# us. This is primarily only usefull for emergancy 'queue
# flushing' operations, but should be populated with a list
# of trusted machines. Wildcards are not permitted
# us. This is primarily only usefull for emergancy 'queue
# flushing' operations, but should be populated with a list
# of trusted machines. Wildcards are not permitted
# mailhubdomains - Domains for which we are the MX, but the mail is relayed
# elsewhere. This is designed for use with small volume or
# restricted machines that need to use a smarthost for mail
# traffic. We will relay for them based on ssl cert validation
# but we need to teach exim how to route the mail to them. This is
# that list.
# mailhubdomains - Domains for which we are the MX, but the mail is relayed
# elsewhere. This is designed for use with small volume or
# restricted machines that need to use a smarthost for mail
# traffic. We will relay for them based on ssl cert validation
# but we need to teach exim how to route the mail to them. This is
# that list.
# Exim's wildcard mechanism is a bit odd in that to say "any address in
# debian.org including debian.org" you must use two patterns,
# *.debian.org
# Exim's wildcard mechanism is a bit odd in that to say "any address in
# debian.org including debian.org" you must use two patterns,
# *.debian.org
# MAIN CONFIGURATION SETTINGS #
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# These options specify the Access Control Lists (ACLs) that
# are used for incoming SMTP messages - after the RCPT and DATA
# commands, respectively.
# These options specify the Access Control Lists (ACLs) that
# are used for incoming SMTP messages - after the RCPT and DATA
# commands, respectively.
acl_smtp_helo = check_helo
acl_smtp_rcpt = ${if ={$interface_port}{587} {check_submission}{check_recipient}}
acl_smtp_data = check_message
acl_smtp_helo = check_helo
acl_smtp_rcpt = ${if ={$interface_port}{587} {check_submission}{check_recipient}}
acl_smtp_data = check_message
# accept domain literal syntax in e-mail addresses. To actually make use of
# this a router is also required
# accept domain literal syntax in e-mail addresses. To actually make use of
# this a router is also required
# accept mail for them.
domainlist rcpthosts = partial-lsearch;/etc/exim4/rcpthosts
hostlist debianhosts = 127.0.0.1 : net-lsearch;/var/lib/misc/thishost/debianhosts
# accept mail for them.
domainlist rcpthosts = partial-lsearch;/etc/exim4/rcpthosts
hostlist debianhosts = 127.0.0.1 : net-lsearch;/var/lib/misc/thishost/debianhosts
accept domains = +mailhubdomains
endpass
message = unknown user
verify = recipient/callout=30s,defer_ok,use_sender,no_cache
accept domains = +mailhubdomains
endpass
message = unknown user
verify = recipient/callout=30s,defer_ok,use_sender,no_cache
deny message = address $sender_host_address is listed in $dnslist_domain; $dnslist_text
hosts = !+debianhosts
dnslists = rbl.debian.net : rbl.debian.net/$sender_address_domain
deny message = address $sender_host_address is listed in $dnslist_domain; $dnslist_text
hosts = !+debianhosts
dnslists = rbl.debian.net : rbl.debian.net/$sender_address_domain
condition = ${if >{${eval:$acl_c1}}{0}}
ratelimit = 10 / 60m / per_rcpt / $sender_host_address
message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists)
condition = ${if >{${eval:$acl_c1}}{0}}
ratelimit = 10 / 60m / per_rcpt / $sender_host_address
message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists)
warn domains = packages.qa.debian.org
set acl_m1 = PTSMail
warn recipients = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org
set acl_m1 = PTSOwner
warn domains = packages.qa.debian.org
set acl_m1 = PTSMail
warn recipients = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org
set acl_m1 = PTSOwner
warn senders = :
domains = packages.qa.debian.org
condition = ${if match{$local_part}{\N^bounces+\N}}
set acl_m1 = PTSListBounce
warn senders = :
domains = packages.qa.debian.org
condition = ${if match{$local_part}{\N^bounces+\N}}
set acl_m1 = PTSListBounce
domains = +handled_domains : +rcpthosts
local_parts = GREYLIST_LOCAL_PARTS
condition = ${if eq{${uc:${substr_0_7:$acl_m3}}}{PREPEND}}
domains = +handled_domains : +rcpthosts
local_parts = GREYLIST_LOCAL_PARTS
condition = ${if eq{${uc:${substr_0_7:$acl_m3}}}{PREPEND}}
accept domains = +mailhubdomains
endpass
message = unknown user
verify = recipient/callout=30s,defer_ok,use_sender,no_cache
accept domains = +mailhubdomains
endpass
message = unknown user
verify = recipient/callout=30s,defer_ok,use_sender,no_cache
+<%=
+out=''
+if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
+out='
+acl_check_mime:
+
+ deny condition = ${if <{$message_size}{256000}}
+ set acl_m5 = ${perl{surblspamcheck}}
+ condition = ${if eq{$acl_m5}{false}{no}{yes}}
+ log_message = $acl_m5
+ message = $acl_m5
+
+ accept
+'
+end
+out
+%>
+
#!!# ACL that is used after the DATA command
check_message:
require verify = header_syntax
message = Invalid syntax in the header
#!!# ACL that is used after the DATA command
check_message:
require verify = header_syntax
message = Invalid syntax in the header
deny condition = ${if eq {$acl_m1}{RTMail}}
condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \
deny condition = ${if eq {$acl_m1}{RTMail}}
condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \
{!match {$acl_m12}{RTMailRecipientHasSubaddress}}}}
message = messages to the Request Tracker system require a subject tag or a subaddress
{!match {$acl_m12}{RTMailRecipientHasSubaddress}}}}
message = messages to the Request Tracker system require a subject tag or a subaddress
deny !hosts = +debianhosts : 217.196.43.134
condition = ${if eq {$acl_m1}{PTSMail}}
condition = ${if def:h_X-PTS-Approved:{false}{true}}
message = messages to the PTS require an X-PTS-Approved header
deny !hosts = +debianhosts : 217.196.43.134
condition = ${if eq {$acl_m1}{PTSMail}}
condition = ${if def:h_X-PTS-Approved:{false}{true}}
message = messages to the PTS require an X-PTS-Approved header
deny condition = ${if match {$message_body}{\Nhttp:\/\/[a-z\.-]+\/video1?.exe\N}}
message = Blackisted URI found in body
deny condition = ${if match {$message_body}{\Nhttp:\/\/[a-z\.-]+\/video1?.exe\N}}
message = Blackisted URI found in body
{${lookup{$local_part@$domain}nwildlsearch{/etc/exim4/sa_users}{$local_part}{}}}\
{${lookup{$local_part}lsearch{/etc/exim4/sa_users}{$local_part}{}}}}}}
{${lookup{$local_part@$domain}nwildlsearch{/etc/exim4/sa_users}{$local_part}{}}}\
{${lookup{$local_part}lsearch{/etc/exim4/sa_users}{$local_part}{}}}}}}
+<%=
+out=''
+if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
+out='
+ deny condition = ${if <{$message_size}{256000}}
+ set acl_m5 = ${perl{surblspamcheck}}
+ condition = ${if eq{$acl_m5}{false}{no}{yes}}
+ log_message = $acl_m5
+'
+end
+out
+%>
# Check header_sender except for survey@popcon.d.o
deny condition = ${if eq{$acl_m1}{PopconMail}{false}{true}}
!verify = header_sender
# Check header_sender except for survey@popcon.d.o
deny condition = ${if eq{$acl_m1}{PopconMail}{false}{true}}
!verify = header_sender
out = '
smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = !+handled_domains
transport = remote_smtp_smarthost
out = '
smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = !+handled_domains
transport = remote_smtp_smarthost
-<%=
-out = ""
-if not results['smarthost'].empty?
- out += " port = " + results['smarthost_port'] + "\n"
-end
-
-if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true"
- out += ' tls_tempfail_tryclear = false
+ port = '
+ out += nodeinfo['smarthost_port'].to_s + "\n"
+ if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true"
+ out += ' tls_tempfail_tryclear = false
+ hosts_require_tls = ' + nodeinfo['smarthost'] + '