X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=4777ce8c76f4e089c61b925e71c7de932c985443;hb=906277d3c7c09fa4437fdc4a87cab4b7896bfe67;hp=cf0ac232cdde112d7e6eb42defd5cfa946b792e1;hpb=855484d019f313a061d714cf8c11830ff99433de;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index cf0ac232c..4777ce8c7 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -136,7 +136,7 @@ localpartlist postmasterish = postmaster : abuse : hostmaster : root
 
 # Domains we relay for; that is domains that aren't considered local but we 
 # accept mail for them.
-hostlist debianhosts = 127.0.0.1 : net-lsearch;/var/lib/misc/thishost/debianhosts
+hostlist debianhosts = 127.0.0.1 : /var/lib/misc/thishost/debianhosts
 <%=
 out = ""
 if nodeinfo['mailrelay']
@@ -165,7 +165,7 @@ out
 # expensive, you can specify the networks for which a lookup is done, or
 # remove the setting entirely.
 host_lookup = *
-dns_ipv4_lookup = !localhost
+# dns_ipv4_lookup = !localhost (disabled upon sgrans request, zobel, 2010-03-16)
 
 # If this option is set, then any process that is running as one of the
 # listed users may pass a message to Exim and specify the sender's
@@ -293,6 +293,14 @@ RT_QUEUE_MAP = /srv/rt.debian.org/mail/rt_queue_map
 ######################################################################
 begin acl
 
+acl_spamlovers:
+  # There are a few profiles that don't want much smtp time checking of
+  # mail.  It's easier to track them in one place
+
+  accept  condition      = ${if eq {$acl_m_prf}{PopconMail}}
+  accept  condition      = ${if eq {$acl_m_prf}{BugsMail}}
+  deny
+
 acl_getprofile:
   # This is a bad hack to reset the variable, by defining it be something
   # never referenced.
@@ -325,6 +333,18 @@ out
 %>
 <%=
 out = ''
+if nodeinfo['bugsmx']
+  out = '
+  warn    domains        = bugs.debian.org
+          set acl_m_rprf = BugsMail
+
+  accept  condition      = ${if eq {$acl_m_rprf}{}{no}{yes}}
+'
+end
+out
+%>
+<%=
+out = ''
 if nodeinfo['packagesmaster']
   out = '
   warn    domains        = packages.debian.org
@@ -571,25 +591,25 @@ out
   # This is a rough pass at preventing addres harvesting or other mail blasts.
 
   defer  log_message   = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count
-         condition     = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+         !acl          = acl_spamlovers
          message       = Too many bad recipients, try again later
          !hosts        = +debianhosts
          condition     = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
 
   # Dump spambots that are so stupid they say helo as our IP address
 
-  drop !hosts          = +debianhosts
-        condition      = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
-       condition       = ${if eq {$sender_helo_name}{$interface_address}{yes}{no}}
-       message         = HELO mismatch Forged HELO for ($sender_helo_name)
+  drop   !hosts        = +debianhosts
+         !acl          = acl_spamlovers
+         condition     = ${if eq {$sender_helo_name}{$interface_address}{yes}{no}}
+         message       = HELO mismatch Forged HELO for ($sender_helo_name)
 
   # Also for spambots that say helo as us or one of our domains
 
-  drop !hosts          = +debianhosts
-        condition      = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
-       condition       = ${if match_domain{$sender_helo_name}{$primary_hostname:+handled_domains}}
-       condition       = ${if !match{$sender_host_name}{${rxquote:$sender_helo_name}\N$\N}}
-       message         = HELO mismatch Forged HELO for ($sender_helo_name)
+  drop   !hosts        = +debianhosts
+         !acl          = acl_spamlovers
+         condition     = ${if match_domain{$sender_helo_name}{$primary_hostname:+handled_domains}}
+         condition     = ${if !match{$sender_host_name}{${rxquote:$sender_helo_name}\N$\N}}
+         message       = HELO mismatch Forged HELO for ($sender_helo_name)
 
   # This logic gives you a list of commonly forged domains in helo to reject against
 
@@ -600,31 +620,31 @@ out
   # This is a failsafe in case DNS fails - we defer instead of hard reject if they 
   # say helo as a name in the list but we can't look them up
 
-  defer !hosts         = +debianhosts
-        condition      = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
-        condition      = ${if eq{$acl_m_frg}{}{no}{yes}}
-        condition      = ${if eq{$sender_host_name}{}{yes}{no}}
-        condition      = ${if eq{$host_lookup_failed}{1}{no}{yes}}
-        message        = Access temporarily denied. Resolve failed PTR for $sender_host_address
+  defer  !hosts        = +debianhosts
+         !acl          = acl_spamlovers
+         condition     = ${if eq{$acl_m_frg}{}{no}{yes}}
+         condition     = ${if eq{$sender_host_name}{}{yes}{no}}
+         condition     = ${if eq{$host_lookup_failed}{1}{no}{yes}}
+         message       = Access temporarily denied. Resolve failed PTR for $sender_host_address
 
   # If DNS works, go ahead and reject them
 
-  drop  !hosts         = +debianhosts
-        condition      = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
-        condition      = ${if and { {!eq{$acl_m_frg}{}}{!match{$sender_host_name}{${rxquote:$acl_m_frg}\N$\N}}}{yes}{no}}
-        message        = HELO mismatch Forged HELO for ($sender_helo_name)
+  drop   !hosts        = +debianhosts
+         !acl          = acl_spamlovers
+         condition     = ${if and { {!eq{$acl_m_frg}{}}{!match{$sender_host_name}{${rxquote:$acl_m_frg}\N$\N}}}{yes}{no}}
+         message       = HELO mismatch Forged HELO for ($sender_helo_name)
 
   # disabled accounts don't even get local mail.
-  deny    local_parts   = lsearch;/var/lib/misc/$primary_hostname/mail-disable
-          domains       = +local_domains
-	  message       = ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-disable}{$value}}
-
-  deny    domains       = +virtual_domains
-          local_parts   = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/localonly}}}\
-                                      {${extract{directory}{VDOMAINDATA}{${value}/localonly}}}\
-                                      {}}
-          hosts         = !+debianhosts
-          message       = mail for <$local_part@$domain> only accepted from debian.org machines
+  deny   local_parts   = lsearch;/var/lib/misc/$primary_hostname/mail-disable
+         domains       = +local_domains
+	 message       = ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-disable}{$value}}
+
+  deny   domains       = +virtual_domains
+         local_parts   = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/localonly}}}\
+                                     {${extract{directory}{VDOMAINDATA}{${value}/localonly}}}\
+                                     {}}
+         hosts         = !+debianhosts
+         message       = mail for <$local_part@$domain> only accepted from debian.org machines
   # Accept if the source is local SMTP (i.e. not over TCP/IP).
   # We do this by testing for an empty sending host field.
   accept  hosts = :
@@ -1701,6 +1721,7 @@ out
 begin retry
 
 debian.org	       *	   F,2h,10m; G,16h,2h,1.5; F,14d,8h
+*                      * senders=: F,2h,10m
 *                      rcpt_4xx    F,2h,5m;  F,4h,10m; F,4d,15m
 *                      *           F,2h,15m; G,16h,2h,1.5; F,4d,8h