X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=5cf1322ad6657c55c5c2ec0ae5efd1396c368642;hb=60992035029ddcd7bb911fe41fdc9025b4aec4c6;hp=c8236853eccc64527c956882f7469a44cc017246;hpb=0ec2b9a3606e0feb8edf4012958a8e6204e76cac;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index c8236853e..5cf1322ad 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -35,13 +35,20 @@
 #           us. This is primarily only usefull for emergancy 'queue
 #           flushing' operations, but should be populated with a list
 #           of trusted machines. Wildcards are not permitted
+<%=
+out = ""
+if nodeinfo['mailrelay']
+  out = '
 #  mailhubdomains - Domains for which we are the MX, but the mail is relayed
 #           elsewhere.  This is designed for use with small volume or
 #           restricted machines that need to use a smarthost for mail
 #           traffic.  We will relay for them based on ssl cert validation
 #           but we need to teach exim how to route the mail to them.  This is
 #           that list.
-
+'
+end
+out
+%>
 # Exim's wildcard mechanism is a bit odd in that to say "any address in
 # debian.org including debian.org" you must use two patterns,
 #   *.debian.org
@@ -114,12 +121,20 @@ localpartlist local_only_users = lsearch;/etc/exim4/localusers
 # accept mail for them.
 domainlist rcpthosts = partial-lsearch;/etc/exim4/rcpthosts
 hostlist debianhosts = 127.0.0.1 : net-lsearch;/var/lib/misc/thishost/debianhosts
+<%=
+out = ""
+if nodeinfo['mailrelay']
+  out = '
 domainlist mailhubdomains = lsearch;/etc/exim4/manualroute
+'
+end
+out
+%>
 
 hostlist reservedaddrs = <%= nodeinfo['reservedaddrs'] %>
 
 <%= out = ""
-if has_variable?("exim_ssl_certs") && exim_ssl_certs == true
+if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true"
 out = "tls_certificate = /etc/exim4/ssl/thishost.crt
 tls_privatekey = /etc/exim4/ssl/thishost.key
 tls_try_verify_hosts = *
@@ -190,16 +205,16 @@ ports = []
 out = "daemon_smtp_ports = "
 ports << 25
 
-if results['bugsmaster']
+if nodeinfo['bugsmaster']
   ports << 587
 end
 
-if not results['mail_port'].empty?
-  ports << results['mail_port']
+if not nodeinfo['mail_port'].to_s.empty?
+  ports << nodeinfo['mail_port']
 end
 
-if results['mailrelay']
-  ports << results['smarthost_port']
+if nodeinfo['mailrelay']
+  ports << nodeinfo['smarthost_port']
 end
 
 out += ports.uniq.sort.join(" : ")
@@ -211,7 +226,7 @@ remote_sort_domains = *.debian.org:*.debian.net
 
 pipelining_advertise_hosts = !*
 <%= out = ""
-if has_variable?("exim_ssl_certs") && exim_ssl_certs == true
+if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true"
 out = 'tls_advertise_hosts = *'
 end
 out
@@ -254,7 +269,7 @@ check_helo:
 
 <%= 
 out = ""
-if results['mailrelay']
+if nodeinfo['mailrelay']
   out = "  accept  verify   = certificate"
 end
 out
@@ -347,7 +362,7 @@ check_submission:
 
 <%= 
 out = ""
-if results['mailrelay']
+if nodeinfo['mailrelay']
   out = "  accept  verify   = certificate"
 end
 out
@@ -371,10 +386,18 @@ out
 	  message  = unknown user
 	  verify   = recipient
 
+<%=
+out = ""
+if nodeinfo['mailrelay']
+  out = '
   accept  domains  = +mailhubdomains
           endpass
 	  message  = unknown user
 	  verify   = recipient/callout=30s,defer_ok,use_sender,no_cache
+'
+end
+out
+%>
 
   accept  domains  = +submission_domains
           endpass
@@ -386,9 +409,9 @@ out
 #!!# ACL that is used after the RCPT command
 check_recipient:
 
-<%= 
+<%=
 out = ""
-if results['mailrelay']
+if nodeinfo['mailrelay']
   out = "  accept  verify   = certificate"
 end
 out
@@ -554,23 +577,37 @@ out
   warn    recipients = survey@popcon.debian.org
           set acl_m1 = PopconMail
 
+<%=
+out=''
+if nodeinfo['rtmaster']
+  out='
   warn    domains  = rt.debian.org
           set acl_m1 = RTMail
           set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{[^+]+\\+\\d+}}{match{$local_part}{[^+]+\\+new}}} {RTMailRecipientHasSubaddress}}}}
-
+'
+end
+out
+%>
+<%=
+out=''
+if nodeinfo['packagesmaster']
+  out='
   warn    domains  = packages.qa.debian.org
           set acl_m1 = PTSMail
 
   warn    recipients = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org
           set acl_m1 = PTSOwner
 
-  warn    recipients = change@db.debian.org : changes@db.debian.org : chpasswd@db.debian.org : ping@db.debian.org : recommend@nm.debian.org
-          set acl_m1 = DBSignedMail
-
   warn    senders  = :
           domains  = packages.qa.debian.org
           condition = ${if match{$local_part}{\N^bounces+\N}}
           set acl_m1 = PTSListBounce
+'
+end
+out
+%>
+  warn    recipients = change@db.debian.org : changes@db.debian.org : chpasswd@db.debian.org : ping@db.debian.org : recommend@nm.debian.org
+          set acl_m1 = DBSignedMail
 
 <%=
 out = ""
@@ -629,7 +666,7 @@ elsif has_variable?("postgrey") && postgrey == "true"
                          ${readsocket{/var/run/postgrey/socket}{$acl_m3}\
                                {5s}{}{action=DUNNO}}\
                      }{action=}{}}
-    message        = ${sg{$acl_m3}{^\\w+\\s*}{}}
+    message        = ${sg{$acl_m3}{^\\\\w+\\\\s*}{}}
     log_message    = greylisted.
     condition      = ${if eq{${uc:${substr{0}{5}{$acl_m3}}}}{DEFER}}
 
@@ -641,7 +678,7 @@ elsif has_variable?("postgrey") && postgrey == "true"
     domains        = +handled_domains : +rcpthosts
     local_parts    = GREYLIST_LOCAL_PARTS
     condition      = ${if eq{${uc:${substr_0_7:$acl_m3}}}{PREPEND}}
-    message        = ${sg{$acl_m3}{^\\w+\\s*}{}}
+    message        = ${sg{$acl_m3}{^\\\\w+\\\\s*}{}}
 '
 end
 out
@@ -681,11 +718,18 @@ out
           !hosts   = +debianhosts : WHITELIST
 	  !verify  = sender/callout
 
+<%=
+out = ""
+if nodeinfo['mailrelay']
+  out = '
   accept  domains  = +mailhubdomains
           endpass
 	  message  = unknown user
 	  verify   = recipient/callout=30s,defer_ok,use_sender,no_cache
-
+'
+end
+out
+%>
   accept  domains  = +handled_domains
           endpass
 	  message  = unknown user
@@ -707,17 +751,31 @@ check_message:
   require verify = header_syntax
           message = Invalid syntax in the header
 
+<%=
+out=''
+if nodeinfo['rtmaster']
+  out='
   deny    condition = ${if eq {$acl_m1}{RTMail}}
           condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \
                                {!match {${lc:$rh_Subject:]}} {\\[rt.debian.org }} \
                                {!match {$acl_m12}{RTMailRecipientHasSubaddress}}}}
           message  = messages to the Request Tracker system require a subject tag or a subaddress
-
+'
+end
+out
+%>
+<%=
+out=''
+if nodeinfo['packagesmaster']
+  out='
   deny    !hosts  = +debianhosts : 217.196.43.134
           condition = ${if eq {$acl_m1}{PTSMail}}
           condition = ${if def:h_X-PTS-Approved:{false}{true}}
           message   = messages to the PTS require an X-PTS-Approved header
-
+'
+end
+out
+%>
   deny    condition      = ${if match {$message_body}{\Nhttp:\/\/[a-z\.-]+\/video1?.exe\N}}
           message        = Blackisted URI found in body
 
@@ -810,7 +868,7 @@ begin routers
 
 <%=
 out = ""
-if results['mailrelay']
+if nodeinfo['mailrelay']
   out = '
 relay_manualroute:
   driver = manualroute
@@ -845,14 +903,14 @@ ipliteral:
 
 <%=
 out = ""
-if not results['smarthost'].empty?
+if not nodeinfo['smarthost'].empty?
 out = '
 smarthost:
   debug_print = "R: smarthost for $local_part@$domain"
   driver = manualroute
   domains = !+handled_domains
   transport = remote_smtp_smarthost
-  route_list = * ' + smarthost + '
+  route_list = * ' + nodeinfo['smarthost'] + '
   host_find_failed = defer
   same_domain_copy_routing = yes
   no_more
@@ -1011,7 +1069,7 @@ localuser:
 # the virts, and delivering to them.  blah.
 <%=
 out = ""
-if results['packagesmaster']
+if nodeinfo['packagesmaster']
   out = '
 # This router delivers for packages.d.o
 packages:
@@ -1035,7 +1093,7 @@ out
 
 <%=
 out = ""
-if results['bugsmaster']
+if nodeinfo['bugsmaster']
   out = '
 # This router delivers for bugs.d.o
 bugs:
@@ -1058,7 +1116,7 @@ out
 
 <%=
 out = ""
-if results['rtmaster']
+if nodeinfo['rtmaster']
   out = '
 # This router delivers for rt.d.o
 rt_force_new_verbose:
@@ -1292,20 +1350,22 @@ end
 out
 %>
 
+<%=
+out = ""
+if not nodeinfo['smarthost'].empty?
+out = '
 remote_smtp_smarthost:
   debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
   driver = smtp
-<%=
-out = ""
-if not results['smarthost'].empty?
-  out += "  port = " + results['smarthost_port'] + "\n"
-end
-
-if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true"
-  out += '  tls_tempfail_tryclear = false
+  port = '
+  out += nodeinfo['smarthost_port'].to_s + "\n"
+  if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true"
+    out += '  tls_tempfail_tryclear = false
+  hosts_require_tls = ' + nodeinfo['smarthost'] + '
   tls_certificate = /etc/exim4/ssl/thishost.crt
   tls_privatekey = /etc/exim4/ssl/thishost.key
 '
+  end
 end
 out
 %>
@@ -1331,7 +1391,7 @@ bsmtp:
 
 <%=
 out = ""
-if results['bugsmaster']
+if nodeinfo['bugsmaster']
   out = '
 bugs_pipe:
   driver = pipe
@@ -1350,7 +1410,7 @@ out
 
 <%=
 out = ""
-if results['rtmaster']
+if nodeinfo['rtmaster']
   out = '
 rt_pipe:
   debug_print = "T: rt_pipe for $local_part${local_part_suffix}@$domain"