end
out
%>
+acl_smtp_predata = acl_check_predata
# accept domain literal syntax in e-mail addresses. To actually make use of
# this a router is also required
######################################################################
begin acl
+acl_localonly:
+ accept local_parts = +local_only_users
+ domains = +local_domains
+ hosts = !+debianhosts
+
+ deny
+
check_helo:
warn set acl_c1 = 0
condition = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}}
message = no mail should ever come from <$sender_address>
- deny local_parts = +local_only_users
- domains = +local_domains
- hosts = !+debianhosts
- message = mail for $local_part is only accepted internally
+ warn condition = ${if eq{$acl_m6}{}}
+ acl = acl_localonly
+ set acl_m6 = localonly
+ set acl_m7 = ${if eq{$acl_m7}{}{$local_part@$domain}{$acl_m7, $local_part@$domain}}
+
+ warn condition = ${if eq{$acl_m6}{}}
+ !acl = acl_localonly
+ set acl_m6 = normal
+ defer condition = ${if eq{$acl_m6}{localonly}}
+ !acl = acl_localonly
+ log_message = Only one profile at a time, please
+
+ defer condition = ${if eq{$acl_m6}{normal}}
+ acl = acl_localonly
+ log_message = Only one profile at a time, please
+
+<%=
+out=''
+if 0 == 1:
+out='
deny message = address $sender_host_address is listed in $dnslist_domain; $dnslist_text
hosts = !+debianhosts
dnslists = rbl.debian.net : rbl.debian.net/$sender_address_domain
+'
+end
+out
+%>
deny !recipients = survey@popcon.debian.org
!verify = sender
condition = ${if >{${eval:$acl_c1}}{0}}
ratelimit = 10 / 60m / per_rcpt / $sender_host_address
message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists)
-
<%=
out = ""
if has_variable?("policydweight") && policydweight == "true"
out='
warn domains = rt.debian.org
set acl_m1 = RTMail
- set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{[^+]+\\+\\d+}}{match{$local_part}{[^+]+\\+new}}} {RTMailRecipientHasSubaddress}}}}
+ set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}} {RTMailRecipientHasSubaddress}}}}
'
end
out
%>
<%=
out=''
-if nodeinfo['packagesmaster']
+if nodeinfo['packagesqamaster']
out='
warn domains = packages.qa.debian.org
set acl_m1 = PTSMail
set acl_m5 = ${perl{surblspamcheck}}
condition = ${if eq{$acl_m5}{false}{no}{yes}}
log_message = $acl_m5
+ message = $acl_m5
+
+ accept
'
end
out
%>
+acl_check_predata:
+ deny condition = ${if eq{$acl_m6}{localonly}}
+ message = mail for $acl_m7 is only accepted internally
+
+ accept
+
+
#!!# ACL that is used after the DATA command
check_message:
require verify = header_syntax
out='
deny condition = ${if eq {$acl_m1}{RTMail}}
condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \
- {!match {${lc:$rh_Subject:]}} {\\[rt.debian.org }} \
+ {!match {${lc:$rh_Subject:]}} {\N\[rt.debian.org \N}} \
{!match {$acl_m12}{RTMailRecipientHasSubaddress}}}}
message = messages to the Request Tracker system require a subject tag or a subaddress
'
%>
<%=
out=''
-if nodeinfo['packagesmaster']
+if nodeinfo['packagesqamaster']
out='
deny !hosts = +debianhosts : 217.196.43.134
condition = ${if eq {$acl_m1}{PTSMail}}
projects / mirror / dsa-puppet.git / blobdiff