X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=49ca251cac7f85c8dc7d82c3b9a63ec4bfb92758;hb=83b436d346ecd8fdd2fa77caa2c32466b584806d;hp=d8f265a3cc11e0f77d46f894c3b54bf238adb36e;hpb=9d97250ddb8bc8eee2d6b85dfcdd01ff2c4abb82;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index d8f265a3c..49ca251ca 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -32,6 +32,8 @@ # flushing' operations, but should be populated with a list # of trusted machines. Wildcards are not permitted # bsmtp_domains - Domains that we deliver locally via bsmtp +# submission-domains - Domains for which mail will be accepted via the +# submission port <%- if @is_mailrelay -%> # mailhubdomains - Domains for which we are the MX, but the mail is relayed # elsewhere. This is designed for use with small volume or @@ -41,6 +43,11 @@ # that list. <%- end -%> +# From /var/lib/misc / UD: +# +# mail-forward.cdb - aliases for @d.o +# user-forward.cdb - aliases for @thishost.d.o + # Exim's wildcard mechanism is a bit odd in that to say "any address in # debian.org including debian.org" you must use two patterns, # *.debian.org @@ -121,7 +128,7 @@ localpartlist local_only_users = lsearch;/etc/exim4/localusers localpartlist postmasterish = postmaster : abuse : hostmaster -hostlist debianhosts = <; ; 127.0.0.1 ; ::1 ; /var/lib/misc/thishost/debianhosts ; 89.16.166.49 ; 82.195.75.76 ; 2001:41b8:202:deb:bab5:0:52c3:4b4c +hostlist debianhosts = <; ; 127.0.0.1 ; ::1 ; /var/lib/misc/thishost/debianhosts hostlist reservedaddrs = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : 172.16.0.0/12 : 192.0.0.0/24 : 192.168.0.0/16 : 224.0.0.0/4 : 240.0.0.0/5 : 248.0.0.0/5 @@ -254,6 +261,7 @@ received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n # macro definitions. # Do not wrap! +MAX_SCAN_SIZE = 256000 VDOMAINDATA = ${lookup{$domain}partial-lsearch{/etc/exim4/virtualdomains}{$value}} VSENDERDOMAINDATA = ${lookup{$sender_address_domain}partial-lsearch{/etc/exim4/virtualdomains}{$value}} WHITELIST = ${if match_domain{$domain}{+virtual_domains}\ @@ -287,10 +295,11 @@ acl_spamlovers: deny acl_getprofile: - # This is a bad hack to reset the variable, by defining it be something - # never referenced. - warn set acl_m_rprf = $acl_m_undefined + # Determine the mail profile for this recipient. + # An empty string implies no match has been found. + + warn set acl_m_rprf = warn recipients = survey@popcon.debian.org set acl_m_rprf = PopconMail @@ -496,8 +505,6 @@ check_helo: #!!# ACL that is used after the RCPT command on the submission port check_submission: - # Accept if the source is local SMTP (i.e. not over TCP/IP). - # We do this by testing for an empty sending host field. accept hosts = +debianhosts <%- if @is_mailrelay -%> @@ -659,14 +666,7 @@ check_recipient: message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists) <%- if has_variable?("policydweight") && @policydweight -%> - # Check with policyd-weight - this only works with a version after etch's, - # sadly. etch's version attempts to hold the socket open, since that's what - # postfix expects. Exim, on the other hand, expects the remote side to close - # the socket when it's finished sending data, so it see each transaction as - # an incomplete read. I'm sure there's a way we could force Exim to do - # something sick and clever to force either the interpretation or the socket - # closure, but I'm fairly sure it's now worth it, since the backport of - # policyd-weight is trivial. + # Check with policyd-weight warn !hosts = +debianhosts condition = ${if !eq {$acl_m_prf}{PopconMail}} set acl_m_pw = ${readsocket{inet:127.0.0.1:12525}\ @@ -870,13 +870,13 @@ acl_check_mime: accept verify = certificate accept hosts = +debianhosts - discard condition = ${if <{$message_size}{256000}} + discard condition = ${if <{$message_size}{MAX_SCAN_SIZE}} condition = ${if eq {$acl_m_prf}{blackhole}} set acl_m_srb = ${perl{surblspamcheck}} condition = ${if !eq{$acl_m_srb}{false}} log_message = discarded surbl message for $recipients - deny condition = ${if <{$message_size}{256000}} + deny condition = ${if <{$message_size}{MAX_SCAN_SIZE}} condition = ${if !eq {$acl_m_prf}{markup}} condition = ${if !eq {$acl_m_prf}{PopconMail}} set acl_m_srb = ${perl{surblspamcheck}} @@ -884,7 +884,7 @@ acl_check_mime: log_message = $acl_m_srb message = $acl_m_srb - warn condition = ${if <{$message_size}{256000}} + warn condition = ${if <{$message_size}{MAX_SCAN_SIZE}} condition = ${if eq {$acl_m_prf}{markup}} set acl_m_srb = ${perl{surblspamcheck}} condition = ${if !eq{$acl_m_srb}{false}} @@ -980,13 +980,13 @@ check_message: <%- end -%> <%- if @heavy -%> - discard condition = ${if <{$message_size}{256000}} + discard condition = ${if <{$message_size}{MAX_SCAN_SIZE}} condition = ${if eq {$acl_m_prf}{blackhole}} set acl_m_srb = ${perl{surblspamcheck}} condition = ${if !eq{$acl_m_srb}{false}} log_message = discarded surbl message for $recipients - deny condition = ${if <{$message_size}{256000}} + deny condition = ${if <{$message_size}{MAX_SCAN_SIZE}} condition = ${if !eq {$acl_m_prf}{markup}} condition = ${if !eq {$acl_m_prf}{PopconMail}} set acl_m_srb = ${perl{surblspamcheck}} @@ -994,7 +994,7 @@ check_message: log_message = $acl_m_srb message = $acl_m_srb - warn condition = ${if <{$message_size}{256000}} + warn condition = ${if <{$message_size}{MAX_SCAN_SIZE}} condition = ${if eq {$acl_m_prf}{markup}} set acl_m_srb = ${perl{surblspamcheck}} condition = ${if !eq{$acl_m_srb}{false}} @@ -1013,7 +1013,7 @@ check_message: !authenticated = * !verify = certificate !hosts = +debianhosts - condition = ${if <{$message_size}{256000}} + condition = ${if <{$message_size}{MAX_SCAN_SIZE}} spam = pkg_user : true condition = ${if >{$spam_score_int}{59}} @@ -1454,17 +1454,13 @@ virt_users: local_part_suffix_optional retry_use_local_part -<%= -out = "" -if @is_bugsmx - domain = 'bugs.debian.org' - out = ' +<%- if @is_bugsmx -%> # This router delivers for bugs.d.o bugs: debug_print = "R: bugs for $local_part@$domain" driver = accept transport = bugs_pipe - domains = ' + domain + ' + domains = bugs.debian.org cannot_route_message = Unknown or archived bug require_files = /srv/bugs.debian.org/mail/run-procmail no_more @@ -1473,10 +1469,7 @@ bugs: {\N^(\d+)(\d{2})(?:-(?:(?:submit|maintonly|quiet|forwarded|done|close|request|submitter)|(?:unsubscribe|ignore|help|(?:sub(?:scribe|help|yes|approve|reject))|unsubyes|bounce|probe|approve|reject|setlistyes|setlistsilentyes).*))?$\N}\ {${if exists{/srv/bugs.debian.org/spool/db-h/$2/$1$2.summary}\ {$local_part}fail}}fail} -' -end -out -%> +<%- end -%> ###################################################################### # TRANSPORTS CONFIGURATION # ######################################################################