diff options
Diffstat (limited to 'files/195_exim4_config_tls_verify')
| -rw-r--r-- | files/195_exim4_config_tls_verify | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/files/195_exim4_config_tls_verify b/files/195_exim4_config_tls_verify new file mode 100644 index 0000000..9935b46 --- /dev/null +++ b/files/195_exim4_config_tls_verify @@ -0,0 +1,17 @@ +# For domains that we do not relay for, and need to verify certs. +# Since we most probably can't have broken MX records pointing to +# site local or link local IP addresses fixed, we ignore target +# hosts pointing to these addresses. + +dnslookup_tls_verify: + debug_print = "R: dnslookup_tls_verify for $local_part@$domain" + driver = dnslookup + # Do we need to verify and force TLS for this domain ? + domains = ! +local_domains : +tls_verify_relay_to_domains + transport = remote_smtp_tls_verify + same_domain_copy_routing = yes + # ignore private rfc1918 and APIPA addresses + ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\ + 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\ + 255.255.255.255 + no_more |