diff --git a/states/email/exim4/conf.d/router/180_srs b/states/email/exim4/conf.d/router/180_srs index a2011e0..2b49d33 100644 --- a/states/email/exim4/conf.d/router/180_srs +++ b/states/email/exim4/conf.d/router/180_srs @@ -1,20 +1,40 @@ - outbound: +fdef SRS_SECRET + + .ifdef DCconfig_internet + + outbound_srs: + debug_print = "R: SRS outbound for $local_part@$domain original $original_local_part@$original_domain" driver = dnslookup # if outbound, and forwarding has been done, use an alternate transport domains = ! +local_domains - transport = ${if eq {$local_part@$domain} \ - {$original_local_part@$original_domain} \ - {remote_smtp} {remote_forwarded_smtp}} + condition = ${if !eq {$local_part@$domain} \ + {$original_local_part@$original_domain}} + transport = {remote_forwarded_smtp} + .elifdef DCconfig_smarthost DCconfig_satellite + + outbound_srs_smarthost: + debug_print = "R: SRS outbound smarthost for $local_part@$domain original $original_local_part@$original_domain" + driver = dnslookup + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +local_domains + condition = ${if !eq {$local_part@$domain} \ + {$original_local_part@$original_domain}} + transport = {remote_forwarded_smtp_smarthost} + + .endif + inbound_srs: + debug_print = "R: inbound_srs for $local_part@$domain" driver = redirect senders = : domains = +local_domains # detect inbound bounces which are SRS'd, and decode them condition = ${if inbound_srs {$local_part} {SRS_SECRET}} data = $srs_recipient - + inbound_srs_failure: + debug_print = "R: inbound_srs_failure for $local_part@$domain" driver = redirect senders = : domains = +local_domains @@ -22,3 +42,5 @@ condition = ${if inbound_srs {$local_part} {}} allow_fail data = :fail: Invalid SRS recipient address + +.endif diff --git a/states/email/exim4/conf.d/transport/32_srs b/states/email/exim4/conf.d/transport/32_srs deleted file mode 100644 index 8cc7678..0000000 --- a/states/email/exim4/conf.d/transport/32_srs +++ /dev/null @@ -1,7 +0,0 @@ - # transport; should look like the non-forward outbound - # one, plus the max_rcpt and return_path options - remote_forwarded_smtp: - driver = smtp - # modify the envelope from, for mails that we forward - max_rcpt = 1 - return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} diff --git a/states/email/exim4/conf.d/transport/32_srs_remote_smtp b/states/email/exim4/conf.d/transport/32_srs_remote_smtp new file mode 100644 index 0000000..00755a8 --- /dev/null +++ b/states/email/exim4/conf.d/transport/32_srs_remote_smtp @@ -0,0 +1,62 @@ +# transport; should look like the non-forward outbound +# one, plus the max_rcpt and return_path options +remote_forwarded_smtp: + debug_print = "T: remote_forwarded_smtp for $local_part@$domain original domain $original_domain" + driver = smtp + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} +.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT + message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} +.endif +.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS + hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS +.endif +.ifdef REMOTE_SMTP_HEADERS_REWRITE + headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE +.endif +.ifdef REMOTE_SMTP_RETURN_PATH + return_path = REMOTE_SMTP_RETURN_PATH +.endif +.ifdef REMOTE_SMTP_HELO_DATA + helo_data=REMOTE_SMTP_HELO_DATA +.endif +.ifdef REMOTE_SMTP_INTERFACE + interface = REMOTE_SMTP_INTERFACE +.endif +.ifdef DKIM_DOMAIN +dkim_domain = DKIM_DOMAIN +.endif +.ifdef DKIM_SELECTOR +dkim_selector = DKIM_SELECTOR +.endif +.ifdef DKIM_PRIVATE_KEY +dkim_private_key = DKIM_PRIVATE_KEY +.endif +.ifdef DKIM_CANON +dkim_canon = DKIM_CANON +.endif +.ifdef DKIM_STRICT +dkim_strict = DKIM_STRICT +.endif +.ifdef DKIM_SIGN_HEADERS +dkim_sign_headers = DKIM_SIGN_HEADERS +.endif +.ifdef DKIM_TIMESTAMPS +dkim_timestamps = DKIM_TIMESTAMPS +.endif +.ifdef TLS_DH_MIN_BITS +tls_dh_min_bits = TLS_DH_MIN_BITS +.endif +.ifdef REMOTE_SMTP_TLS_CERTIFICATE +tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE +.endif +.ifdef REMOTE_SMTP_PRIVATEKEY +tls_privatekey = REMOTE_SMTP_PRIVATEKEY +.endif +.ifdef REMOTE_SMTP_HOSTS_REQUIRE_TLS + hosts_require_tls = REMOTE_SMTP_HOSTS_REQUIRE_TLS +.endif +.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE + headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE +.endif diff --git a/states/email/exim4/conf.d/transport/32_srs_remote_smtp_smarthost b/states/email/exim4/conf.d/transport/32_srs_remote_smtp_smarthost new file mode 100644 index 0000000..283ee83 --- /dev/null +++ b/states/email/exim4/conf.d/transport/32_srs_remote_smtp_smarthost @@ -0,0 +1,51 @@ +# transport; should look like the non-forward outbound +# one, plus the max_rcpt and return_path options +remote_forwarded_smtp_smarthost: + debug_print = "T: remote_forwarded_smtp_smarthost for $local_part@$domain original domain $original_domain" + driver = smtp + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + multi_domain +.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT + message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} +.endif + hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \ + {\ + ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\ + }\ + {} \ + } +.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS + hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS +.endif +.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS + hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS +.endif +.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES + tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES +.endif +.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS + tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS +.endif +.ifdef REMOTE_SMTP_HEADERS_REWRITE + headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE +.endif +.ifdef REMOTE_SMTP_RETURN_PATH + return_path = REMOTE_SMTP_RETURN_PATH +.endif +.ifdef REMOTE_SMTP_HELO_DATA + helo_data=REMOTE_SMTP_HELO_DATA +.endif +.ifdef TLS_DH_MIN_BITS +tls_dh_min_bits = TLS_DH_MIN_BITS +.endif +.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE +tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE +.endif +.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY +tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY +.endif +.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE + headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE +.endif