Exim: Never show HELO for authenticated users (#3462)

* Autenticated users never show Helo

* Use .patch to update exim

* Update upgrade script

install/deb/exim/exim4.conf.4.94.template

@@ -119,15 +119,18 @@ acl_check_mail:
   deny    condition     = ${if eq{$sender_helo_name}{}}
           message       = HELO required before MAIL
 
-  drop    message       = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
+  drop    !authenticated = *
+    	  message       =  Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
           condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
           condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
           delay         = 45s
 
-  drop    condition     = ${if isip{$sender_helo_name}}
+  drop    !authenticated = *
+		  condition     = ${if isip{$sender_helo_name}}
           message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)
 
-  drop    condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
+  drop    !authenticated = *
+		  condition    = ${if eq{[$interface_address]}{$sender_helo_name}}
           message       = $interface_address is _my_ address
 
   accept

install/deb/exim/exim4.conf.template

@@ -116,19 +116,22 @@ acl_check_spammers:
 
 
 acl_check_mail:
-  deny    condition     = ${if eq{$sender_helo_name}{}}
-          message       = HELO required before MAIL
-
-  drop    message       = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
-          condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
-          condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
-          delay         = 45s
-
-  drop    condition     = ${if isip{$sender_helo_name}}
-          message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)
-
-  drop    condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
-          message       = $interface_address is _my_ address
+  deny  condition     = ${if eq{$sender_helo_name}{}}
+        message       = HELO required before MAIL
+
+  drop  !authenticated = *
+		message       =  Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
+		condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
+		condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
+		delay         = 45s
+
+  drop  !authenticated = *
+		condition     = ${if isip{$sender_helo_name}}
+		message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)
+
+  drop  !authenticated = *
+		condition    = ${if eq{[$interface_address]}{$sender_helo_name}}
+		message       = $interface_address is _my_ address
 
   accept
 

install/upgrade/patch/3462-exim-helo-autenticted-users.patch

@@ -0,0 +1,18 @@
+36c36
+122c122,123
+<   drop    message       = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
+---
+>   drop    !authenticated = *
+>     	  message       =  Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
+127c128,129
+<   drop    condition     = ${if isip{$sender_helo_name}}
+---
+>   drop    !authenticated = *
+> 		  condition     = ${if isip{$sender_helo_name}}
+130c132,133
+<   drop    condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
+---
+>   drop    !authenticated = *
+> 		  condition    = ${if eq{[$interface_address]}{$sender_helo_name}}
+>
+>

install/upgrade/versions/1.7.2.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Hestia Control Panel upgrade script for target version 1.7.2
+
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
+####### upgrade_config_set_value only accepts true or false.                    #######
+#######                                                                         #######
+####### Pass through information to the end user in case of a issue or problem  #######
+#######                                                                         #######
+####### Use add_upgrade_message "My message here" to include a message          #######
+####### in the upgrade notification email. Example:                             #######
+#######                                                                         #######
+####### add_upgrade_message "My message here"                                   #######
+#######                                                                         #######
+####### You can use \n within the string to create new lines.                   #######
+#######################################################################################
+
+upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

install/upgrade/versions/1.7.3.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Hestia Control Panel upgrade script for target version 1.7.3
+
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
+####### upgrade_config_set_value only accepts true or false.                    #######
+#######                                                                         #######
+####### Pass through information to the end user in case of a issue or problem  #######
+#######                                                                         #######
+####### Use add_upgrade_message "My message here" to include a message          #######
+####### in the upgrade notification email. Example:                             #######
+#######                                                                         #######
+####### add_upgrade_message "My message here"                                   #######
+#######                                                                         #######
+####### You can use \n within the string to create new lines.                   #######
+#######################################################################################
+
+upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
+
+if grep -q 'drop    message       = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid' /etc/exim4/exim4.conf.template; then
+	echo "[ * ] Update exim4.conf.template ..."
+	patch /etc/exim4/exim4.conf.template $HESTIA/install/upgrade/patch/3462-exim-helo-autenticted-users.patch
+fi