# Other domain and host lists may follow.
# @ is the local FQDN, @[] matches the IP adress of any local interface.
-.include_if_exists /etc/exim4/local-settings.conf
-
domainlist local_domains = @ : \
@[] : \
localhost : \
out
%>
+<%=
+if nodeinfo['smarthost'].empty?
+ out = '
# These are in HELO acl so that they are only run once. They increment a counter,
- # so we don't want it to increment per rcpt to.
+ # so we don\'t want it to increment per rcpt to.
warn dnslists = list.dnswl.org&0.0.0.3
log_message = Hit on list.dnswl.org for $sender_host_address
dnslists = dul.dnsbl.sorbs.net
set acl_c_scr = ${eval:$acl_c_scr+15}
- # If the sender's helo name is empty, the message will be rejected later
+ # If the sender\'s helo name is empty, the message will be rejected later
# because the helo is empty. If the rDNS lookup failed, we are already
# going to greylist them, so no sense worrying about it here. Finally,
# if rDNS does not match helo name (both lower cased first), greylist.
condition = ${if eq {$host_lookup_failed}{1}{no}{yes}}
condition = ${if def:sender_helo_name {yes}{no}}
condition = ${if eq {${lc:$sender_helo_name}}{${lc:$sender_host_name}}{no}{yes}}
- log_message = HELO doesn't match rDNS
+ log_message = HELO doesn\'t match rDNS
set acl_c_scr = ${eval:$acl_c_scr+8}
# Regexes of doom
set acl_c_scr = ${eval:$acl_c_scr+7}
# Random HELO (run of 7 consonants) (constructed by viruses). We purposefully
- # skip matching on machines named .*smtp.*, since that's 4 already. This is a fairly
- # naive test, so it's not worth much
+ # skip matching on machines named .*smtp.*, since that\'s 4 already. This is a fairly
+ # naive test, so it\'s not worth much
warn condition = ${if match {${lc:$sender_helo_name}}{smtp}{no}{yes}}
condition = ${if match {${lc:$sender_helo_name}}{\N^[a-z0-9]+\.[a-z]+$\N}}
condition = ${if match {${lc:$sender_helo_name}}{\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}}
log_message = random HELO
set acl_c_scr = ${eval:$acl_c_scr+5}
+'
+else
+ out = '
+ defer !hosts = +debianhosts
+'
+end
+out
+%>
# Implicit, but simpler to just say it
accept
senders = ${if exists{/etc/exim4/blacklist}{/etc/exim4/blacklist}{}}
message = We have blacklisted <$sender_address>. Please stop mailing us
+<%=
+out = ""
+if nodeinfo['smarthost'].empty?
+ out = '
deny message = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text
dnslists = ${if match_domain{$domain}{+virtual_domains}\
{${if exists {${extract{directory}{VDOMAINDATA}{${value}/rbllist}}}\
${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-rbl}{$value}{}}}}
domains = +handled_domains : +rcpthosts
!hosts = +debianhosts : WHITELIST
+'
+end
+out
+%>
deny message = domain $sender_address_domain is listed in $dnslist_domain; see $dnslist_text
dnslists = ${if match_domain{$domain}{+virtual_domains}\
domains = +handled_domains : +rcpthosts
!hosts = +debianhosts : WHITELIST
+<%=
+out = ""
+if nodeinfo['smarthost'].empty?
+ out = '
deny domains = +handled_domains : +rcpthosts
local_parts = ${if match_domain{$domain}{+virtual_domains}\
{${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\
{${lookup{$local_part}lsearch{/etc/exim4/callout_users}{$local_part}{}} : \
${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-callout}{$local_part}{}}}}
!hosts = +debianhosts : WHITELIST
- !verify = sender/callout
+ !verify = sender/callout=90s,maxwait=300s
+'
+end
+out
+%>
<%=
out = ""
accept verify = certificate
- require verify = header_syntax
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ !verify = header_syntax
message = Invalid syntax in the header
# RFC 822 and 2822 say that headers must be ASCII. This kinda emulates
driver = manualroute
domains = !+handled_domains
transport = remote_smtp_smarthost
- route_list = * ' + nodeinfo['smarthost'] + '
+ route_list = * ' + nodeinfo['smarthost']
+ if nodeinfo['smarthost'] == 'mailout.debian.org'
+ out += '/MX'
+ end
+ out += '
host_find_failed = defer
same_domain_copy_routing = yes
no_more
projects / mirror / dsa-puppet.git / blobdiff