X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=0cd231b824bce769bd4713e8687d684fc9d305c5;hb=f79fdb6bb13b6eb8a0c8b0dcf117a2c3e0e241c6;hp=bb7c7566cb78c1bcb4d36ce90b7fffb766d4bbd5;hpb=08a1906121670d960592fbbf6ec489ff54c8b64c;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index bb7c7566c..0cd231b82 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -601,6 +601,14 @@ check_recipient: message = Different profile, please retry log_message = Only one profile at a time, please + # Set a flag to indicate whether the current recipient + # has explicitly requested greylisting + warn set acl_m_grey_recip = 0 + + warn local_parts = GREYLIST_LOCAL_PARTS + domains = +handled_domains + set acl_m_grey_recip = 1 + # Defer after too many bad RCPT TO's. Legit MTAs will retry later. # This is a rough pass at preventing address harvesting or other mail blasts. @@ -782,16 +790,17 @@ check_recipient: message = $sender_host_address is not yet authorized to deliver mail from <$sender_address> to <$local_part@$domain>. log_message = greylisted. condition = ${if or { \ - {match_local_part{$local_part}{GREYLIST_LOCAL_PARTS}} \ - {HAS_DEFAULT_OPTIONS} \ + {eq{$acl_m_grey_recip}{1}} \ + {bool_lax{HAS_DEFAULT_OPTIONS}} \ } \ - } + } !senders = : !hosts = : +debianhosts : WHITELIST : \ ${if exists {/etc/greylistd/whitelist-hosts}\ {/etc/greylistd/whitelist-hosts}{}} : \ ${if exists {/var/lib/greylistd/whitelist-hosts}\ {/var/lib/greylistd/whitelist-hosts}{}} + !dnslists = list.dnswl.org&0.0.0.3 condition = ${if !eq {$acl_m_prf}{PopconMail}} !authenticated = * domains = +handled_domains @@ -808,6 +817,7 @@ check_recipient: warn !senders = : !hosts = : +debianhosts : WHITELIST + !dnslists = list.dnswl.org&0.0.0.3 condition = ${if !eq {$acl_m_prf}{PopconMail}} condition = ${if ! def:acl_m_grey} set acl_m_grey = $pid.$tod_epoch.$sender_host_port @@ -816,14 +826,15 @@ check_recipient: defer !senders = : !hosts = : +debianhosts : WHITELIST + !dnslists = list.dnswl.org&0.0.0.3 condition = ${if !eq {$acl_m_prf}{PopconMail}} !authenticated = * domains = +handled_domains condition = ${if or { \ - {match_local_part{$local_part}{GREYLIST_LOCAL_PARTS}} \ - {HAS_DEFAULT_OPTIONS} \ + {eq{$acl_m_grey_recip}{1}} \ + {bool_lax{HAS_DEFAULT_OPTIONS}} \ } \ - } + } set acl_m_pgr = request=smtpd_access_policy\n\ protocol_state=RCPT\n\ protocol_name=${uc:$received_protocol}\n\ @@ -845,14 +856,15 @@ check_recipient: warn !senders = : !hosts = : +debianhosts : WHITELIST + !dnslists = list.dnswl.org&0.0.0.3 condition = ${if !eq {$acl_m_prf}{PopconMail}} !authenticated = * domains = +handled_domains condition = ${if or { \ - {match_local_part{$local_part}{GREYLIST_LOCAL_PARTS}} \ - {HAS_DEFAULT_OPTIONS} \ + {eq{$acl_m_grey_recip}{1}} \ + {bool_lax{HAS_DEFAULT_OPTIONS}} \ } \ - } + } condition = ${if eq{${uc:${substr_0_7:$acl_m_pgr}}}{PREPEND}} message = ${sg{$acl_m_pgr}{\N^\w+\s*\N}{}} @@ -883,6 +895,12 @@ check_recipient: domains = +handled_domains !hosts = +debianhosts : WHITELIST + deny message = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text + condition = ${if bool_lax{HAS_DEFAULT_OPTIONS}} + dnslists = relays.dnsbl.sorbs.net : xbl.spamhaus.org + domains = +handled_domains + !hosts = +debianhosts : WHITELIST + <%- end -%> deny message = domain $sender_address_domain is listed in $dnslist_domain; see $dnslist_text dnslists = ${if match_domain{$domain}{+virtual_domains}\ @@ -898,6 +916,12 @@ check_recipient: domains = +handled_domains !hosts = +debianhosts : WHITELIST + deny message = domain $sender_address_domain is listed in $dnslist_domain; see $dnslist_text + condition = ${if bool_lax{HAS_DEFAULT_OPTIONS}} + dnslists = dbl.spamhaus.org/$sender_address_domain + domains = +handled_domains + !hosts = +debianhosts : WHITELIST + <%- unless @use_smarthost -%> deny domains = +handled_domains local_parts = ${if match_domain{$domain}{+virtual_domains}\