# is much like a local domain, execpt that the delivery location
# and allowed set of users is controlled by a virtual domain
# alias file and not /etc/passwd. Wildcards are permitted
-# rcpthosts - recipient hosts or relay domains. This is a list of
-# all hosts that we mail exchange for. All domains that list
-# this host in their MX records should be listed here. Wildcards
-# are permitted.
# relayhosts - Hostnames that can send any arbitarily addressed mail to
# us. This is primarily only usefull for emergancy 'queue
# flushing' operations, but should be populated with a list
# of trusted machines. Wildcards are not permitted
+# bsmtp_domains - Domains that we deliver locally via bsmtp
<%=
out = ""
if nodeinfo['mailrelay']
# Other domain and host lists may follow.
# @ is the local FQDN, @[] matches the IP adress of any local interface.
-.include_if_exists /etc/exim4/local-settings.conf
-
domainlist local_domains = @ : \
@[] : \
localhost : \
domainlist submission_domains = ${if exists {/etc/exim4/submission-domains}{/etc/exim4/submission-domains}{}}
-domainlist handled_domains = +local_domains : +virtual_domains
+domainlist bsmtp_domains = ${if exists {/etc/exim4/bsmtp}{partial-lsearch;/etc/exim4/bsmtp}{}}
+
+domainlist handled_domains = +local_domains : +virtual_domains : +bsmtp_domains
localpartlist local_only_users = lsearch;/etc/exim4/localusers
+localpartlist postmasterish = postmaster : abuse : hostmaster : root
+
# Domains we relay for; that is domains that aren't considered local but we
# accept mail for them.
-domainlist rcpthosts = partial-lsearch;/etc/exim4/rcpthosts
hostlist debianhosts = 127.0.0.1 : net-lsearch;/var/lib/misc/thishost/debianhosts
<%=
out = ""
message_size_limit = 100M
message_logs = false
-smtp_accept_max = 300
smtp_accept_max_per_host = ${if match_ip {$sender_host_address}{+debianhosts}{0}{7}}
+<% if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? %>
+smtp_accept_max = 300
smtp_accept_queue = 200
smtp_accept_queue_per_connection = 50
smtp_accept_reserve = 25
+<% else %>
+smtp_accept_max = 30
+smtp_accept_queue = 20
+smtp_accept_queue_per_connection = 10
+smtp_accept_reserve = 5
+<% end %>
smtp_reserve_hosts = +debianhosts
split_spool_directory = true
delay_warning =
+<% if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? %>
queue_run_max = 50
deliver_queue_load_max = 50
-queue_only_load = 15
+queue_only_load = 35
+smtp_load_reserve = 20
+<% else %>
+queue_run_max = 5
+deliver_queue_load_max = 10
+queue_only_load = 5
+<% end %>
queue_list_requires_admin = false
<%= out = ""
out = "daemon_smtp_ports = "
ports << 25
-if nodeinfo['bugsmaster']
+if nodeinfo['bugsmaster'] or nodeinfo['bugsmx']
ports << 587
end
out
%>
<%=
+out = ''
+if nodeinfo['packagesmaster']
+ out = '
+ warn domains = packages.debian.org
+ set acl_m_rprf = PackagesMail
+
+ accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+'
+end
+out
+%>
+<%=
+out = ''
if nodeinfo['packagesqamaster']
out='
warn recipients = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org
accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ warn domains = +virtual_domains
+ condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}}
+ condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{markup}}
+ log_message = $local_part@$domain: markup
+ set acl_m_rprf = markup
+
+ accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+ warn condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{markup}}
+ log_message = $local_part@$domain: markup
+ set acl_m_rprf = markup
+
+ accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+ warn condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{blackhole}}
+ log_message = $local_part@$domain: blackhole
+ set acl_m_rprf = blackhole
+
+ accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+ warn domains = +virtual_domains
+ condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}}
+ condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{blackhole}}
+ log_message = $local_part@$domain: blackhole
+ set acl_m_rprf = blackhole
+
+ accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
warn set acl_m_rprf = normal
accept
out
%>
+<%=
+if nodeinfo['smarthost'].empty?
+ out = '
# These are in HELO acl so that they are only run once. They increment a counter,
- # so we don't want it to increment per rcpt to.
+ # so we don\'t want it to increment per rcpt to.
warn dnslists = list.dnswl.org&0.0.0.3
log_message = Hit on list.dnswl.org for $sender_host_address
dnslists = dul.dnsbl.sorbs.net
set acl_c_scr = ${eval:$acl_c_scr+15}
- # If the sender's helo name is empty, the message will be rejected later
+ # If the sender\'s helo name is empty, the message will be rejected later
# because the helo is empty. If the rDNS lookup failed, we are already
# going to greylist them, so no sense worrying about it here. Finally,
# if rDNS does not match helo name (both lower cased first), greylist.
condition = ${if eq {$host_lookup_failed}{1}{no}{yes}}
condition = ${if def:sender_helo_name {yes}{no}}
condition = ${if eq {${lc:$sender_helo_name}}{${lc:$sender_host_name}}{no}{yes}}
- log_message = HELO doesn't match rDNS
+ log_message = HELO doesn\'t match rDNS
set acl_c_scr = ${eval:$acl_c_scr+8}
# Regexes of doom
set acl_c_scr = ${eval:$acl_c_scr+7}
# Random HELO (run of 7 consonants) (constructed by viruses). We purposefully
- # skip matching on machines named .*smtp.*, since that's 4 already. This is a fairly
- # naive test, so it's not worth much
+ # skip matching on machines named .*smtp.*, since that\'s 4 already. This is a fairly
+ # naive test, so it\'s not worth much
warn condition = ${if match {${lc:$sender_helo_name}}{smtp}{no}{yes}}
condition = ${if match {${lc:$sender_helo_name}}{\N^[a-z0-9]+\.[a-z]+$\N}}
condition = ${if match {${lc:$sender_helo_name}}{\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}}
log_message = random HELO
set acl_c_scr = ${eval:$acl_c_scr+5}
+'
+else
+ out = '
+ drop !hosts = +debianhosts
+ log_message = mail from non-d.o host
+ message = Interesting. I doubt that should have happened.
+'
+end
+out
+%>
# Implicit, but simpler to just say it
accept
accept domains = +local_domains
hosts = +debianhosts
endpass
- message = unknown user
verify = recipient
<%=
out = '
accept domains = +mailhubdomains
endpass
- message = unknown user
verify = recipient/callout=30s,defer_ok,use_sender,no_cache
'
end
accept domains = +submission_domains
endpass
- message = unknown user
verify = recipient
deny message = relay not permitted
out
%>
+ warn acl = acl_getprofile
+ condition = ${if eq{$acl_m_prf}{}}
+ set acl_m_prf = $acl_m_rprf
+
+ defer condition = ${if eq{$acl_m_prf}{$acl_m_rprf}{no}{yes}}
+ log_message = Only one profile at a time, please
+
# Defer after too many bad RCPT TO's. Legit MTAs will retry later.
# This is a rough pass at preventing addres harvesting or other mail blasts.
defer log_message = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
message = Too many bad recipients, try again later
!hosts = +debianhosts
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
# Dump spambots that are so stupid they say helo as our IP address
drop !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
condition = ${if eq {$sender_helo_name}{$interface_address}{yes}{no}}
message = HELO mismatch Forged HELO for ($sender_helo_name)
# Also for spambots that say helo as us or one of our domains
drop !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
condition = ${if match_domain{$sender_helo_name}{$primary_hostname:+handled_domains}}
condition = ${if !match{$sender_host_name}{${rxquote:$sender_helo_name}\N$\N}}
message = HELO mismatch Forged HELO for ($sender_helo_name)
# say helo as a name in the list but we can't look them up
defer !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
condition = ${if eq{$acl_m_frg}{}{no}{yes}}
condition = ${if eq{$sender_host_name}{}{yes}{no}}
condition = ${if eq{$host_lookup_failed}{1}{no}{yes}}
# If DNS works, go ahead and reject them
drop !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
condition = ${if and { {!eq{$acl_m_frg}{}}{!match{$sender_host_name}{${rxquote:$acl_m_frg}\N$\N}}}{yes}{no}}
message = HELO mismatch Forged HELO for ($sender_helo_name)
condition = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}}
message = no mail should ever come from <$sender_address>
- warn acl = acl_getprofile
- condition = ${if eq{$acl_m_prf}{}}
- set acl_m_prf = $acl_m_rprf
-
- defer condition = ${if eq{$acl_m_prf}{$acl_m_rprf}{no}{yes}}
- log_message = Only one profile at a time, please
-
warn condition = ${if eq{$acl_m_prf}{localonly}}
set acl_m_lrc = ${if eq{$acl_m_lrc}{}{$local_part@$domain}{$acl_m_lrc, $local_part@$domain}}
end
out
%>
-
+<%=
+out=''
+if nodeinfo['packagesmaster']
+ out='
+ warn condition = ${if eq {$acl_m_prf}{PackagesMail}}
+ condition = ${if eq {$sender_address}{$local_part@$domain}}
+ message = X-Packages-FromTo-Same: yes
+'
+end
+out
+%>
deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
!verify = sender
defer !hosts = +debianhosts
- condition = ${if >{${eval:$acl_c_scr}}{0}}
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if >{${eval:$acl_c_scr+0}}{0}}
ratelimit = 10 / 60m / per_rcpt / $sender_host_address
message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists)
<%=
# closure, but I\'m fairly sure it\'s now worth it, since the backport of
# policyd-weight is trivial.
warn !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
set acl_m_pw = ${readsocket{inet:127.0.0.1:12525}\
{request=smtpd_access_policy\n\
protocol_state=RCPT\n\
# Defer on socket error
defer !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
condition = ${if eq{$acl_m_pw}{socket failure}{yes}{no}}
message = Cannot connect to policyd-weight. Please try again later.
# Set proposed action to $acl_m_act and message to $acl_m_mes
warn !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
set acl_m_mes = ${extract{action}{$acl_m_pw}}
set acl_m_act = ${sg{$acl_m_pw}{\Naction=[^ ]+ (.*)\n\n\N}{\$1}}
# Add X-policyd-weight header line to message
warn !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
message = $acl_m_mes
condition = ${if eq{$acl_m_act}{PREPEND}{yes}{no}}
# Write log message, if policyd-weight can\'t run checks
warn !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
log_message = policyd-weight message: $acl_m_mes
condition = ${if eq{$acl_m_act}{DUNNO}{yes}{no}}
# Deny mails which policyd-weight thinks are spam
deny !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
message = policyd-weight said: $acl_m_mes
condition = ${if eq{$acl_m_act}{550}{yes}{no}}
# Defer messages when policyd-weight suggests so.
defer !hosts = +debianhosts
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
message = policyd-weight said: $acl_m_mes
condition = ${if eq{$acl_m_act}{450}{yes}{no}}
'
{/etc/greylistd/whitelist-hosts}{}} : \
${if exists {/var/lib/greylistd/whitelist-hosts}\
{/var/lib/greylistd/whitelist-hosts}{}}
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
!authenticated = *
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
condition = ${readsocket{/var/run/greylistd/socket}\
{--grey \
$sender_host_address \
warn
!senders = :
!hosts = : +debianhosts : WHITELIST
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
condition = ${if def:acl_m_grey {no}{yes}}
set acl_m_grey = $pid.$tod_epoch.$sender_host_port
defer
!senders = :
!hosts = : +debianhosts : WHITELIST
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
!authenticated = *
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
local_parts = GREYLIST_LOCAL_PARTS
set acl_m_pgr = request=smtpd_access_policy\n\
protocol_state=RCPT\n\
warn
!senders = :
!hosts = : +debianhosts : WHITELIST
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
!authenticated = *
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
local_parts = GREYLIST_LOCAL_PARTS
condition = ${if eq{${uc:${substr_0_7:$acl_m_pgr}}}{PREPEND}}
message = ${sg{$acl_m_pgr}{^\\\\w+\\\\s*}{}}
out
%>
- accept local_parts = postmaster
- domains = +handled_domains : +rcpthosts
+ accept local_parts = +postmasterish
+ domains = +handled_domains
+
+ deny hosts = ${if exists{/etc/exim4/host_blacklist}{/etc/exim4/host_blacklist}{}}
+ message = I'm terribly sorry, but it seems you have been blacklisted
+ log_message = blacklisted IP
deny log_message = <$sender_address> is blacklisted
senders = ${if exists{/etc/exim4/blacklist}{/etc/exim4/blacklist}{}}
message = We have blacklisted <$sender_address>. Please stop mailing us
+<%=
+out = ""
+if nodeinfo['smarthost'].empty?
+ out = '
deny message = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text
dnslists = ${if match_domain{$domain}{+virtual_domains}\
{${if exists {${extract{directory}{VDOMAINDATA}{${value}/rbllist}}}\
{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/rbllist}}}{$value}{}}}{}}}\
{${lookup{$local_part}lsearch{/etc/exim4/rbllist}{$value}{}} : \
${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-rbl}{$value}{}}}}
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
!hosts = +debianhosts : WHITELIST
+'
+end
+out
+%>
deny message = domain $sender_address_domain is listed in $dnslist_domain; see $dnslist_text
dnslists = ${if match_domain{$domain}{+virtual_domains}\
{${expand:${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/rhsbllist}}}{$value}{}}}}{}}}\
{${expand:${lookup{$local_part}lsearch{/etc/exim4/rhsbllist}{$value}{}}} : \
${expand:${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-rhsbl}{$value}{}}}}}
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
!hosts = +debianhosts : WHITELIST
- deny domains = +handled_domains : +rcpthosts
+<%=
+out = ""
+if nodeinfo['smarthost'].empty?
+ out = '
+ deny domains = +handled_domains
local_parts = ${if match_domain{$domain}{+virtual_domains}\
{${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\
{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}{$local_part}{}}}{}}}\
{${lookup{$local_part}lsearch{/etc/exim4/callout_users}{$local_part}{}} : \
${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-callout}{$local_part}{}}}}
!hosts = +debianhosts : WHITELIST
- !verify = sender/callout
+ !verify = sender/callout=90s,maxwait=300s
+'
+end
+out
+%>
<%=
out = ""
out = '
accept domains = +mailhubdomains
endpass
- message = unknown user
verify = recipient/callout=30s,defer_ok,use_sender,no_cache
'
end
%>
accept domains = +handled_domains
endpass
- message = unknown user
verify = recipient/defer_ok
- accept domains = +rcpthosts
- endpass
- message = unrouteable address
- verify = recipient
-
accept hosts = +debianhosts
accept authenticated = *
out='
acl_check_mime:
+ discard condition = ${if <{$message_size}{256000}}
+ condition = ${if eq {$acl_m_prf}{blackhole}}
+ set acl_m_srb = ${perl{surblspamcheck}}
+ condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ log_message = discarded surbl message for $recipients
+
deny condition = ${if <{$message_size}{256000}}
+ condition = ${if eq {$acl_m_prf}{markup}{no}{yes}}
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
set acl_m_srb = ${perl{surblspamcheck}}
condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
log_message = $acl_m_srb
message = $acl_m_srb
+ warn condition = ${if <{$message_size}{256000}}
+ condition = ${if eq {$acl_m_prf}{markup}}
+ set acl_m_srb = ${perl{surblspamcheck}}
+ condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ message = X-Surbl-Hit: $primary_hostname: $acl_m_srb
+
accept
'
end
%>
acl_check_predata:
- deny condition = ${if eq{$acl_m_lcl}{localonly}}
+ deny condition = ${if eq{$acl_m_prf}{localonly}}
message = mail for $acl_m_lrc is only accepted internally
accept
#!!# ACL that is used after the DATA command
check_message:
- require verify = header_syntax
- message = Invalid syntax in the header
-
<%=
out=''
if nodeinfo['rtmaster']
end
out
%>
- deny condition = ${if match {$message_body}{\Nhttp:\/\/[a-z\.-]+\/video1?.exe\N}}
- message = Blackisted URI found in body
-
deny condition = ${if eq {$acl_m_prf}{DBSignedMail}}
condition = ${if and {{!match {$message_body}{PGP MESSAGE}} \
{!match {$message_body}{PGP SIGNED MESSAGE}} \
}
message = Mail to this address needs to be PGP-signed
+ accept verify = certificate
+
+ deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ !verify = header_syntax
+ message = Invalid syntax in the header
+
# RFC 822 and 2822 say that headers must be ASCII. This kinda emulates
# postfix's strict_7bit_headers option, but only checks a few common problem
# headers, as there doesn't appear to be an easy way to check them all.
{match {$rh_To:}{[\200-\377]}}\
{match {$rh_From:}{[\200-\377]}}\
{match {$rh_Cc:}{[\200-\377]}}}{true}{false}}
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
message = improper use of 8-bit data in message header: message rejected
deny
condition = ${if match {$rh_Subject:}{[^[:print:]]\{8\}}{true}{false}}
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
message = Your mailer is not RFC 2047 compliant: message rejected
<%=
out = ""
if has_variable?("clamd") && clamd == "true"
out = '
- deny
+ discard condition = ${if eq {$acl_m_prf}{blackhole}}
+ demime = *
+ malware = */defer_ok
+ log_message = discarded malware message for $recipients
+
+ deny condition = ${if eq {$acl_m_prf}{markup}{no}{yes}}
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
demime = *
malware = */defer_ok
message = malware detected: $malware_name: message rejected
+
+ warn condition = ${if eq {$acl_m_prf}{markup}}
+ demime = *
+ malware = */defer_ok
+ message = X-malware detected: $malware_name
'
end
out
out=''
if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
out='
+ discard condition = ${if <{$message_size}{256000}}
+ condition = ${if eq {$acl_m_prf}{blackhole}}
+ set acl_m_srb = ${perl{surblspamcheck}}
+ condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ log_message = discarded surbl message for $recipients
+
deny condition = ${if <{$message_size}{256000}}
+ condition = ${if eq {$acl_m_prf}{markup}{no}{yes}}
+ condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
set acl_m_srb = ${perl{surblspamcheck}}
condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
log_message = $acl_m_srb
message = $acl_m_srb
+
+ warn condition = ${if <{$message_size}{256000}}
+ condition = ${if eq {$acl_m_prf}{markup}}
+ set acl_m_srb = ${perl{surblspamcheck}}
+ condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ message = X-Surbl-Hit: $primary_hostname: $acl_m_srb
+
'
end
out
!verify = header_sender
message = No valid sender found in the From:, Sender: and Reply-to: headers
+<%=
+out = ""
+if nodeinfo['packagesmaster']
+ out = '
+ deny message = Congratulations, you scored $spam_score points.
+ log_message = spam: $spam_score points.
+ condition = ${if eq {$acl_m_prf}{PackagesMail}}
+ !authenticated = *
+ !verify = certificate
+ !hosts = +debianhosts
+ condition = ${if <{$message_size}{256000}}
+ spam = pkg_user : true
+ condition = ${if >{$spam_score_int}{59}}
+'
+end
+out
+%>
accept
bsmtp:
debug_print = "R: bsmtp for $local_part@$domain"
driver = manualroute
- domains = !+local_domains
+ domains = +bsmtp_domains
require_files = /etc/exim4/bsmtp
route_list = * ${extract{file}{\
${lookup{$domain}partial-lsearch{/etc/exim4/bsmtp}\
driver = manualroute
domains = !+handled_domains
transport = remote_smtp_smarthost
- route_list = * ' + nodeinfo['smarthost'] + '
+ route_list = * ' + nodeinfo['smarthost']
+ if nodeinfo['smarthost'] == 'mailout.debian.org'
+ out += '/MX'
+ end
+ out += '
host_find_failed = defer
same_domain_copy_routing = yes
no_more
ignore_target_hosts = +reservedaddrs
no_more
+postmasterish:
+ debug_print = "R: postmasterish for $local_part@$domain"
+ driver = redirect
+ verify = false
+ unseen = true
+ expn = true
+ local_parts = +postmasterish
+ domains = +handled_domains
+ data = debian-admin@debian.org
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+
# This router handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
<%=
out = ""
-if nodeinfo['bugsmaster']
+if nodeinfo['bugsmaster'] or nodeinfo['bugsmx']
+ domain = 'bugs.debian.org'
+ if nodeinfo['bugsmaster']
+ domain = 'bugs-master.debian.org'
+ end
out = '
# This router delivers for bugs.d.o
bugs:
debug_print = "R: bugs for $local_part@$domain"
driver = accept
transport = bugs_pipe
- domains = bugs.debian.org
+ domains = ' + domain + '
cannot_route_message = Unknown or archived bug
require_files = /org/bugs.debian.org/mail/run-procmail
no_more
out
%>
-virt_alias_verify:
- debug_print = "R: virt_aliases for $local_part@$domain"
- driver = redirect
- data = ${if exists{\
- ${extract{directory}{VDOMAINDATA}{${value}/aliases}}}\
- {${lookup{$local_part}lsearch*{\
- ${extract{directory}{VDOMAINDATA}{$value/aliases}}\
- }}}}
- directory_transport = address_directory
- cannot_route_message = Unknown user
- domains = +virtual_domains
- file_transport = address_file
- pipe_transport = address_pipe
- qualify_preserve_domain
- retry_use_local_part
- transport_current_directory = ${extract{directory}{VDOMAINDATA}}
- transport_home_directory = ${extract{directory}{VDOMAINDATA}}
- verify_only
-
virt_direct_verify:
debug_print = "R: virt_direct for $local_part@$domain"
driver = redirect
retry_use_local_part
transport_current_directory = ${extract{directory}{VDOMAINDATA}}
transport_home_directory = ${extract{directory}{VDOMAINDATA}}
- no_verify
user = ${extract{user}{VDOMAINDATA}}
# This is a qmailesque deliver into a directory of .forward files
<%=
out = ""
-if nodeinfo['bugsmaster']
+if nodeinfo['bugsmaster'] or nodeinfo['bugsmx']
out = '
bugs_pipe:
driver = pipe
begin retry
debian.org * F,2h,10m; G,16h,2h,1.5; F,14d,8h
-* * senders=: F,2h,10m
* rcpt_4xx F,2h,5m; F,4h,10m; F,4d,15m
* * F,2h,15m; G,16h,2h,1.5; F,4d,8h
projects / mirror / dsa-puppet.git / blobdiff