eximconf: ensure all recipients have the same default options setting

[mirror/dsa-puppet.git] / modules / exim / templates / eximconf.erb

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 16516ac..e7a73de 100644 (file)
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -307,7 +307,14 @@ GREYLIST_LOCAL_PARTS = ${if match_domain{$domain}{+virtual_domains}\
                        {${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/grey_users}}}{$local_part}{}}}{}}}\
                        {${lookup{$local_part}lsearch{/etc/exim4/grey_users}{$local_part}{}}}} : \
                        ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-greylist}{$local_part}{}}
-HAS_DEFAULT_OPTIONS  = ${if eq{${lookup{$local_part}dbmnz{/var/lib/misc/$primary_hostname/default-mail-options.db}{$value}{TRUE}}}{TRUE}}
+# Users from LDAP can decide whether to subscribe to default filtering.
+# If a user has not explicitly disabled the option, the assumption is in
+# favour of filtering.
+HAS_DEFAULT_OPTIONS = ${if and {\
+                       {eq{${lookup{$local_part}dbmnz{/var/lib/misc/$primary_hostname/default-mail-options.db}{$value}{TRUE}}}{TRUE}}\
+                       {exists{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.db}}}}\
+                       {! eq {${lookup{$local_part}dbmnz{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.db}}}}}{}}\
+                       }}
 <%- if @is_rtmaster -%>
 # This subject rewrite is embedded in double-quoted strings. As such, some of
 # the items need more escaping than usual, otherwise \N becomes simply "N" and
@@ -602,6 +609,15 @@ check_recipient:
           message       = Different profile, please retry
           log_message   = Only one profile at a time, please
 
+  warn    set acl_m_rdefopt = ${if bool_lax{HAS_DEFAULT_OPTIONS}}
+
+  warn    condition        = ${if eq{$acl_m_defopt}{}}
+          set acl_m_defopt = $acl_m_rdefopt
+
+  defer   condition     = ${if !eq{$acl_m_defopt}{$acl_m_rdefopt}}
+          message       = Different profile, please retry
+          log_message   = Only one default options profile at a time, please
+
   # Set a flag to indicate whether the current recipient
   # has explicitly requested greylisting
   warn    set acl_m_grey_recip = 0
@@ -1484,7 +1500,11 @@ virt_direct_verify:
   modemask = 002
   directory_transport = address_directory
   domains = +virtual_domains
+<%- if @is_trackermaster -%>
+  local_part_suffix = +*
+<%- else -%>
   local_part_suffix = -*
+<%- end -%>
   local_part_suffix_optional
   file = $home/.forward-\
               ${if exists {${home}/.forward-${local_part}}{${local_part}}\
@@ -1514,7 +1534,11 @@ virt_direct:
   group = ${extract{group}{VDOMAINDATA}}
   headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
   modemask = 002
+<%- if @is_trackermaster -%>
+  local_part_suffix = +*
+<%- else -%>
   local_part_suffix = -*
+<%- end -%>
   local_part_suffix_optional
   pipe_transport = address_pipe
   reply_transport = address_reply