X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=9aef9459940917610f8d6da38a09e6acbb2e30a4;hb=4c5c4151615376e493908971c838fd4ed397b99a;hp=9877917bce60bfc8e7718fc99d0c7834c95bf785;hpb=3eb533e5499e66423bafdedaf6c7d08ead1772de;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 9877917bc..9aef94599 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -115,6 +115,8 @@ domainlist bsmtp_domains = ${if exists {/etc/exim4/bsmtp}{partial-lsearch;/etc/e domainlist handled_domains = +local_domains : +virtual_domains : +bsmtp_domains +domainlist ourself_and_handled = $primary_hostname : +handled_domains + localpartlist local_only_users = lsearch;/etc/exim4/localusers localpartlist postmasterish = postmaster : abuse : hostmaster @@ -129,14 +131,12 @@ hostlist reservedaddrs = <%= scope.lookupvar('site::nodeinfo')['reservedaddrs'] domainlist mailhubdomains = lsearch;/etc/exim4/manualroute <%- end -%> -<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%> tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key tls_try_verify_hosts = * tls_verify_certificates = /etc/exim4/ssl/ca.crt tls_crl = /etc/exim4/ssl/ca.crl -<%- end -%> # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or @@ -196,8 +196,13 @@ queue_only_load = 35 smtp_load_reserve = 20 <%- else -%> queue_run_max = 5 +<%- if scope.lookupvar('::processorcount').to_s != 'undefined' -%> +deliver_queue_load_max = <%= [scope.lookupvar('::processorcount').to_i,2].max * 5 %> +queue_only_load = <%= [scope.lookupvar('::processorcount').to_i,2].max * 4 %> +<%- else -%> deliver_queue_load_max = 10 -queue_only_load = 5 +queue_only_load = 8 +<%- end -%> <%- end -%> queue_list_requires_admin = false @@ -230,9 +235,7 @@ admin_groups = adm remote_sort_domains = *.debian.org:*.debian.net pipelining_advertise_hosts = !* -<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%> tls_advertise_hosts = * -<%- end -%> smtp_enforce_sync = true log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation @@ -305,7 +308,7 @@ acl_getprofile: accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} <%- end -%> -<%- if scope.lookupvar('site::nodeinfo')['bugsmx'] -%> +<%- if scope.lookupvar('site::nodeinfo')['bugsmaster'] or scope.lookupvar('site::nodeinfo')['bugsmx'] -%> warn domains = bugs.debian.org set acl_m_rprf = BugsMail @@ -556,7 +559,7 @@ check_recipient: drop !hosts = +debianhosts !acl = acl_spamlovers - condition = ${if match_domain{$sender_helo_name}{$primary_hostname:+handled_domains}} + condition = ${if match_domain{$sender_helo_name}{+ourself_and_handled}} condition = ${if !match{$sender_host_name}{${rxquote:$sender_helo_name}\N$\N}} message = HELO mismatch Forged HELO for ($sender_helo_name) @@ -1364,14 +1367,13 @@ rt_otherwise: driver = redirect domains = rt.debian.org require_files = /usr/bin/rt-mailgate : RT_QUEUE_MAP - local_parts = ${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}} + local_parts = ${lookup{${sg{$local_part}{-(comment|done)}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}} local_part_suffix = +* local_part_suffix_optional pipe_transport = rt_pipe - data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}" + data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-(comment|done)}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{${if match{$local_part}{.*-done.*}{correspond-resolve}{correspond}}}}" headers_remove = Subject headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}" - <%- end -%> # exim4 fails the router if it can't change to the user/group for delivery @@ -1566,10 +1568,8 @@ remote_smtp: driver = smtp connect_timeout = 1m delay_after_cutoff = false -<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%> tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key -<%- end -%> <%= out = "" @@ -1581,13 +1581,11 @@ remote_smtp_smarthost: delay_after_cutoff = false port = ' out += scope.lookupvar('site::nodeinfo')['smarthost_port'].to_s + "\n" - if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" - out += ' tls_tempfail_tryclear = false + out += ' tls_tempfail_tryclear = false hosts_require_tls = ' + scope.lookupvar('site::nodeinfo')['smarthost'] + ' tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key ' - end end out %>