X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=46f624e60efaec77ab2aea5896194bbc03673021;hb=489c57a538241de27243d5a3bc2413c559d73022;hp=f6cc8b71a9d0f353233cdd88499926f8e4873305;hpb=b95b62e37f0b1d14a99bcd5d98757259e96895cf;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index f6cc8b71a..46f624e60 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -108,6 +108,7 @@ if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? end out %> +acl_smtp_predata = acl_check_predata # accept domain literal syntax in e-mail addresses. To actually make use of # this a router is also required @@ -280,6 +281,13 @@ RT_QUEUE_MAP = /srv/rt.debian.org/mail/rt_queue_map ###################################################################### begin acl +acl_localonly: + accept local_parts = +local_only_users + domains = +local_domains + hosts = !+debianhosts + + deny + check_helo: warn set acl_c1 = 0 @@ -513,10 +521,22 @@ out condition = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}} message = no mail should ever come from <$sender_address> - deny local_parts = +local_only_users - domains = +local_domains - hosts = !+debianhosts - message = mail for $local_part is only accepted internally + warn condition = ${if eq{$acl_m6}{}} + acl = acl_localonly + set acl_m6 = localonly + set acl_m7 = ${if eq{$acl_m7}{}{$local_part@$domain}{$acl_m7, $local_part@$domain}} + + warn condition = ${if eq{$acl_m6}{}} + !acl = acl_localonly + set acl_m6 = normal + + defer condition = ${if eq{$acl_m6}{localonly}} + !acl = acl_localonly + log_message = Only one profile at a time, please + + defer condition = ${if eq{$acl_m6}{normal}} + acl = acl_localonly + log_message = Only one profile at a time, please <%= out='' @@ -607,14 +627,14 @@ if nodeinfo['rtmaster'] out=' warn domains = rt.debian.org set acl_m1 = RTMail - set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{[^+]+\\+\\d+}}{match{$local_part}{[^+]+\\+new}}} {RTMailRecipientHasSubaddress}}}} + set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}} {RTMailRecipientHasSubaddress}}}} ' end out %> <%= out='' -if nodeinfo['packagesmaster'] +if nodeinfo['packagesqamaster'] out=' warn domains = packages.qa.debian.org set acl_m1 = PTSMail @@ -788,6 +808,13 @@ end out %> +acl_check_predata: + deny condition = ${if eq{$acl_m6}{localonly}} + message = mail for $acl_m7 is only accepted internally + + accept + + #!!# ACL that is used after the DATA command check_message: require verify = header_syntax @@ -799,7 +826,7 @@ if nodeinfo['rtmaster'] out=' deny condition = ${if eq {$acl_m1}{RTMail}} condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \ - {!match {${lc:$rh_Subject:]}} {\\[rt.debian.org }} \ + {!match {${lc:$rh_Subject:]}} {\N\[rt.debian.org \N}} \ {!match {$acl_m12}{RTMailRecipientHasSubaddress}}}} message = messages to the Request Tracker system require a subject tag or a subaddress ' @@ -808,7 +835,7 @@ out %> <%= out='' -if nodeinfo['packagesmaster'] +if nodeinfo['packagesqamaster'] out=' deny !hosts = +debianhosts : 217.196.43.134 condition = ${if eq {$acl_m1}{PTSMail}}