/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt is in exim4-config 4.76-3ubuntu3.4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 | ### acl/30_exim4-config_check_rcpt
#################################
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept
hosts = :
control = dkim_disable_verify
# Do not try to verify DKIM signatures of incoming mail if DC_minimaldns
# or DISABLE_DKIM_VERIFY are set.
.ifdef DC_minimaldns
warn
control = dkim_disable_verify
.else
.ifdef DISABLE_DKIM_VERIFY
warn
control = dkim_disable_verify
.endif
.endif
# The following section of the ACL is concerned with local parts that contain
# certain non-alphanumeric characters. Dots in unusual places are
# handled by this ACL as well.
#
# Non-alphanumeric characters other than dots are rarely found in genuine
# local parts, but are often tried by people looking to circumvent
# relaying restrictions. Therefore, although they are valid in local
# parts, these rules disallow certain non-alphanumeric characters, as
# a precaution.
#
# Empty components (two dots in a row) are not valid in RFC 2822, but Exim
# allows them because they have been encountered. (Consider local parts
# constructed as "firstinitial.secondinitial.familyname" when applied to
# a name without a second initial.) However, a local part starting
# with a dot or containing /../ can cause trouble if it is used as part of a
# file name (e.g. for a mailing list). This is also true for local parts that
# contain slashes. A pipe symbol can also be troublesome if the local part is
# incorporated unthinkingly into a shell command line.
#
# These ACL components will block recipient addresses that are valid
# from an RFC2822 point of view. We chose to have them blocked by
# default for security reasons.
#
# If you feel that your site should have less strict recipient
# checking, please feel free to change the default values of the macros
# defined in main/01_exim4-config_listmacrosdefs or override them from a
# local configuration file.
#
# Two different rules are used. The first one has a quite strict
# default, and is applied to messages that are addressed to one of the
# local domains handled by this host.
# The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined in
# main/01_exim4-config_listmacrosdefs:
# CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
# This blocks local parts that begin with a dot or contain a quite
# broad range of non-alphanumeric characters.
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
# The second rule applies to all other domains, and its default is
# considerably less strict.
# The default value of CHECK_RCPT_REMOTE_LOCALPARTS is defined in
# main/01_exim4-config_listmacrosdefs:
# CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
# It allows local users to send outgoing messages to sites
# that use slashes and vertical bars in their local parts. It blocks
# local parts that begin with a dot, slash, or vertical bar, but allows
# these characters within the local part. However, the sequence /../ is
# barred. The use of some other non-alphanumeric characters is blocked.
# Single quotes might probably be dangerous as well, but they're
# allowed by the default regexps to avoid rejecting mails to Ireland.
# The motivation here is to prevent local users (or local users' malware)
# from mounting certain kinds of attack on remote sites.
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
#
accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains : +relay_to_domains
# Deny unless the sender address can be verified.
#
# This is disabled by default so that DNSless systems don't break. If
# your system can do DNS lookups without delay or cost, you might want
# to enable this feature.
#
# This feature does not work in smarthost and satellite setups as
# with these setups all domains pass verification. See spec.txt chapter
# 39.31 with the added information that a smarthost/satellite setup
# routes all non-local e-mail to the smarthost.
.ifdef CHECK_RCPT_VERIFY_SENDER
deny
message = Sender verification failed
!acl = acl_local_deny_exceptions
!verify = sender
.endif
# Verify senders listed in local_sender_callout with a callout.
#
# In smarthost and satellite setups, this causes the callout to be
# done to the smarthost. Verification will thus only be reliable if the
# smarthost does reject illegal addresses in the SMTP dialog.
deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout
# Accept if the message comes from one of the hosts for which we are an
# outgoing relay. It is assumed that such hosts are most likely to be MUAs,
# so we set control=submission to make Exim treat the message as a
# submission. It will fix up various errors in the message, for example, the
# lack of a Date: header line. If you are actually relaying out out from
# MTAs, you may want to disable this. If you are handling both relaying from
# MTAs and submissions from MUAs you should probably split them into two
# lists, and handle them differently.
# Recipient verification is omitted here, because in many cases the clients
# are dumb MUAs that don't cope well with SMTP error responses. If you are
# actually relaying out from MTAs, you should probably add recipient
# verification here.
# Note that, by putting this test before any DNS black list checks, you will
# always accept from these hosts, even if they end up on a black list. The
# assumption is that they are your friends, and if they get onto black
# list, it is a mistake.
accept
hosts = +relay_from_hosts
control = submission/sender_retain
control = dkim_disable_verify
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted, and submission mode is set. And again, we do this
# check before any black list tests.
accept
authenticated = *
control = submission/sender_retain
control = dkim_disable_verify
# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
# relaying. Any other domain is rejected as being unacceptable for relaying.
require
message = relay not permitted
domains = +local_domains : +relay_to_domains
# We also require all accepted addresses to be verifiable. This check will
# do local part verification for local domains, but only check the domain
# for remote domains.
require
verify = recipient
# Verify recipients listed in local_rcpt_callout with a callout.
# This is especially handy for forwarding MX hosts (secondary MX or
# mail hubs) of domains that receive a lot of spam to non-existent
# addresses. The only way to check local parts for remote relay
# domains is to use a callout (add /callout), but please read the
# documentation about callouts before doing this.
deny
!acl = acl_local_deny_exceptions
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout
# CONFDIR/local_sender_blacklist holds a list of envelope senders that
# should have their access denied to the local host. Incoming messages
# with one of these senders are rejected at RCPT time.
#
# The explicit white lists are honored as well as negative items in
# the black list. See exim4-config_files(5) for details.
deny
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
# deny bad sites (IP address)
# CONFDIR/local_host_blacklist holds a list of host names, IP addresses
# and networks (CIDR notation) that should have their access denied to
# The local host. Messages coming in from a listed host will have all
# RCPT statements rejected.
#
# The explicit white lists are honored as well as negative items in
# the black list. See exim4-config_files(5) for details.
deny
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
# Warn if the sender host does not have valid reverse DNS.
#
# If your system can do DNS lookups without delay or cost, you might want
# to enable this.
# If sender_host_address is defined, it's a remote call. If
# sender_host_name is not defined, then reverse lookup failed. Use
# this instead of !verify = reverse_host_lookup to catch deferrals
# as well as outright failures.
.ifdef CHECK_RCPT_REVERSE_DNS
warn
condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
{yes}{no}}
add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
.endif
# Use spfquery to perform a pair of SPF checks (for details, see
# http://www.openspf.org/)
#
# This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not
# enable if that's an issue. Also note that if you enable this, you must
# install "spf-tools-perl" which provides the spfquery command.
# Missing spf-tools-perl will trigger the "Unexpected error in
# SPF check" warning.
.ifdef CHECK_RCPT_SPF
deny
message = [SPF] $sender_host_address is not allowed to send mail from \
${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
Please see \
http://www.openspf.org/Why?scope=${if def:sender_address_domain \
{mfrom}{helo}};identity=${if def:sender_address_domain \
{$sender_address}{$sender_helo_name}};ip=$sender_host_address
log_message = SPF check failed.
!acl = acl_local_deny_exceptions
condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
\"$sender_host_address\" --identity \
${if def:sender_address_domain \
{--scope mfrom --identity \"$sender_address\"}\
{--scope helo --identity \"$sender_helo_name\"}}}\
{no}{${if eq {$runrc}{1}{yes}{no}}}}
defer
message = Temporary DNS error while checking SPF record. Try again later.
!acl = acl_local_deny_exceptions
condition = ${if eq {$runrc}{5}{yes}{no}}
warn
condition = ${if <={$runrc}{6}{yes}{no}}
add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\
{${if eq {$runrc}{2}{softfail}\
{${if eq {$runrc}{3}{neutral}\
{${if eq {$runrc}{4}{permerror}\
{${if eq {$runrc}{6}{none}{error}}}}}}}}}\
} client-ip=$sender_host_address; \
${if def:sender_address_domain \
{envelope-from=${sender_address}; }{}}\
helo=$sender_helo_name
warn
log_message = Unexpected error in SPF check.
condition = ${if >{$runrc}{6}{yes}{no}}
.endif
# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
warn
dnslists = CHECK_RCPT_IP_DNSBLS
add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
# Check against DNSBLs which list sender domains, with an option to locally
# whitelist certain domains that might be blacklisted.
#
# Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append
# "/$sender_address_domain" after each domain. For example:
# CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \
# : rhsbl.bar.org/$sender_address_domain
.ifdef CHECK_RCPT_DOMAIN_DNSBLS
warn
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
{CONFDIR/local_domain_dnsbl_whitelist}\
{}}
dnslists = CHECK_RCPT_DOMAIN_DNSBLS
add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_RCPT_LOCAL_ACL_FILE
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif
#############################################################################
# This check is commented out because it is recognized that not every
# sysadmin will want to do it. If you enable it, the check performs
# Client SMTP Authorization (csa) checks on the sending host. These checks
# do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
# an Internet draft. You can, of course, add additional conditions to this
# ACL statement to restrict the CSA checks to certain hosts only.
#
# require verify = csa
#############################################################################
# Accept if the address is in a domain for which we are an incoming relay,
# but again, only if the recipient can be verified.
accept
domains = +relay_to_domains
endpass
verify = recipient
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
accept
|