X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=5d154af16f59f914df97f1e99e87208eb616e26a;hb=bef12474e235e96c8e79a1a8453f74ef5247f535;hp=437f3fe0b9bd065ce2732a59cd367c601836e2d7;hpb=accd4da81e5b33ae1d8a84226c61fe8a5563a48a;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 437f3fe0b..5d154af16 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -203,12 +203,13 @@ smtp_accept_max_per_host = ${if match_ip {$sender_host_address}{+debianhosts}{0} smtp_accept_max = 300 smtp_accept_queue = 200 smtp_accept_queue_per_connection = 50 +smtp_accept_reserve = 25 <% else %> smtp_accept_max = 30 smtp_accept_queue = 20 smtp_accept_queue_per_connection = 10 +smtp_accept_reserve = 5 <% end %> -smtp_accept_reserve = 25 smtp_reserve_hosts = +debianhosts split_spool_directory = true @@ -372,16 +373,19 @@ out warn domains = +virtual_domains condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}} condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{markup}} + log_message = $local_part@$domain: markup set acl_m_rprf = markup accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} warn condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{markup}} + log_message = $local_part@$domain: markup set acl_m_rprf = markup accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} warn condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{blackhole}} + log_message = $local_part@$domain: blackhole set acl_m_rprf = blackhole accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} @@ -389,6 +393,7 @@ out warn domains = +virtual_domains condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}} condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{blackhole}} + log_message = $local_part@$domain: blackhole set acl_m_rprf = blackhole accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} @@ -891,6 +896,7 @@ acl_check_mime: condition = ${if eq {$acl_m_prf}{blackhole}} set acl_m_srb = ${perl{surblspamcheck}} condition = ${if eq{$acl_m_srb}{false}{no}{yes}} + log_message = discarded surbl message for $recipients warn condition = ${if <{$message_size}{256000}} condition = ${if eq {$acl_m_prf}{markup}} @@ -913,7 +919,7 @@ out %> acl_check_predata: - deny condition = ${if eq{$acl_m_lcl}{localonly}} + deny condition = ${if eq{$acl_m_prf}{localonly}} message = mail for $acl_m_lrc is only accepted internally accept @@ -921,9 +927,6 @@ acl_check_predata: #!!# ACL that is used after the DATA command check_message: - require verify = header_syntax - message = Invalid syntax in the header - <%= out='' if nodeinfo['rtmaster'] @@ -959,6 +962,11 @@ out } message = Mail to this address needs to be PGP-signed + accept verify = certificate + + require verify = header_syntax + message = Invalid syntax in the header + # RFC 822 and 2822 say that headers must be ASCII. This kinda emulates # postfix's strict_7bit_headers option, but only checks a few common problem # headers, as there doesn't appear to be an easy way to check them all. @@ -977,9 +985,10 @@ out out = "" if has_variable?("clamd") && clamd == "true" out = ' - discard condition = ${if eq {$acl_m_prf}{blackhole}{no}{yes}} + discard condition = ${if eq {$acl_m_prf}{blackhole}} demime = * malware = */defer_ok + log_message = discarded malware message for $recipients deny condition = ${if eq {$acl_m_prf}{markup}{no}{yes}} demime = * @@ -1002,6 +1011,7 @@ out=' condition = ${if eq {$acl_m_prf}{blackhole}} set acl_m_srb = ${perl{surblspamcheck}} condition = ${if eq{$acl_m_srb}{false}{no}{yes}} + log_message = discarded surbl message for $recipients warn condition = ${if <{$message_size}{256000}} condition = ${if eq {$acl_m_prf}{markup}}