disable ddtp.debian.org

[mirror/dsa-puppet.git] / modules / exim / templates / eximconf.erb

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 0e85daa..46f624e 100644 (file)
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -108,6 +108,7 @@ if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
 end
 out
 %>
+acl_smtp_predata = acl_check_predata
 
 # accept domain literal syntax in e-mail addresses. To actually make use of
 # this a router is also required
@@ -280,6 +281,13 @@ RT_QUEUE_MAP = /srv/rt.debian.org/mail/rt_queue_map
 ######################################################################
 begin acl
 
+acl_localonly:
+  accept  local_parts   = +local_only_users
+          domains       = +local_domains
+          hosts         = !+debianhosts
+
+  deny
+
 check_helo:
 
   warn    set acl_c1    = 0
@@ -513,10 +521,22 @@ out
           condition     = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}}
          message       = no mail should ever come from <$sender_address>
 
-  deny    local_parts   = +local_only_users
-         domains       = +local_domains
-          hosts         = !+debianhosts
-         message       = mail for $local_part is only accepted internally
+  warn    condition     = ${if eq{$acl_m6}{}}
+          acl           = acl_localonly
+          set acl_m6    = localonly
+          set acl_m7    = ${if eq{$acl_m7}{}{$local_part@$domain}{$acl_m7, $local_part@$domain}}
+
+  warn    condition     = ${if eq{$acl_m6}{}}
+          !acl          = acl_localonly
+          set acl_m6    = normal
+
+  defer   condition     = ${if eq{$acl_m6}{localonly}}
+          !acl          = acl_localonly
+          log_message   = Only one profile at a time, please
+
+  defer   condition     = ${if eq{$acl_m6}{normal}}
+          acl           = acl_localonly
+          log_message   = Only one profile at a time, please
 
 <%=
 out=''
@@ -607,14 +627,14 @@ if nodeinfo['rtmaster']
   out='
   warn    domains  = rt.debian.org
           set acl_m1 = RTMail
-          set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{[^+]+\\+\\d+}}{match{$local_part}{[^+]+\\+new}}} {RTMailRecipientHasSubaddress}}}}
+          set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}} {RTMailRecipientHasSubaddress}}}}
 '
 end
 out
 %>
 <%=
 out=''
-if nodeinfo['packagesmaster']
+if nodeinfo['packagesqamaster']
   out='
   warn    domains  = packages.qa.debian.org
           set acl_m1 = PTSMail
@@ -780,11 +800,21 @@ acl_check_mime:
          set acl_m5    = ${perl{surblspamcheck}}
          condition     = ${if eq{$acl_m5}{false}{no}{yes}}
          log_message   = $acl_m5
+         message       = $acl_m5
+
+  accept
 '
 end
 out
 %>
 
+acl_check_predata:
+  deny   condition     = ${if eq{$acl_m6}{localonly}}
+         message       = mail for $acl_m7 is only accepted internally
+
+  accept
+
+
 #!!# ACL that is used after the DATA command
 check_message:
   require verify = header_syntax
@@ -796,7 +826,7 @@ if nodeinfo['rtmaster']
   out='
   deny    condition = ${if eq {$acl_m1}{RTMail}}
           condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \
-                               {!match {${lc:$rh_Subject:]}} {\\[rt.debian.org }} \
+                               {!match {${lc:$rh_Subject:]}} {\N\[rt.debian.org \N}} \
                                {!match {$acl_m12}{RTMailRecipientHasSubaddress}}}}
           message  = messages to the Request Tracker system require a subject tag or a subaddress
 '
@@ -805,7 +835,7 @@ out
 %>
 <%=
 out=''
-if nodeinfo['packagesmaster']
+if nodeinfo['packagesqamaster']
   out='
   deny    !hosts  = +debianhosts : 217.196.43.134
           condition = ${if eq {$acl_m1}{PTSMail}}