Add a header if mail comes to packages.d.o with envelope to and from the

[mirror/dsa-puppet.git] / modules / exim / templates / eximconf.erb
diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb

index 276b081..70ac448 100644 (file)
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -281,12 +281,79 @@ RT_QUEUE_MAP = /srv/rt.debian.org/mail/rt_queue_map
  ######################################################################
  begin acl
  
-acl_localonly:
-  accept  local_parts   = +local_only_users
-          domains       = +local_domains
-          hosts         = !+debianhosts
+acl_getprofile:
+  # This is a bad hack to reset the variable, by defining it be something
+  # never referenced.
  
-  deny
+  warn    set acl_m_rprf = $acl_m_undefined
+
+  warn    recipients     = survey@popcon.debian.org
+          set acl_m_rprf = PopconMail
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+  warn    local_parts    = +local_only_users
+          domains        = +local_domains
+          hosts          = !+debianhosts
+          set acl_m_rprf = localonly
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+<%=
+out=''
+if nodeinfo['rtmaster']
+  out='
+  warn    domains        = rt.debian.org
+          set acl_m_rprf = RTMail
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+'
+end
+out
+%>
+<%=
+out = ""
+if nodeinfo['packagesmaster']
+  out = '
+  warn    domains        = packages.debian.org
+          set acl_m_rprf = PackagesMail
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+'
+end
+out
+%>
+<%=
+if nodeinfo['packagesqamaster']
+  out='
+  warn    recipients     = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org
+          set acl_m_rprf = PTSOwner
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+  warn    senders        = :
+          domains        = packages.qa.debian.org
+          condition      = ${if match{$local_part}{\N^bounces+\N}}
+          set acl_m_rprf = PTSListBounce
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+  warn    domains        = packages.qa.debian.org
+          set acl_m_rprf = PTSMail
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+'
+end
+out
+%>
+  warn    recipients     = change@db.debian.org : changes@db.debian.org : chpasswd@db.debian.org : ping@db.debian.org : recommend@nm.debian.org
+          set acl_m_rprf = DBSignedMail
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+  warn    set acl_m_rprf = normal
+
+  accept
  
  check_helo:
  
@@ -521,22 +588,15 @@ out
            condition     = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}}
           message       = no mail should ever come from <$sender_address>
  
-  warn    condition     = ${if eq{$acl_m_lcl}{}}
-          acl           = acl_localonly
-          set acl_m_lcl = localonly
-          set acl_m_lrc = ${if eq{$acl_m_lrc}{}{$local_part@$domain}{$acl_m_lrc, $local_part@$domain}}
-
-  warn    condition     = ${if eq{$acl_m_lcl}{}}
-          !acl          = acl_localonly
-          set acl_m_lcl = normal
+  warn    acl           = acl_getprofile
+          condition     = ${if eq{$acl_m_prf}{}}
+          set acl_m_prf = $acl_m_rprf
  
-  defer   condition     = ${if eq{$acl_m_lcl}{localonly}}
-          !acl          = acl_localonly
+  defer   condition     = ${if eq{$acl_m_prf}{$acl_m_rprf}{no}{yes}}
            log_message   = Only one profile at a time, please
  
-  defer   condition     = ${if eq{$acl_m_lcl}{normal}}
-          acl           = acl_localonly
-          log_message   = Only one profile at a time, please
+  warn    condition     = ${if eq{$acl_m_prf}{localonly}}
+          set acl_m_lrc = ${if eq{$acl_m_lrc}{}{$local_part@$domain}{$acl_m_lrc, $local_part@$domain}}
  
  <%=
  out=''
@@ -549,9 +609,19 @@ out='
  end
  out
  %>
-
-  deny    !recipients = survey@popcon.debian.org
-          !verify = sender
+<%=
+out=''
+if nodeinfo['packagesqamaster']
+  out='
+  warn    condition      = ${if eq {$acl_m_prf}{PackagesMail}}
+          condition      = ${if eq {$sender_address}{$local_part@$domain}}
+          message        = X-Packages-FromTo-Same: yes
+'
+end
+out
+%>
+  deny    condition      = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+          !verify        = sender
  
    defer   !hosts         = +debianhosts
            condition      = ${if >{${eval:$acl_c_scr}}{0}}
@@ -618,41 +688,16 @@ out = '
  end
  out
  %>
-  warn    recipients = survey@popcon.debian.org
-          set acl_m1 = PopconMail
-
  <%=
  out=''
  if nodeinfo['rtmaster']
    out='
-  warn    domains  = rt.debian.org
-          set acl_m1 = RTMail
-          set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}} {RTMailRecipientHasSubaddress}}}}
+  warn    condition     = ${if eq{$acl_m_prf}{RTMail}}
+          set acl_m12   = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}} {RTMailRecipientHasSubaddress}}}}
  '
  end
  out
  %>
-<%=
-out=''
-if nodeinfo['packagesqamaster']
-  out='
-  warn    domains  = packages.qa.debian.org
-          set acl_m1 = PTSMail
-
-  warn    recipients = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org
-          set acl_m1 = PTSOwner
-
-  warn    senders  = :
-          domains  = packages.qa.debian.org
-          condition = ${if match{$local_part}{\N^bounces+\N}}
-          set acl_m1 = PTSListBounce
-'
-end
-out
-%>
-  warn    recipients = change@db.debian.org : changes@db.debian.org : chpasswd@db.debian.org : ping@db.debian.org : recommend@nm.debian.org
-          set acl_m1 = DBSignedMail
-
  <%=
  out = ""
  if has_variable?("greylistd") && greylistd == "true"
@@ -824,7 +869,7 @@ check_message:
  out=''
  if nodeinfo['rtmaster']
    out='
-  deny    condition = ${if eq {$acl_m1}{RTMail}}
+  deny    condition = ${if eq {$acl_m_prf}{RTMail}}
            condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \
                                 {!match {${lc:$rh_Subject:]}} {\N\[rt.debian.org \N}} \
                                 {!match {$acl_m12}{RTMailRecipientHasSubaddress}}}}
@@ -838,7 +883,7 @@ out=''
  if nodeinfo['packagesqamaster']
    out='
    deny    !hosts  = +debianhosts : 217.196.43.134
-          condition = ${if eq {$acl_m1}{PTSMail}}
+          condition = ${if eq {$acl_m_prf}{PTSMail}}
            condition = ${if def:h_X-PTS-Approved:{false}{true}}
            message   = messages to the PTS require an X-PTS-Approved header
  '
@@ -848,7 +893,7 @@ out
    deny    condition      = ${if match {$message_body}{\Nhttp:\/\/[a-z\.-]+\/video1?.exe\N}}
            message        = Blackisted URI found in body
  
-  deny    condition      = ${if eq {$acl_m1}{DBSignedMail}}
+  deny    condition      = ${if eq {$acl_m_prf}{DBSignedMail}}
            condition      = ${if and {{!match {$message_body}{PGP MESSAGE}}              \
                                       {!match {$message_body}{PGP SIGNED MESSAGE}}       \
                                       {!match {$message_body}{PGP SIGNATURE}}            \
@@ -898,10 +943,27 @@ end
  out
  %>
    # Check header_sender except for survey@popcon.d.o
-  deny    condition = ${if eq{$acl_m1}{PopconMail}{false}{true}}
-          !verify = header_sender
-          message = No valid sender found in the From:, Sender: and Reply-to: headers
+  deny    condition    = ${if eq{$acl_m_prf}{PopconMail}{false}{true}}
+          !verify      = header_sender
+          message      = No valid sender found in the From:, Sender: and Reply-to: headers
  
+<%=
+out = ""
+if nodeinfo['packagesmaster']
+  out = '
+  deny  message        = Congratulations, you scored $spam_score points.
+        log_message    = spam: $spam_score points.
+        condition      = ${if eq {$acl_m_prf}{PackagesMail}}
+        !authenticated = *
+        !verify        = certificate
+        !hosts         = +debianhosts
+        condition      = ${if <{$message_size}{256000}}
+        spam           = pkg_user : true
+        condition      = ${if >{$spam_score_int}{59}}
+'
+end
+out
+%>
    accept