X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=4739f0df84aa249cc14f5143aaf23a292d1ee1f8;hb=789648233fd398fbf44de53951a84980fd755852;hp=2500496298978e5667bdc5804bc31f8b404b64a0;hpb=362e10d50b77ac189e70071beba90de5968a729b;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 250049629..4739f0df8 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -465,7 +465,7 @@ out # This logic gives you a list of commonly forged domains in helo to reject against - warn set acl_m2 = ${lookup{$sender_helo_name} \ + warn set acl_m_frg = ${lookup{$sender_helo_name} \ nwildlsearch{/etc/exim4/helo-check} \ {${if eq{$value}{}{$sender_helo_name}{$value}}}{}} @@ -473,15 +473,15 @@ out # say helo as a name in the list but we can't look them up defer !hosts = +debianhosts - condition = ${if eq{$acl_m2}{}{no}{yes}} + condition = ${if eq{$acl_m_frg}{}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{no}{yes}} message = Access temporarily denied. Resolve failed PTR for $sender_host_address # If DNS works, go ahead and reject them - drop !hosts = +debianhosts - condition = ${if and { {!eq{$acl_m2}{}}{!match{$sender_host_name}{${rxquote:$acl_m2}\N$\N}}}{yes}{no}} + drop !hosts = +debianhosts + condition = ${if and { {!eq{$acl_m_frg}{}}{!match{$sender_host_name}{${rxquote:$acl_m_frg}\N$\N}}}{yes}{no}} message = HELO mismatch Forged HELO for ($sender_helo_name) # disabled accounts don't even get local mail. @@ -521,20 +521,20 @@ out condition = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}} message = no mail should ever come from <$sender_address> - warn condition = ${if eq{$acl_m6}{}} + warn condition = ${if eq{$acl_m_lcl}{}} acl = acl_localonly - set acl_m6 = localonly - set acl_m7 = ${if eq{$acl_m7}{}{$local_part@$domain}{$acl_m7, $local_part@$domain}} + set acl_m_lcl = localonly + set acl_m_lrc = ${if eq{$acl_m_lrc}{}{$local_part@$domain}{$acl_m_lrc, $local_part@$domain}} - warn condition = ${if eq{$acl_m6}{}} + warn condition = ${if eq{$acl_m_lcl}{}} !acl = acl_localonly - set acl_m6 = normal + set acl_m_lcl = normal - defer condition = ${if eq{$acl_m6}{localonly}} + defer condition = ${if eq{$acl_m_lcl}{localonly}} !acl = acl_localonly log_message = Only one profile at a time, please - defer condition = ${if eq{$acl_m6}{normal}} + defer condition = ${if eq{$acl_m_lcl}{normal}} acl = acl_localonly log_message = Only one profile at a time, please @@ -683,12 +683,12 @@ if has_variable?("greylistd") && greylistd == "true" elsif has_variable?("postgrey") && postgrey == "true" out = ' # next three are greylisting, inspired by http://www.bebt.de/blog/debian/archives/2006/07/30/T06_12_27/index.html - # this adds acl_m4 if there isn\'t one (so unique per message) + # this adds acl_m_grey if there isn\'t one (so unique per message) warn !senders = : !hosts = : +debianhosts : WHITELIST - condition = ${if def:acl_m4 {no}{yes}} - set acl_m4 = $pid.$tod_epoch.$sender_host_port + condition = ${if def:acl_m_grey {no}{yes}} + set acl_m_grey = $pid.$tod_epoch.$sender_host_port # and defers the message if postgrey thinks it should be defered ... defer @@ -697,22 +697,22 @@ elsif has_variable?("postgrey") && postgrey == "true" !authenticated = * domains = +handled_domains : +rcpthosts local_parts = GREYLIST_LOCAL_PARTS - set acl_m3 = request=smtpd_access_policy\n\ + set acl_m_pgr = request=smtpd_access_policy\n\ protocol_state=RCPT\n\ protocol_name=${uc:$received_protocol}\n\ - instance=${acl_m4}\n\ + instance=${acl_m_grey}\n\ helo_name=${sender_helo_name}\n\ client_address=${substr_-3:${mask:$sender_host_address/24}}\n\ client_name=${sender_host_name}\n\ sender=${sender_address}\n\ recipient=$local_part@$domain\n\n - set acl_m3 = ${sg{\ - ${readsocket{/var/run/postgrey/socket}{$acl_m3}\ + set acl_m_pgr = ${sg{\ + ${readsocket{/var/run/postgrey/socket}{$acl_m_pgr}\ {5s}{}{action=DUNNO}}\ }{action=}{}} - message = ${sg{$acl_m3}{^\\\\w+\\\\s*}{}} + message = ${sg{$acl_m_pgr}{^\\\\w+\\\\s*}{}} log_message = greylisted. - condition = ${if eq{${uc:${substr{0}{5}{$acl_m3}}}}{DEFER}} + condition = ${if eq{${uc:${substr{0}{5}{$acl_m_pgr}}}}{DEFER}} # ... or adds a header with information about how long the delay was warn @@ -721,8 +721,8 @@ elsif has_variable?("postgrey") && postgrey == "true" !authenticated = * domains = +handled_domains : +rcpthosts local_parts = GREYLIST_LOCAL_PARTS - condition = ${if eq{${uc:${substr_0_7:$acl_m3}}}{PREPEND}} - message = ${sg{$acl_m3}{^\\\\w+\\\\s*}{}} + condition = ${if eq{${uc:${substr_0_7:$acl_m_pgr}}}{PREPEND}} + message = ${sg{$acl_m_pgr}{^\\\\w+\\\\s*}{}} ' end out @@ -797,10 +797,10 @@ out=' acl_check_mime: deny condition = ${if <{$message_size}{256000}} - set acl_m5 = ${perl{surblspamcheck}} - condition = ${if eq{$acl_m5}{false}{no}{yes}} - log_message = $acl_m5 - message = $acl_m5 + set acl_m_srb = ${perl{surblspamcheck}} + condition = ${if eq{$acl_m_srb}{false}{no}{yes}} + log_message = $acl_m_srb + message = $acl_m_srb accept ' @@ -809,8 +809,8 @@ out %> acl_check_predata: - deny condition = ${if eq{$acl_m6}{localonly}} - message = mail for $acl_m7 is only accepted internally + deny condition = ${if eq{$acl_m_lcl}{localonly}} + message = mail for $acl_m_lrc is only accepted internally accept @@ -889,9 +889,10 @@ out='' if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? out=' deny condition = ${if <{$message_size}{256000}} - set acl_m5 = ${perl{surblspamcheck}} - condition = ${if eq{$acl_m5}{false}{no}{yes}} - log_message = $acl_m5 + set acl_m_srb = ${perl{surblspamcheck}} + condition = ${if eq{$acl_m_srb}{false}{no}{yes}} + log_message = $acl_m_srb + message = $acl_m_srb ' end out