jim
/
MythicSalt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Exim SRS configuration - smarthost delivery now works.

This commit is contained in:
Jim Hague 2023-05-22 17:04:54 +01:00
parent 0b936b4703
commit f61543ea0f
4 changed files with 140 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
states/email/exim4/conf.d/router/180_srs
View File

@ -1,20 +1,40 @@
outbound:
fdef SRS_SECRET
.ifdef DCconfig_internet
outbound_srs:
debug_print = "R: SRS outbound for $local_part@$domain original $original_local_part@$original_domain"
driver = dnslookup
# if outbound, and forwarding has been done, use an alternate transport
domains = ! +local_domains
transport = ${if eq {$local_part@$domain} \
{$original_local_part@$original_domain} \
{remote_smtp} {remote_forwarded_smtp}}
condition = ${if !eq {$local_part@$domain} \
{$original_local_part@$original_domain}}
transport = {remote_forwarded_smtp}
.elifdef DCconfig_smarthost DCconfig_satellite
outbound_srs_smarthost:
debug_print = "R: SRS outbound smarthost for $local_part@$domain original $original_local_part@$original_domain"
driver = dnslookup
# if outbound, and forwarding has been done, use an alternate transport
domains = ! +local_domains
condition = ${if !eq {$local_part@$domain} \
{$original_local_part@$original_domain}}
transport = {remote_forwarded_smtp_smarthost}
.endif
inbound_srs:
debug_print = "R: inbound_srs for $local_part@$domain"
driver = redirect
senders = :
domains = +local_domains
# detect inbound bounces which are SRS'd, and decode them
condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
data = $srs_recipient
inbound_srs_failure:
debug_print = "R: inbound_srs_failure for $local_part@$domain"
driver = redirect
senders = :
domains = +local_domains
@ -22,3 +42,5 @@
condition = ${if inbound_srs {$local_part} {}}
allow_fail
data = :fail: Invalid SRS recipient address
.endif

7
states/email/exim4/conf.d/transport/32_srs
View File

@ -1,7 +0,0 @@
# transport; should look like the non-forward outbound
# one, plus the max_rcpt and return_path options
remote_forwarded_smtp:
driver = smtp
# modify the envelope from, for mails that we forward
max_rcpt = 1
return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}

62
states/email/exim4/conf.d/transport/32_srs_remote_smtp Normal file
View File

@ -0,0 +1,62 @@
# transport; should look like the non-forward outbound
# one, plus the max_rcpt and return_path options
remote_forwarded_smtp:
debug_print = "T: remote_forwarded_smtp for $local_part@$domain original domain $original_domain"
driver = smtp
# modify the envelope from, for mails that we forward
max_rcpt = 1
return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
.endif
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef REMOTE_SMTP_INTERFACE
interface = REMOTE_SMTP_INTERFACE
.endif
.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
.ifdef DKIM_TIMESTAMPS
dkim_timestamps = DKIM_TIMESTAMPS
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
.ifdef REMOTE_SMTP_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_PRIVATEKEY
.endif
.ifdef REMOTE_SMTP_HOSTS_REQUIRE_TLS
hosts_require_tls = REMOTE_SMTP_HOSTS_REQUIRE_TLS
.endif
.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
.endif

51
states/email/exim4/conf.d/transport/32_srs_remote_smtp_smarthost Normal file
View File

@ -0,0 +1,51 @@
# transport; should look like the non-forward outbound
# one, plus the max_rcpt and return_path options
remote_forwarded_smtp_smarthost:
debug_print = "T: remote_forwarded_smtp_smarthost for $local_part@$domain original domain $original_domain"
driver = smtp
# modify the envelope from, for mails that we forward
max_rcpt = 1
return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
multi_domain
.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
.endif
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
}\
{} \
}
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
.endif
.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
.endif