Make markup work for exim content inspection

[mirror/dsa-puppet.git] / modules / exim / templates / eximconf.erb

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index f867c3d..cf918be 100644 (file)
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -367,6 +367,16 @@ out
 
   accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
 
+  warn    condition      = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}fail}}{markup}}
+          set acl_m_rprf = markup
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+  warn    condition      = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}fail}}{blackhole}}
+          set acl_m_rprf = blackhole
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
   warn    set acl_m_rprf = normal
 
   accept
@@ -640,7 +650,7 @@ out
           !verify        = sender
 
   defer   !hosts         = +debianhosts
-          condition      = ${if >{${eval:$acl_c_scr}}{0}}
+          condition      = ${if >{${eval:$acl_c_scr+0}}{0}}
           ratelimit      = 10 / 60m / per_rcpt / $sender_host_address
           message        = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists)
 <%=
@@ -857,6 +867,14 @@ if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
 out='
 acl_check_mime:
 
+  warn   condition     = ${if <{$message_size}{256000}}
+         condition     = ${if eq {$acl_m_prf}{markup}}
+         set acl_m_srb = ${perl{surblspamcheck}}
+         condition     = ${if eq{$acl_m_srb}{false}{no}{yes}}
+         message       = X-Surbl-Hit: $acl_m_srb
+
+  accept condition     = ${if eq {$acl_m_prf}{markup}}
+
   deny   condition     = ${if <{$message_size}{256000}}
          set acl_m_srb = ${perl{surblspamcheck}}
          condition     = ${if eq{$acl_m_srb}{false}{no}{yes}}
@@ -906,9 +924,6 @@ if nodeinfo['packagesqamaster']
 end
 out
 %>
-  deny    condition      = ${if match {$message_body}{\Nhttp:\/\/[a-z\.-]+\/video1?.exe\N}}
-          message        = Blackisted URI found in body
-
   deny    condition      = ${if eq {$acl_m_prf}{DBSignedMail}}
           condition      = ${if and {{!match {$message_body}{PGP MESSAGE}}              \
                                      {!match {$message_body}{PGP SIGNED MESSAGE}}       \
@@ -937,10 +952,16 @@ out
 out = ""
 if has_variable?("clamd") && clamd == "true"
 out = '
-  deny    
+  # FIXME: make blackhole work
+  deny    condition       = ${if eq {$acl_m_prf}{markup}{no}{yes}}
          demime          = *
           malware         = */defer_ok
           message         = malware detected: $malware_name: message rejected
+
+  warn    condition       = ${if eq {$acl_m_prf}{markup}}
+         demime          = *
+          malware         = */defer_ok
+          message         = X-malware detected: $malware_name
 '
 end
 out
@@ -949,6 +970,14 @@ out
 out=''
 if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
 out='
+  warn   condition     = ${if <{$message_size}{256000}}
+         condition     = ${if eq {$acl_m_prf}{markup}}
+         set acl_m_srb = ${perl{surblspamcheck}}
+         condition     = ${if eq{$acl_m_srb}{false}{no}{yes}}
+         message       = X-Surbl-Hit: $acl_m_srb
+
+  accept condition     = ${if eq {$acl_m_prf}{markup}}
+
   deny   condition     = ${if <{$message_size}{256000}}
          set acl_m_srb = ${perl{surblspamcheck}}
          condition     = ${if eq{$acl_m_srb}{false}{no}{yes}}