X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=46f624e60efaec77ab2aea5896194bbc03673021;hb=d73fb9b2448b1bd96dcd8dbee3e2d6ca8396a39f;hp=98d608ce38a0cb9e87ed97409867211291e2b7bd;hpb=5091793ae1973be9daded8b7c57063e0263fc98d;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 98d608ce3..46f624e60 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -108,6 +108,7 @@ if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
 end
 out
 %>
+acl_smtp_predata = acl_check_predata
 
 # accept domain literal syntax in e-mail addresses. To actually make use of
 # this a router is also required
@@ -280,6 +281,13 @@ RT_QUEUE_MAP = /srv/rt.debian.org/mail/rt_queue_map
 ######################################################################
 begin acl
 
+acl_localonly:
+  accept  local_parts   = +local_only_users
+          domains       = +local_domains
+          hosts         = !+debianhosts
+
+  deny
+
 check_helo:
 
   warn    set acl_c1    = 0
@@ -513,10 +521,22 @@ out
           condition     = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}}
 	  message       = no mail should ever come from <$sender_address>
 
-  deny    local_parts   = +local_only_users
-  	  domains       = +local_domains
-          hosts         = !+debianhosts
-	  message       = mail for $local_part is only accepted internally
+  warn    condition     = ${if eq{$acl_m6}{}}
+          acl           = acl_localonly
+          set acl_m6    = localonly
+          set acl_m7    = ${if eq{$acl_m7}{}{$local_part@$domain}{$acl_m7, $local_part@$domain}}
+
+  warn    condition     = ${if eq{$acl_m6}{}}
+          !acl          = acl_localonly
+          set acl_m6    = normal
+
+  defer   condition     = ${if eq{$acl_m6}{localonly}}
+          !acl          = acl_localonly
+          log_message   = Only one profile at a time, please
+
+  defer   condition     = ${if eq{$acl_m6}{normal}}
+          acl           = acl_localonly
+          log_message   = Only one profile at a time, please
 
 <%=
 out=''
@@ -788,6 +808,13 @@ end
 out
 %>
 
+acl_check_predata:
+  deny   condition     = ${if eq{$acl_m6}{localonly}}
+         message       = mail for $acl_m7 is only accepted internally
+
+  accept
+
+
 #!!# ACL that is used after the DATA command
 check_message:
   require verify = header_syntax