mail = acl_check_mail
+ acl_smtp_rcpt = acl_check_rcpt
never_users = root
@@ -173,11 +175,41 @@ let
acl_check_data:
warn
- sender_domains = ${concatStringsSep ":" cfg.sender_domains}
+ sender_domains = +sender_domains
set acl_m_special_dom = $sender_address_domain
accept
+ acl_check_mail:
+ accept
+ sender_domains = +sender_domains
+ hosts = +relay_from_hosts
+ deny
+ spf = fail : softfail
+ log_message = spf=$spf_result
+ message = SPF validation failed: \
+ $sender_host_address is not allowed to send mail from \
+ ''${if def:sender_address_domain\
+ {$sender_address_domain}\
+ {$sender_helo_name}}
+ deny
+ spf = permerror
+ log_message = spf=$spf_result
+ message = SPF validation failed: \
+ syntax error in SPF record(s) for \
+ ''${if def:sender_address_domain\
+ {$sender_address_domain}\
+ {$sender_helo_name}}
+ defer
+ spf = temperror
+ log_message = spf=$spf_result; deferred
+ message = temporary error during SPF validation; \
+ please try again later
+ warn
+ spf = none : neutral
+ log_message = spf=$spf_result
+ accept
+ add_header = $spf_received
begin routers