summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Hazel <ph10@hermes.cam.ac.uk>2005-10-11 13:50:48 +0000
committerPhilip Hazel <ph10@hermes.cam.ac.uk>2005-10-11 13:50:48 +0000
commitcc38ddbf11c08a9edf41726005623b2061397411 (patch)
tree91fb6f46731eff9b318e3bd08fc0bb711ef274e8
parent5de37277102d8c5afce49171c75ced28af2363fe (diff)
Add control=submission to relay_from_hosts and authenticated checks in
the default configuration.
-rw-r--r--doc/doc-txt/ChangeLog13
-rw-r--r--src/src/configure.default32
2 files changed, 31 insertions, 14 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index ce07ecec2..07e108e7e 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.246 2005/10/11 09:30:41 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.247 2005/10/11 13:50:48 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -6,9 +6,14 @@ Change log file for Exim from version 4.21
Exim version 4.60
-----------------
-PH/01 In the default runtime configuration, move the checks for
- relay_from_hosts and authenticated clients from after to before the
- (commented out) DNS black list checks.
+PH/01 Two changes to the default runtime configuration:
+
+ (1) Move the checks for relay_from_hosts and authenticated clients from
+ after to before the (commented out) DNS black list checks.
+
+ (2) Add control=submission to the relay_from_hosts and authenticated
+ clients checks, on the grounds that messages accepted by these
+ statements are most likely to be submissions.
Exim version 4.54
diff --git a/src/src/configure.default b/src/src/configure.default
index 0a10ee9b9..8adda8be4 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -1,4 +1,4 @@
-# $Cambridge: exim/src/src/configure.default,v 1.4 2005/10/11 09:30:41 ph10 Exp $
+# $Cambridge: exim/src/src/configure.default,v 1.5 2005/10/11 13:50:48 ph10 Exp $
######################################################################
# Runtime configuration file for Exim #
@@ -311,22 +311,34 @@ acl_check_rcpt:
require verify = sender
# Accept if the message comes from one of the hosts for which we are an
- # outgoing relay. Recipient verification is omitted here, because in many
- # cases the clients are dumb MUAs that don't cope well with SMTP error
- # responses. If you are actually relaying out from MTAs, you should probably
- # add recipient verification here. Note that, by putting this test before
- # any DNS black list checks, you will always accept from these hosts, even
- # if they end up on a black list. The assumption is that they are your
- # friends, and if they get onto a black list, it is a mistake.
+ # outgoing relay. It is assumed that such hosts are most likely to be MUAs,
+ # so we set control=submission to make Exim treat the message as a
+ # submission. It will fix up various errors in the message, for example, the
+ # lack of a Date: header line. If you are actually relaying out out from
+ # MTAs, you may want to disable this. If you are handling both relaying from
+ # MTAs and submissions from MUAs you should probably split them into two
+ # lists, and handle them differently.
+
+ # Recipient verification is omitted here, because in many cases the clients
+ # are dumb MUAs that don't cope well with SMTP error responses. If you are
+ # actually relaying out from MTAs, you should probably add recipient
+ # verification here.
+
+ # Note that, by putting this test before any DNS black list checks, you will
+ # always accept from these hosts, even if they end up on a black list. The
+ # assumption is that they are your friends, and if they get onto a black
+ # list, it is a mistake.
accept hosts = +relay_from_hosts
+ control = submission
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
- # verification is omitted. And again, we do this check before any black list
- # tests.
+ # verification is omitted, and submission mode is set. And again, we do this
+ # check before any black list tests.
accept authenticated = *
+ control = submission
#############################################################################
# There are no default checks on DNS black lists because the domains that