X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=5d154af16f59f914df97f1e99e87208eb616e26a;hb=bef12474e235e96c8e79a1a8453f74ef5247f535;hp=f156a03fb678270527c7e41974f3dfd10958c453;hpb=820c193e121a56651b6e132e6f507ac4b63afb6c;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index f156a03fb..5d154af16 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -203,12 +203,13 @@ smtp_accept_max_per_host = ${if match_ip {$sender_host_address}{+debianhosts}{0} smtp_accept_max = 300 smtp_accept_queue = 200 smtp_accept_queue_per_connection = 50 +smtp_accept_reserve = 25 <% else %> smtp_accept_max = 30 smtp_accept_queue = 20 smtp_accept_queue_per_connection = 10 +smtp_accept_reserve = 5 <% end %> -smtp_accept_reserve = 25 smtp_reserve_hosts = +debianhosts split_spool_directory = true @@ -372,16 +373,19 @@ out warn domains = +virtual_domains condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}} condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{markup}} + log_message = $local_part@$domain: markup set acl_m_rprf = markup accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} warn condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{markup}} + log_message = $local_part@$domain: markup set acl_m_rprf = markup accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} warn condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{blackhole}} + log_message = $local_part@$domain: blackhole set acl_m_rprf = blackhole accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} @@ -389,6 +393,7 @@ out warn domains = +virtual_domains condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}} condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{blackhole}} + log_message = $local_part@$domain: blackhole set acl_m_rprf = blackhole accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} @@ -914,7 +919,7 @@ out %> acl_check_predata: - deny condition = ${if eq{$acl_m_lcl}{localonly}} + deny condition = ${if eq{$acl_m_prf}{localonly}} message = mail for $acl_m_lrc is only accepted internally accept @@ -922,9 +927,6 @@ acl_check_predata: #!!# ACL that is used after the DATA command check_message: - require verify = header_syntax - message = Invalid syntax in the header - <%= out='' if nodeinfo['rtmaster'] @@ -960,6 +962,11 @@ out } message = Mail to this address needs to be PGP-signed + accept verify = certificate + + require verify = header_syntax + message = Invalid syntax in the header + # RFC 822 and 2822 say that headers must be ASCII. This kinda emulates # postfix's strict_7bit_headers option, but only checks a few common problem # headers, as there doesn't appear to be an easy way to check them all. @@ -978,7 +985,7 @@ out out = "" if has_variable?("clamd") && clamd == "true" out = ' - discard condition = ${if eq {$acl_m_prf}{blackhole}{no}{yes}} + discard condition = ${if eq {$acl_m_prf}{blackhole}} demime = * malware = */defer_ok log_message = discarded malware message for $recipients