Process mailman addresses last

In an effort to thwart recent spates of spam to -owner addresses of
mailing lists, place the mailman_router last so that system_aliases
get expanded before it. This allows for tricks like aliasing a
particular -owner address to :blackhole: temporarily as a
workaround.

Change-Id: Ibea05369bb5e42bf637f84251a387ffd81577373
This commit is contained in:
Jeremy Stanley 2017-07-19 00:15:22 +00:00
parent 4f1c9531bc
commit 9fa2bd4853
1 changed files with 34 additions and 34 deletions

View File

@ -577,40 +577,6 @@ begin routers
<% end -%>
<% end -%>
<% if @mailman_domains.length > 0 -%>
# Pick up on messages from our local mailman and route them via our
# special VERP-enabled transport
#
mailman_verp_router:
driver = dnslookup
# we only consider messages sent in through loopback
condition = ${if or{{eq{$sender_host_address}{127.0.0.1}} \
{eq{$sender_host_address}{::1}}}{yes}{no}}
# we do not do this for traffic going to the local machine
domains = !+local_domains:!+mm_domains
ignore_target_hosts = <; 0.0.0.0; \
64.94.110.11; \
127.0.0.0/8; \
::1/128;fe80::/10;fe \
c0::/10;ff00::/8
# only the un-VERPed bounce addresses are handled
senders = "*-bounces@*"
transport = mailman_verp_smtp
mailman_router:
driver = accept
domains = +mm_domains
require_files = MM_LISTCHK
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman_transport
<% end -%>
# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for example,
# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
@ -706,6 +672,40 @@ localuser:
transport = local_delivery
cannot_route_message = Unknown user
<% if @mailman_domains.length > 0 -%>
# Pick up on messages from our local mailman and route them via our
# special VERP-enabled transport
#
mailman_verp_router:
driver = dnslookup
# we only consider messages sent in through loopback
condition = ${if or{{eq{$sender_host_address}{127.0.0.1}} \
{eq{$sender_host_address}{::1}}}{yes}{no}}
# we do not do this for traffic going to the local machine
domains = !+local_domains:!+mm_domains
ignore_target_hosts = <; 0.0.0.0; \
64.94.110.11; \
127.0.0.0/8; \
::1/128;fe80::/10;fe \
c0::/10;ff00::/8
# only the un-VERPed bounce addresses are handled
senders = "*-bounces@*"
transport = mailman_verp_smtp
mailman_router:
driver = accept
domains = +mm_domains
require_files = MM_LISTCHK
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman_transport
<% end -%>
######################################################################
# TRANSPORTS CONFIGURATION #