dnl
dnl поддержка BATV (Bounce address tag validation)
dnl
dnl NO			- выключить поддржку BATV
dnl YES			- включить поддржку BATV
dnl define(`confBATV', `NO')dnl
dnl
dnl ключ шифрования
dnl define(`confBATV_SECRET_BY_PRVSCHECK_ADDRESS', `${lookup mysql{SELECT secret FROM batv_prvs WHERE sender="${quote_mysql:$prvscheck_address}"}{$value}}')dnl
dnl define(`confBATV_SECRET_BY_SENDER_ADDRESS', `${lookup mysql{SELECT secret FROM batv_prvs WHERE sender="${quote_mysql:$sender_address}"}{$value}fail}')dnl
dnl
dnl define(`confBATV_SECRET_BY_PRVSCHECK_ADDRESS', `${lookup{$prvscheck_address}wildlsearch{CONFDIR/batv_prvs_secrets}{$value}fail}')dnl
dnl define(`confBATV_SECRET_BY_SENDER_ADDRESS', `${lookup{$sender_address}wildlsearch{CONFDIR/batv_prvs_secrets}{$value}fail}')dnl
dnl
dnl отправители, адреса которых нужно всегда перезаписывать
dnl define(`confBATV_SENDERS', `*')dnl
dnl
dnl отправители, адреса которых никогда не нужно перезаписывать
dnl define(`confBATV_SENDERS_EXCLUDED', `batv-excluded@domain.tld')dnl
dnl

ifelse(SECTION, `MAIN', `dnl
# Define this to handle BATV-bounces
BATV_SECRET_BY_PRVSCHECK_ADDRESS=confBATV_SECRET_BY_PRVSCHECK_ADDRESS
ifdef(`confBATV_SECRET_BY_PRVSCHECK_ADDRESS', `', `
errprint(`*** ERROR: confBATV_SECRET_BY_PRVSCHECK_ADDRESS variable required


')')
BATV_SECRET_BY_SENDER_ADDRESS=confBATV_SECRET_BY_SENDER_ADDRESS
ifdef(`confBATV_SECRET_BY_SENDER_ADDRESS', `', `
errprint(`*** ERROR: confBATV_SECRET_BY_SENDER_ADDRESS variable required


')')

addresslist batv_senders	= confBATV_SENDERS
ifdef(`confBATV_SENDERS_EXCLUDED', `dnl
addresslist batv_senders_excluded= confBATV_SENDERS_EXCLUDED
') dnl
') dnl ifelse(SECTION, `MAIN', `')

ifelse(SECTION, `ACL_CHECK_RCPT', `dnl
	# Bounces: drop unsigned addresses for BATV senders
	deny	senders		= :
		domains		= +local_domains
		condition	= ${if match{$local_part}{\N^prvs=\N}{no}{yes}}
		recipients	= ifdef(`confBATV_SENDERS_EXCLUDED', `!+batv_senders_excluded : ')+batv_senders
		message		= This address does not send an unsigned reverse path

	# Bounces: In case of prvs-signed address, check signature.
	deny	senders		= :
		domains		= +local_domains
		condition	= ${prvscheck {$local_part@$domain}{BATV_SECRET_BY_PRVSCHECK_ADDRESS}{1}}
		!condition	= $prvscheck_result
		message		= Invalid reverse path signature
') dnl ifelse(SECTION, `ACL_CHECK_RCPT', `')

ifelse(SECTION, `ROUTERS', `dnl

batv_redirect:
	driver			= redirect
	senders			= :
	domains			= +local_domains
	# detect inbound bounces which are BATV-d, and decode them
	data			= ${prvscheck {$local_part@$domain}{BATV_SECRET_BY_PRVSCHECK_ADDRESS}}

') dnl ifelse(SECTION, `ROUTERS', `')

ifelse(SECTION, `TRANSPORTS', `dnl

ifelse_strstr(confIPv6, `YES', `dnl
dnl
ifelse(confDNSLOOKUP6_ENABLE, `NO', `', `dnl
dnl
define(`TRANSPORT', `remote_smtp6_batv')dnl
dnl
remote_smtp6_batv:
	driver			= smtp
ifdef(`confSMTP_AUTH_CLIENT', `ifelse(confSMTP_AUTH_CLIENT, `NO', `', `dnl
	hosts_try_auth		= +hosts_try_auth
')') dnl
ifdef(`confFALL_BACK_MX', `ifelse(confFALL_BACK_MX, `NO', `', `dnl
define(`_I_',`eval(index(confFALL_BACK_MX,` ') >= 0)')`'ifelse(_I_,`1',
`	fallback_hosts		= ${sg{confFALL_BACK_MX}{ }{}}',
`	fallback_hosts		= confFALL_BACK_MX')
')') dnl
ifdef(`confFALL_BACK_MX_LOCALHOST_ENABLE', `ifelse(confFALL_BACK_MX_LOCALHOST_ENABLE, `NO', `', `dnl
	allow_localhost
')') dnl
ifdef(`confSMTP_SERIALIZE_HOSTS', `ifelse(confSMTP_SERIALIZE_HOSTS, `NO', `', `dnl
	serialize_hosts		= +serialize_hosts
')') dnl
dnl ifdef(`confSTARTTLS_SKIP_USING', `ifelse(confSTARTTLS_SKIP_USING, `NO', `', `dnl
dnl 	hosts_avoid_tls		= +skip_tls_using
dnl ')') dnl
	hosts_avoid_tls		= ${if match{$address_data}{\N\/avoid_tls\N}{*}{ifdef(`confSTARTTLS_SKIP_USING', `ifelse(confSTARTTLS_SKIP_USING, `NO', `', `+skip_tls_using')')}}
dnl
sinclude(confSITE_DIR`/configure.remote_smtp6_transport_options')dnl
dnl
ifdef(`confMAIL_BACKUP', `ifelse_strstr(confMAIL_BACKUP, `ROUTER_REDIRECT', `dnl
	headers_remove		= ${if eq{$local_part@$domain}{confMAIL_BACKUP_ADDR}{}{X-Recipients}}
')') dnl
dnl
ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl
	headers_remove		= _confAUTH_RESULTS_ADD_CUSTOM_HEADER_
') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `')
dnl
define(`AUTHENTICATION_RESULTS_REMOVED', `NO')dnl
ifelse_strstr(confAUTH_RESULTS_ADD, `DEFAULT', `dnl
ifelse_strstr(confARC, `SIGN', `', `dnl
	headers_remove		= Authentication-Results
define(`AUTHENTICATION_RESULTS_REMOVED', `YES')dnl
') dnl ifelse_strstr(confARC, `SIGN', `', `')
') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `DEFAULT', `')
dnl
ifelse(confAUTH_RESULTS_HIDE_ROOT_FORWARD, `REMOTE', `dnl
ifelse(AUTHENTICATION_RESULTS_REMOVED, `YES', `', `
	# блокировка добавления кастомного и штатного заголовков Authentication-Results при пересылке писем из командной строки от имени пользователя root в исходящих письмах
	headers_remove		= ${if eq{$acl_m_auth_results_hide}{yes}{Authentication-Results}{X-Authentication-Results-Fake}}
')dnl ifelse(AUTHENTICATION_RESULTS_REMOVED, `YES', `', `')
')dnl ifelse(confAUTH_RESULTS_HIDE_ROOT_FORWARD, `REMOTE', `')
dnl
ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl
	headers_remove		= X-Warn-Auth-Relay
') dnl
dnl
dnl
	return_path		= ${prvs{$return_path}{BATV_SECRET_BY_SENDER_ADDRESS}}
') dnl ifelse(confDNSLOOKUP6_ENABLE, `NO', `', `')
dnl
') dnl ifelse_strstr(confIPv6, `YES', `')

define(`TRANSPORT', `')dnl

define(`TRANSPORT', `remote_smtp_batv')dnl

remote_smtp_batv:
	driver			= smtp
ifdef(`confSMTP_AUTH_CLIENT', `ifelse(confSMTP_AUTH_CLIENT, `NO', `', `dnl
	hosts_try_auth		= +hosts_try_auth
')') dnl
ifdef(`confFALL_BACK_MX', `ifelse(confFALL_BACK_MX, `NO', `', `dnl
define(`_I_',`eval(index(confFALL_BACK_MX,` ') >= 0)')`'ifelse(_I_,`1',
`	fallback_hosts		= ${sg{confFALL_BACK_MX}{ }{}}',
`	fallback_hosts		= confFALL_BACK_MX')
')') dnl
ifdef(`confFALL_BACK_MX_LOCALHOST_ENABLE', `ifelse(confFALL_BACK_MX_LOCALHOST_ENABLE, `NO', `', `dnl
	allow_localhost
')') dnl
ifdef(`confSMTP_SERIALIZE_HOSTS', `ifelse(confSMTP_SERIALIZE_HOSTS, `NO', `', `dnl
	serialize_hosts		= +serialize_hosts
')') dnl
dnl ifdef(`confSTARTTLS_SKIP_USING', `ifelse(confSTARTTLS_SKIP_USING, `NO', `', `dnl
dnl 	hosts_avoid_tls		= +skip_tls_using
dnl ')') dnl
	hosts_avoid_tls		= ${if match{$address_data}{\N\/avoid_tls\N}{*}{ifdef(`confSTARTTLS_SKIP_USING', `ifelse(confSTARTTLS_SKIP_USING, `NO', `', `+skip_tls_using')')}}
dnl
sinclude(confSITE_DIR`/configure.smtp_transport_options')dnl
sinclude(confSITE_DIR`/configure.remote_smtp_transport_options')dnl
dnl
ifdef(`confMAIL_BACKUP', `ifelse_strstr(confMAIL_BACKUP, `ROUTER_REDIRECT', `dnl
	headers_remove		= ${if eq{$local_part@$domain}{confMAIL_BACKUP_ADDR}{}{X-Recipients}}
')') dnl
dnl
ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl
	headers_remove		= _confAUTH_RESULTS_ADD_CUSTOM_HEADER_
') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `')
dnl
define(`AUTHENTICATION_RESULTS_REMOVED', `NO')dnl
ifelse_strstr(confAUTH_RESULTS_ADD, `DEFAULT', `dnl
ifelse_strstr(confARC, `SIGN', `', `dnl
	headers_remove		= Authentication-Results
define(`AUTHENTICATION_RESULTS_REMOVED', `YES')dnl
') dnl ifelse_strstr(confARC, `SIGN', `', `')
') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `DEFAULT', `')
dnl
ifelse(confAUTH_RESULTS_HIDE_ROOT_FORWARD, `REMOTE', `dnl
ifelse(AUTHENTICATION_RESULTS_REMOVED, `YES', `', `
	# блокировка добавления кастомного и штатного заголовков Authentication-Results при пересылке писем из командной строки от имени пользователя root в исходящих письмах
	headers_remove		= ${if eq{$acl_m_auth_results_hide}{yes}{Authentication-Results}{X-Authentication-Results-Fake}}
')dnl ifelse(AUTHENTICATION_RESULTS_REMOVED, `YES', `', `')
')dnl ifelse(confAUTH_RESULTS_HIDE_ROOT_FORWARD, `REMOTE', `')
dnl
ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl
	headers_remove		= X-Warn-Auth-Relay
') dnl
dnl
dnl
	return_path		= ${prvs{$return_path}{BATV_SECRET_BY_SENDER_ADDRESS}}

define(`TRANSPORT', `')dnl

') dnl ifelse(SECTION, `TRANSPORTS', `')