X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=inline;f=modules%2Fexim%2Ffiles%2Fcommon%2Fexim4.conf;h=90d29ed03ef6e63208ef9b0d74e3be58d4b56d68;hb=bbd65692ac82ca6ee5dfc5a32a66eec3a83bef44;hp=c28545a5ab36d7d9bc9db5958857fb169d6c87b5;hpb=54bd656455fc085756cf86a3d2b3ccb1b3924582;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/files/common/exim4.conf b/modules/exim/files/common/exim4.conf
index c28545a5a..90d29ed03 100644
--- a/modules/exim/files/common/exim4.conf
+++ b/modules/exim/files/common/exim4.conf
@@ -200,6 +200,9 @@ av_scanner = CLAMAV
 .ifdef HAVE_USER_DEBBUGS MAIL_RELAY STUPID_FIREWALL
 daemon_smtp_ports = 25 : 587
 .endif
+.ifdef EVEN_MORE_STUPID_FIREWALL
+daemon_smtp_ports = 25 : 2025
+.endif
 
 admin_groups = adm
 remote_sort_domains = *.debian.org:*.debian.net
@@ -316,6 +319,9 @@ check_helo:
 #!!# ACL that is used after the RCPT command on the submission port
 check_submission:
 
+  # Accept if the source is local SMTP (i.e. not over TCP/IP).
+  # We do this by testing for an empty sending host field.
+  accept  hosts = : 127.0.0.1
   # Defer after too many bad RCPT TO's.  Legit MTAs will retry later.
   # This is a rough pass at preventing addres harvesting or other mail blasts.
 
@@ -329,8 +335,20 @@ check_submission:
 
   defer
           ratelimit      = 5 / 60m / per_rcpt / $sender_host_address
+          !hosts         = +debianhosts
           message        = sorry, only 5 reports per hour for submission
 
+  accept  domains  = +local_domains
+          hosts    = +debianhosts
+          endpass
+	  message  = unknown user
+	  verify   = recipient
+
+  accept  domains  = +mailhubdomains
+          endpass
+	  message  = unknown user
+	  verify   = recipient/callout=30s,defer_ok,use_sender,no_cache
+
   accept  domains  = +submission_domains
           endpass
 	  message  = unknown user
@@ -502,7 +520,7 @@ check_recipient:
 
   warn    domains  = rt.debian.org
           set acl_m1 = RTMail
-          set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if match{$local_part}{[^+]+\\+\\d+} {RTMailRecipientHasSubaddress}}}}
+          set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{[^+]+\\+\\d+}}{match{$local_part}{[^+]+\\+new}}} {RTMailRecipientHasSubaddress}}}}
 
   warn    domains  = packages.qa.debian.org
           set acl_m1 = PTSMail
@@ -625,7 +643,7 @@ check_recipient:
   accept  domains  = +mailhubdomains
           endpass
 	  message  = unknown user
-	  verify   = recipient/callout,defer_ok
+	  verify   = recipient/callout=30s,defer_ok,use_sender,no_cache
 
   accept  domains  = +handled_domains
           endpass
@@ -975,7 +993,18 @@ bugs:
 .endif
 
 # This router delivers for rt.d.o
-rt:
+rt-force-new:
+  debug_print = "R: rt for $local_part+new@$domain"
+  driver = redirect
+  domains = rt.debian.org
+  require_files = /usr/bin/rt-mailgate : RT_QUEUE_MAP
+  local_parts = ${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}}
+  local_part_suffix = +new
+  pipe_transport = rt_pipe
+  data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
+  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+
+rt-otherwise:
   debug_print = "R: rt for $local_part@$domain"
   driver = redirect
   domains = rt.debian.org
@@ -1174,8 +1203,8 @@ remote_smtp:
 remote_smtp_smarthost:
   debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
   driver = smtp
-.ifdef SMARTHOST_PORT
-  port = SMARTHOST_PORT
+.ifdef SMARTHST_PORT
+  port = SMARTHST_PORT
 .endif
 .ifdef USE_TLS
   tls_tempfail_tryclear = false