X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=46f624e60efaec77ab2aea5896194bbc03673021;hb=d73fb9b2448b1bd96dcd8dbee3e2d6ca8396a39f;hp=89c402491cc3bb09164d2697a22facc833b2d602;hpb=5ef2b464d1c73ad67243934e5a4051d46239b575;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 89c402491..46f624e60 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -108,6 +108,7 @@ if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
 end
 out
 %>
+acl_smtp_predata = acl_check_predata
 
 # accept domain literal syntax in e-mail addresses. To actually make use of
 # this a router is also required
@@ -280,6 +281,13 @@ RT_QUEUE_MAP = /srv/rt.debian.org/mail/rt_queue_map
 ######################################################################
 begin acl
 
+acl_localonly:
+  accept  local_parts   = +local_only_users
+          domains       = +local_domains
+          hosts         = !+debianhosts
+
+  deny
+
 check_helo:
 
   warn    set acl_c1    = 0
@@ -513,10 +521,22 @@ out
           condition     = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}}
 	  message       = no mail should ever come from <$sender_address>
 
-  deny    local_parts   = +local_only_users
-  	  domains       = +local_domains
-          hosts         = !+debianhosts
-	  message       = mail for $local_part is only accepted internally
+  warn    condition     = ${if eq{$acl_m6}{}}
+          acl           = acl_localonly
+          set acl_m6    = localonly
+          set acl_m7    = ${if eq{$acl_m7}{}{$local_part@$domain}{$acl_m7, $local_part@$domain}}
+
+  warn    condition     = ${if eq{$acl_m6}{}}
+          !acl          = acl_localonly
+          set acl_m6    = normal
+
+  defer   condition     = ${if eq{$acl_m6}{localonly}}
+          !acl          = acl_localonly
+          log_message   = Only one profile at a time, please
+
+  defer   condition     = ${if eq{$acl_m6}{normal}}
+          acl           = acl_localonly
+          log_message   = Only one profile at a time, please
 
 <%=
 out=''
@@ -607,7 +627,7 @@ if nodeinfo['rtmaster']
   out='
   warn    domains  = rt.debian.org
           set acl_m1 = RTMail
-          set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{[^+]+\\+\\d+}}{match{$local_part}{[^+]+\\+new}}} {RTMailRecipientHasSubaddress}}}}
+          set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}} {RTMailRecipientHasSubaddress}}}}
 '
 end
 out
@@ -788,6 +808,13 @@ end
 out
 %>
 
+acl_check_predata:
+  deny   condition     = ${if eq{$acl_m6}{localonly}}
+         message       = mail for $acl_m7 is only accepted internally
+
+  accept
+
+
 #!!# ACL that is used after the DATA command
 check_message:
   require verify = header_syntax
@@ -799,7 +826,7 @@ if nodeinfo['rtmaster']
   out='
   deny    condition = ${if eq {$acl_m1}{RTMail}}
           condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \
-                               {!match {${lc:$rh_Subject:]}} {\\[rt.debian.org }} \
+                               {!match {${lc:$rh_Subject:]}} {\N\[rt.debian.org \N}} \
                                {!match {$acl_m12}{RTMailRecipientHasSubaddress}}}}
           message  = messages to the Request Tracker system require a subject tag or a subaddress
 '