Allow relaying by certs

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/exim/files/common/exim4.conf b/modules/exim/files/common/exim4.conf
index b84b4777cd79c152f1a275645cecd84dc734bc24..979cefac47194496ba28eba757fd6b638da0eb64 100644 (file)
--- a/modules/exim/files/common/exim4.conf
+++ b/modules/exim/files/common/exim4.conf
@@ -197,7 +197,7 @@ queue_list_requires_admin = false
 av_scanner = CLAMAV
 .endif
 
-.ifdef HAVE_USER_DEBBUGS
+.ifdef HAVE_USER_DEBBUGS MAIL_RELAY
 daemon_smtp_ports = 25 : 587
 .endif
 
@@ -319,6 +319,10 @@ check_submission:
   # Defer after too many bad RCPT TO's.  Legit MTAs will retry later.
   # This is a rough pass at preventing addres harvesting or other mail blasts.
 
+.ifdef MAIL_RELAY
+  accept  verify   = certificate
+.endif
+
   defer  log_message   = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count
          message       = Too many bad recipients, try again later
          condition     = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
@@ -337,6 +341,10 @@ check_submission:
 #!!# ACL that is used after the RCPT command
 check_recipient:
 
+.ifdef MAIL_RELAY
+  accept  verify   = certificate
+.endif
+
   # Defer after too many bad RCPT TO's.  Legit MTAs will retry later.
   # This is a rough pass at preventing addres harvesting or other mail blasts.