eximconf: log the current rate at which penalised senders are sending

[mirror/dsa-puppet.git] / modules / exim / templates / eximconf.erb

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index f5b4d8c..036f717 100644 (file)
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -261,7 +261,23 @@ pipelining_advertise_hosts = !*
 tls_advertise_hosts = *
 smtp_enforce_sync = true
 
-log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation +smtp_protocol_error
+log_selector = \
+               +tls_cipher \
+               +tls_peerdn \
+               +queue_time \
+               +queue_time_overall \
+               +deliver_time \
+               +received_recipients \
+               +sender_on_delivery \
+               +return_path_on_delivery \
+               +incoming_port \
+               +unknown_in_list \
+               +smtp_connection \
+               +smtp_incomplete_transaction \
+               +smtp_confirmation \
+               +smtp_syntax_error \
+               +smtp_no_mail \
+               +smtp_protocol_error
 
 received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
                                  {${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
@@ -654,7 +670,7 @@ check_recipient:
          hosts         = !+debianhosts
          message       = mail from <$sender_address> not allowed externally
 
-  deny    condition     = ${if match_domain{$sender_address_domain}{+virtual_domains}}
+  deny    sender_domains= +virtual_domains
           condition     = ${if exists {${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}}}
           condition     = ${lookup{$sender_address_local_part}lsearch{${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}}{true}}
          message       = no mail should ever come from <$sender_address>
@@ -671,6 +687,12 @@ check_recipient:
   deny    condition      = ${if !eq {$acl_m_prf}{PopconMail}}
           !verify        = sender
 
+  warn    !hosts         = +debianhosts
+          condition      = ${if !eq {$acl_m_prf}{PopconMail}}
+          condition      = ${if >{${eval:$acl_c_scr+0}}{0}}
+          ratelimit      = 10 / 60m / per_rcpt / strict / $sender_host_address
+          log_message    = Sender rate $sender_rate / $sender_rate_period (limit: $sender_rate_limit)
+
   defer   !hosts         = +debianhosts
           condition      = ${if !eq {$acl_m_prf}{PopconMail}}
           condition      = ${if >{${eval:$acl_c_scr+0}}{0}}
@@ -1067,6 +1089,7 @@ begin routers
 
 <%- if @is_mailrelay -%>
 relay_manualroute:
+  debug_print = "R: relay_manualroute for $local_part@$domain"
   driver = manualroute
   domains = +mailhubdomains
   transport = ${if forany{${lookup dnsdb{>: mxh=$domain}}}\
@@ -1503,6 +1526,7 @@ begin transports
 # directory. (The alternative, which most other unixes use, is to deliver
 # as the user's own group, into a sticky-bitted directory)
 local_delivery:
+  debug_print = "T: local_delivery for $local_part@$domain"
   driver = appendfile
   file = /var/mail/${local_part}
   group = mail
@@ -1519,6 +1543,7 @@ local_delivery:
 # want this to happen only when the pipe fails to complete normally.
 
 address_pipe:
+  debug_print = "T: address_pipe for $local_part@$domain"
   driver = pipe
   current_directory = ${home}
   environment = "EXTENSION=${substr_1:${local_part_suffix}}:\
@@ -1533,10 +1558,12 @@ address_pipe:
 # mentioned elsewhere in this configuration file.
 
 address_file:
+  debug_print = "T: address_file for $local_part@$domain"
   driver = appendfile
   return_path_add
 
 address_file_group:
+  debug_print = "T: address_file_group for $local_part@$domain"
   driver = appendfile
   return_path_add
   mode = 0660
@@ -1559,6 +1586,7 @@ address_file_group:
 # are passed to address_directory.
 
 address_directory:
+  debug_print = "T: address_directory for $local_part@$domain"
   driver = appendfile
   check_string = 
   maildir_format
@@ -1570,11 +1598,13 @@ address_directory:
 # option of the forwardfile director. It has a conventional name, since it
 # is not actually mentioned elsewhere in this configuration file.
 address_reply:
+  debug_print = "T: address_reply for $local_part@$domain"
   driver = autoreply
 
 # This transport is used for delivering messages over SMTP connections.
 
 remote_smtp:
+  debug_print = "T: remote_smtp for $local_part@$domain"
   driver = smtp
   connect_timeout = 15s
   delay_after_cutoff = false
@@ -1582,6 +1612,7 @@ remote_smtp:
   tls_privatekey = /etc/exim4/ssl/thishost.key
 
 remote_smtp_single_domain:
+  debug_print = "T: remote_smtp_single_domain for $local_part@$domain"
   driver = smtp
   connect_timeout = 15s
   delay_after_cutoff = false
@@ -1602,12 +1633,14 @@ remote_smtp_smarthost:
 <%- end -%>
 # Send the message to procmail
 procmail_pipe:
+  debug_print = "T: procmail_pipe for $local_part@$domain"
   driver = pipe
   command = /usr/bin/procmail -a ${substr_1:${local_part_suffix}}
   return_path_add
   user = ${local_part}
 
 bsmtp:
+  debug_print = "T: bsmtp for $local_part@$domain"
   driver = appendfile
   batch_max = 100
   file = ${host}
@@ -1621,6 +1654,7 @@ bsmtp:
 
 <%- if @is_bugsmx -%>
 bugs_pipe:
+  debug_print = "T: bugs_pipe for $local_part@$domain"
   driver = pipe
   command = /srv/bugs.debian.org/mail/run-procmail
   environment = "EXTENSION=${substr_1:${local_part_suffix}}:\