acl_smtp_helo = check_helo
acl_smtp_rcpt = ${if ={$interface_port}{587} {check_submission}{check_recipient}}
acl_smtp_data = check_message
+<%=
+out=''
+if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
+ out = "acl_smtp_mime = acl_check_mime"
+end
+out
+%>
+acl_smtp_predata = acl_check_predata
# accept domain literal syntax in e-mail addresses. To actually make use of
# this a router is also required
######################################################################
begin acl
+acl_localonly:
+ accept local_parts = +local_only_users
+ domains = +local_domains
+ hosts = !+debianhosts
+
+ deny
+
check_helo:
warn set acl_c1 = 0
condition = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}}
message = no mail should ever come from <$sender_address>
- deny local_parts = +local_only_users
- domains = +local_domains
- hosts = !+debianhosts
- message = mail for $local_part is only accepted internally
+ warn condition = ${if eq{$acl_m6}{}}
+ acl = acl_localonly
+ set acl_m6 = localonly
+ set acl_m7 = ${if eq{$acl_m7}{}{$local_part@$domain}{$acl_m7, $local_part@$domain}}
+ warn condition = ${if eq{$acl_m6}{}}
+ !acl = acl_localonly
+ set acl_m6 = normal
+
+ defer condition = ${if eq{$acl_m6}{localonly}}
+ !acl = acl_localonly
+ log_message = Only one profile at a time, please
+
+ defer condition = ${if eq{$acl_m6}{normal}}
+ acl = acl_localonly
+ log_message = Only one profile at a time, please
+
+<%=
+out=''
+if 0 == 1:
+out='
deny message = address $sender_host_address is listed in $dnslist_domain; $dnslist_text
hosts = !+debianhosts
dnslists = rbl.debian.net : rbl.debian.net/$sender_address_domain
+'
+end
+out
+%>
deny !recipients = survey@popcon.debian.org
!verify = sender
condition = ${if >{${eval:$acl_c1}}{0}}
ratelimit = 10 / 60m / per_rcpt / $sender_host_address
message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists)
-
<%=
out = ""
if has_variable?("policydweight") && policydweight == "true"
out='
warn domains = rt.debian.org
set acl_m1 = RTMail
- set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{[^+]+\\+\\d+}}{match{$local_part}{[^+]+\\+new}}} {RTMailRecipientHasSubaddress}}}}
+ set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}} {RTMailRecipientHasSubaddress}}}}
'
end
out
%>
<%=
out=''
-if nodeinfo['packagesmaster']
+if nodeinfo['packagesqamaster']
out='
warn domains = packages.qa.debian.org
set acl_m1 = PTSMail
deny message = relay not permitted
+<%=
+out=''
+if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
+out='
+acl_check_mime:
+
+ deny condition = ${if <{$message_size}{256000}}
+ set acl_m5 = ${perl{surblspamcheck}}
+ condition = ${if eq{$acl_m5}{false}{no}{yes}}
+ log_message = $acl_m5
+ message = $acl_m5
+
+ accept
+'
+end
+out
+%>
+
+acl_check_predata:
+ deny condition = ${if eq{$acl_m6}{localonly}}
+ message = mail for $acl_m7 is only accepted internally
+
+ accept
+
+
#!!# ACL that is used after the DATA command
check_message:
require verify = header_syntax
out='
deny condition = ${if eq {$acl_m1}{RTMail}}
condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \
- {!match {${lc:$rh_Subject:]}} {\\[rt.debian.org }} \
+ {!match {${lc:$rh_Subject:]}} {\N\[rt.debian.org \N}} \
{!match {$acl_m12}{RTMailRecipientHasSubaddress}}}}
message = messages to the Request Tracker system require a subject tag or a subaddress
'
%>
<%=
out=''
-if nodeinfo['packagesmaster']
+if nodeinfo['packagesqamaster']
out='
deny !hosts = +debianhosts : 217.196.43.134
condition = ${if eq {$acl_m1}{PTSMail}}