X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=7cd6738a2aa5368a1df01be03f2d6f04d6465b16;hb=368e147f10b8e748f7e171a15568a94d79599039;hp=05d79fb0fc014e3763a53920922372f5b868049e;hpb=a1e5d966dc866d7d3298cd3538ad583328a11991;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 05d79fb0f..7cd6738a2 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -76,7 +76,7 @@
 #                    MAIN CONFIGURATION SETTINGS                     #
 ######################################################################
 
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
  perl_startup = do '/etc/exim4/exim_surbl.pl'
 <%- end -%>
 
@@ -87,7 +87,7 @@
 acl_smtp_helo = check_helo
 acl_smtp_rcpt = ${if ={$interface_port}{587} {check_submission}{check_recipient}}
 acl_smtp_data = check_message
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
 acl_smtp_mime = acl_check_mime
 <%- end -%>
 acl_smtp_predata = acl_check_predata
@@ -174,7 +174,7 @@ timeout_frozen_after=14d
 message_size_limit = 100M
 message_logs = false
 smtp_accept_max_per_host = ${if match_ip {$sender_host_address}{+debianhosts}{0}{7}}
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
 smtp_accept_max = 300
 smtp_accept_queue = 200
 smtp_accept_queue_per_connection = 50
@@ -193,7 +193,7 @@ check_spool_space  = 20M
 
 delay_warning =
 
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
 message_body_visible = 5000
 queue_run_max = 50
 deliver_queue_load_max = 50
@@ -224,12 +224,12 @@ if @is_bugsmx
   ports << 587
 end
 
-if not scope.lookupvar('site::nodeinfo')['mail_port'].to_s.empty?
-  ports << scope.lookupvar('site::nodeinfo')['mail_port']
+if not scope.lookupvar('deprecated::nodeinfo')['mail_port'].to_s.empty?
+  ports << scope.lookupvar('deprecated::nodeinfo')['mail_port']
 end
 
 if @is_mailrelay
-  ports << scope.lookupvar('site::nodeinfo')['smarthost_port']
+  ports << @smarthost_port
 end
 
 out += ports.uniq.sort.join(" : ")
@@ -243,7 +243,7 @@ pipelining_advertise_hosts = !*
 tls_advertise_hosts = *
 smtp_enforce_sync = true
 
-log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation
+log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation +smtp_protocol_error
 
 received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
                                  {${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
@@ -267,7 +267,9 @@ GREYLIST_LOCAL_PARTS = ${if match_domain{$domain}{+virtual_domains}\
                        {${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/grey_users}}}{$local_part}{}}}{}}}\
                        {${lookup{$local_part}lsearch{/etc/exim4/grey_users}{$local_part}{}}}} : \
                        ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-greylist}{$local_part}{}}
+<%- if @is_rtmaster -%>
 RT_QUEUE_MAP = /srv/rt.debian.org/mail/rt_queue_map
+<%- end -%>
 
 keep_environment =
 add_environment =
@@ -407,7 +409,7 @@ check_helo:
   accept  verify   = certificate
 
 <%- end -%>
-<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%>
+<%- unless @smarthost -%>
   # These are in HELO acl so that they are only run once.  They increment a counter,
   # so we don't want it to increment per rcpt to.
 
@@ -597,10 +599,10 @@ check_recipient:
 
   # disabled accounts don't even get local mail.
   deny   domains       = +virtual_domains
-         local_parts   = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/mail-disable}}}\
-                                     {lsearch;${extract{directory}{VDOMAINDATA}{${value}/mail-disable}}}\
+         condition    = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/mail-disable}}}\
+                                     {${lookup{${extract{1}{-}{$local_part}}}lsearch{${extract{directory}{VDOMAINDATA}{${value}/mail-disable}}}{true}{false}}}\
                                      {}}
-         message       = ${lookup{$local_part}lsearch{${extract{directory}{VDOMAINDATA}{${value}/mail-disable}}}{$value}}
+         message       = ${lookup{${extract{1}{-}{$local_part}}}lsearch{${extract{directory}{VDOMAINDATA}{${value}/mail-disable}}}{$value}}
 
   deny   local_parts   = lsearch;/var/lib/misc/$primary_hostname/mail-disable
          domains       = +local_domains
@@ -623,12 +625,6 @@ check_recipient:
   deny    domains       = !+handled_domains
           local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
 
-# forwards mail to @d.o address, even if it's a bounce from master, no reply
-# from source address; rejecting all mail now.
-  deny    recipients    = mendoza@debian.org
-          hosts         = 65.110.39.147 : 64.39.31.15
-          message       = <mendoza@kenny.linuxsis.net> cannot forward here while mailer-daemon mail is not caught
-
   deny    condition     = ${lookup{$sender_address_local_part}lsearch{/etc/exim4/localusers}{true}}
 	  sender_domains= +local_domains
 	  hosts         = !+debianhosts
@@ -821,7 +817,7 @@ check_recipient:
   accept  local_parts   = +postmasterish
           domains       = +virtual_domains : +bsmtp_domains
 
-<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%>
+<%- unless @smarthost -%>
   deny    message  = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text
           dnslists = ${if match_domain{$domain}{+virtual_domains}\
 		     {${if exists {${extract{directory}{VDOMAINDATA}{${value}/rbllist}}}\
@@ -841,7 +837,7 @@ check_recipient:
 	  domains       = +handled_domains
 	  !hosts        = +debianhosts : WHITELIST
 
-<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%>
+<%- unless @smarthost -%>
   deny    domains  = +handled_domains
           local_parts = ${if match_domain{$domain}{+virtual_domains}\
                         {${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\
@@ -869,7 +865,7 @@ check_recipient:
 
   deny    message = relay not permitted
 
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
 acl_check_mime:
 
  accept  verify        = certificate
@@ -921,7 +917,7 @@ check_message:
 
 <%- end -%>
 <%- if @is_packagesqamaster -%>
-  deny    !hosts  = +debianhosts : 5.153.231.21
+  deny    !hosts  = +debianhosts
           condition = ${if eq {$acl_m_prf}{PTSMail}}
           condition = ${if def:h_X-PTS-Approved:{false}{true}}
           message   = messages to the PTS require an X-PTS-Approved header
@@ -984,7 +980,7 @@ check_message:
           message         = X-malware detected: $malware_name
 
 <%- end -%>
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
  discard condition     = ${if <{$message_size}{256000}}
          condition     = ${if eq {$acl_m_prf}{blackhole}}
          set acl_m_srb = ${perl{surblspamcheck}}
@@ -1039,7 +1035,6 @@ begin rewrite
 *@debian.org ${lookup{$1}cdb{/var/lib/misc/${primary_hostname}/mail-forward.cdb}{$value}fail} T
 *@people.debian.org ${lookup{$1}cdb{/var/lib/misc/${primary_hostname}/mail-forward.cdb}{$value}fail} T
 #*@${primary_hostname} "${if exists{/etc/exim4/email-addresses}{${lookup{$1}lsearch{/etc/exim4/email-addresses}{$value}fail}}fail}" fFs
-m68k@buildd.debian.org m68k-build@nocrew.org Ttrbc
 
 
 #!!#######################################################!!#
@@ -1088,23 +1083,17 @@ ipliteral:
   transport = remote_smtp
   ignore_target_hosts = +reservedaddrs
 
-<%=
-out = ""
-if not scope.lookupvar('site::nodeinfo')['smarthost'].empty?
-out = "
+<%- if @smarthost -%>
 smarthost:
   debug_print = \"R: smarthost for $local_part@$domain\"
   driver = manualroute
   domains = !+handled_domains
   transport = remote_smtp_smarthost
-  route_list = * #{scope.lookupvar('site::nodeinfo')['smarthost']}
+  route_list = * <%= @smarthost %>
   host_find_failed = defer
   same_domain_copy_routing = yes
   no_more
-"
-end
-out
-%>
+<%- end -%>
 
 # This router routes to remote hosts over SMTP using a DNS lookup.
 # Ignore reserved network responses, including localhost.
@@ -1347,7 +1336,7 @@ rt_force_new_verbose:
   pipe_transport = rt_pipe
   data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --ca-file /etc/ssl/ca-debian/ca-certificates.crt --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
   headers_remove = Subject
-  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}"
+  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?is)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}"
 
 # FIXME: figure out how to generalize this approach so that all of the following would work
 # - rt+NNNN@rt.debian.org          : attach correspondence to ticket (verbose)
@@ -1364,7 +1353,7 @@ rt_force_new_quiesce:
   pipe_transport = rt_pipe
   data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --ca-file /etc/ssl/ca-debian/ca-certificates.crt --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
   headers_remove = Subject
-  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}"
+  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?is)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}"
 
 rt_otherwise:
   debug_print = "R: rt for $local_part@$domain"
@@ -1582,24 +1571,17 @@ remote_smtp:
   tls_certificate = /etc/exim4/ssl/thishost.crt
   tls_privatekey = /etc/exim4/ssl/thishost.key
 
-<%=
-out = ""
-if not scope.lookupvar('site::nodeinfo')['smarthost'].empty?
-out = '
+<%- if @smarthost -%>
 remote_smtp_smarthost:
   debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
   driver = smtp
   delay_after_cutoff = false
-  port = '
-  out += scope.lookupvar('site::nodeinfo')['smarthost_port'].to_s + "\n"
-  out += '  tls_tempfail_tryclear = false
-  hosts_require_tls = ' + scope.lookupvar('site::nodeinfo')['smarthost'] + '
+  port = <%= @smarthost_port %>
+  tls_tempfail_tryclear = false
+  hosts_require_tls = <%= scope.lookupvar('deprecated::nodeinfo')['smarthost'] %>
   tls_certificate = /etc/exim4/ssl/thishost.crt
   tls_privatekey = /etc/exim4/ssl/thishost.key
-'
-end
-out
-%>
+<%- end -%>
 # Send the message to procmail
 procmail_pipe:
   driver = pipe