mod_smtp_delivery_external: Allow relaying mail to/from downstream MTAs.

The ability to accept outgoing mail from other MTAs has been
present for some time. This adds the ability to accept incoming
mail for other MTAs (forwarding it to them) as well as route
an MTA's own outgoing mail through another MTA (smart host).

With this addition, handling of incoming and outgoing mail
is sufficiently flexible to handle most relay scenarios.

* The 'Received' header is now added for such messages as well.

* Fix improper allocation size for delivery status,
and general issues exposed by allowing messages to be
accepted and relayed.

* Eliminate spurious errors for ignored config sections in net_smtp.conf.

configs/net_smtp.conf

@@ -55,6 +55,14 @@ notifyextfirstmsg=yes ; Whether to send an email to a user's external email addr
 logfile=/var/log/lbbs/smtp.log ; SMTP logfile. If set, SMTP messages up to the SMTP log level will be logged to this file.
 loglevel=5 ; Log level from 0 to 10 (maximum debug). Default is 5.
 
+; The next three sections define different types of relays. For a simple MTA, you can ignore these sections.
+; Some of these settings are complementary, but they are different. In a nutshell:
+; [authorized_relays] = hosts allowed to relay outgoing mail through us (per-domain)
+; [static_relays] = static definitions of how to deliver mail to the "next hop" per-domain. This is BOTH:
+;                   - hosts allowed to relay incoming mail through us and to what hosts (per-domain)
+;                   - hosts through which all our outgoing mail is relayed
+; [trusted_relays] = hosts allowed to relay our incoming mail to us
+
 [authorized_relays] ; Define remote hosts that are allowed to relay outgoing mail using this server as a smart host.
 ; Configure each authorized relay as an IP/hostname/CIDR range and a list of domains or subdomains for which they are authorized to relay mail.
 ; If a connection matches multiple entries, the relay is allowed as long as it matches one of the entries.
@@ -63,7 +71,40 @@ loglevel=5 ; Log level from 0 to 10 (maximum debug). Default is 5.
 ;      If further verification of messages is required, the submitting SMTP server/client must do it (e.g. checking the sender is authorized to send as a particular user).
 ;      Do not attempt to relay mail for domains that *THIS* server is not authorized to send as (otherwise failed SPF checks, etc. will likely get you blacklisted quickly).
 ;
-;10.1.1.5 = example.com,example.net,example.org ; Messages from 10.1.1.5 may be relayed for example.com, example.net, and example.org.
+;10.1.1.5 = example.com,example.net ; Messages from 10.1.1.5 may be relayed for example.com and example.net
+;10.1.1.6 = example.org
+
+[static_relays] ; Define remote hosts for which the BBS will accept and forward incoming mail to another mail transfer agent. These bypass an MX lookup.
+                ; This can be used both for accepting incoming mail for another mail server or for routing outbound mail via a smart host.
+                ;
+                ; You might configure this at a public-facing site to forward mail to other sites that cannot directly receive mail from the Internet on port 25, e.g. over a VPN tunnel.
+                ; The public MX records for these domains would point to this host, and this host would forward it to the real mail servers for those domains.
+                ; You will most likely also want to configure the BBS to accept and relay mail for the corresponding IP/domain in [authorized_relays]
+                ; Only static IP addresses (no hostnames or CIDR ranges) are allowed for values in this section.
+                ; Domains must be explicitly enumerated; no wildcards for subdomains.
+                ;
+                ; On the mail server for domains which are proxied through this host, the '*' rule can be used to route all outgoing mail through another host.
+;example.com = 10.1.1.5
+;example.net = 10.1.1.5,10.1.1.6 ; Try 10.1.1.5 first, then 10.1.1.6 as a fallback (like with higher priority MX records)
+;example.org = 10.1.1.6:2525 ; If the remote mail transfer agent is listening on a non-standard port (not 25), you can specify the port explicitly.
+;* = 10.1.1.4 ; This rule is special. Rather than looking up via MX record, outgoing mail will be relayed via this "smart host" instead. Useful when outgoing port 25 is blocked.
+              ; You will likely also want to add this server to [trusted_relays] if it also handles your incoming mail.
+
+[trusted_relays] ; These hosts are allowed to accept mail on our behalf and forward it to us.
+                 ; This applies to ALL mail from ALL originating MTAs. This will inhibit certain
+                 ; checks that are done on incoming mail by default, such as doing a reverse lookup
+                 ; on the sender, which would otherwise fail due to the intermediary SMTP host that
+                 ; originally accepted the message for us from the sending MTA.
+                 ; Adding a host here indicates that that server has already performed these checks,
+                 ; and they will not be performed again here since it would not be possible to do so.
+                 ; If both your incoming and outgoing mail goes through a certain host, it should be listed
+                 ; in both this section as well as the * rule for [static_relays].
+                 ; However, depending on the networking arrangement between the two MTAs, note that the
+                 ; IP addresses COULD be different, e.g. if using a NATed VPN tunnel.
+                 ; If in doubt, send an email that is received by this host, confirm the immediately upstream IP,
+                 ; and then whitelist that here.
+;10.1.1.3 = yes  ; The actual value does not matter and is ignored.
+;10.1.0.0/24 = yes ; CIDR ranges and hostnames are also acceptable.
 
 [privs]
 ;relayin=1   ; Minimum privilege level required to accept external email for a user.