summaryrefslogtreecommitdiff
path: root/files/195_exim4_config_tls_verify
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2011-11-09 23:04:48 -0200
committerSilvio Rhatto <rhatto@riseup.net>2011-11-09 23:04:48 -0200
commit56314de3a88a634634bf895484e28539a830ba52 (patch)
treecf64da3515b41844e1755f4bd72262e9676be212 /files/195_exim4_config_tls_verify
parent3e4f48e157688adc050c5fe00b6491344d596097 (diff)
downloadpuppet-exim-56314de3a88a634634bf895484e28539a830ba52.tar.gz
puppet-exim-56314de3a88a634634bf895484e28539a830ba52.tar.bz2
Adding exim::tls
Diffstat (limited to 'files/195_exim4_config_tls_verify')
-rw-r--r--files/195_exim4_config_tls_verify17
1 files changed, 17 insertions, 0 deletions
diff --git a/files/195_exim4_config_tls_verify b/files/195_exim4_config_tls_verify
new file mode 100644
index 0000000..9935b46
--- /dev/null
+++ b/files/195_exim4_config_tls_verify
@@ -0,0 +1,17 @@
+# For domains that we do not relay for, and need to verify certs.
+# Since we most probably can't have broken MX records pointing to
+# site local or link local IP addresses fixed, we ignore target
+# hosts pointing to these addresses.
+
+dnslookup_tls_verify:
+ debug_print = "R: dnslookup_tls_verify for $local_part@$domain"
+ driver = dnslookup
+ # Do we need to verify and force TLS for this domain ?
+ domains = ! +local_domains : +tls_verify_relay_to_domains
+ transport = remote_smtp_tls_verify
+ same_domain_copy_routing = yes
+ # ignore private rfc1918 and APIPA addresses
+ ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
+ 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
+ 255.255.255.255
+ no_more