X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=7f967c4cc4b73ffac5d75467e1a49c7fee71b3b4;hb=b1c57d74d65300c3a0ab989cd820a0a19022c427;hp=5c9f8bb287dfd80af995eccea5cfa3535f996e78;hpb=a576c8137feaea3598c4f70ed7e01953027c386e;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 5c9f8bb28..7f967c4cc 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -123,7 +123,7 @@ localpartlist postmasterish = postmaster : abuse : hostmaster hostlist debianhosts = <; ; 127.0.0.1 ; ::1 ; /var/lib/misc/thishost/debianhosts ; 89.16.166.49 ; 82.195.75.76 ; 2001:41b8:202:deb:bab5:0:52c3:4b4c -hostlist reservedaddrs = <%= scope.lookupvar('site::nodeinfo')['reservedaddrs'] %> +hostlist reservedaddrs = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : 172.16.0.0/12 : 192.0.0.0/24 : 192.168.0.0/16 : 224.0.0.0/4 : 240.0.0.0/5 : 248.0.0.0/5 <%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%> # Domains we relay for; that is domains that aren't considered local but we @@ -798,7 +798,7 @@ check_recipient: <%- end -%> accept local_parts = +postmasterish - domains = +handled_domains + domains = +virtual_domains : +bsmtp_domains deny hosts = ${if exists{/etc/exim4/host_blacklist}{/etc/exim4/host_blacklist}{}} message = I'm terribly sorry, but it seems you have been blacklisted @@ -837,6 +837,7 @@ check_recipient: ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-callout}{$local_part}{}} !hosts = +debianhosts : WHITELIST !verify = sender/callout=90s,maxwait=300s + message = "Sender verification failed: $acl_verify_message" <%- end -%> <%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%> @@ -928,7 +929,7 @@ check_message: deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} !verify = header_syntax - message = Invalid syntax in the header + message = Invalid header syntax: $acl_verify_message # RFC 822 and 2822 say that headers must be ASCII. This kinda emulates # postfix's strict_7bit_headers option, but only checks a few common problem @@ -1071,21 +1072,17 @@ ipliteral: <%= out = "" if not scope.lookupvar('site::nodeinfo')['smarthost'].empty? -out = ' +out = " smarthost: - debug_print = "R: smarthost for $local_part@$domain" + debug_print = \"R: smarthost for $local_part@$domain\" driver = manualroute domains = !+handled_domains transport = remote_smtp_smarthost - route_list = * ' + scope.lookupvar('site::nodeinfo')['smarthost'] - if scope.lookupvar('site::nodeinfo')['smarthost'] == 'mailout.debian.org' - out += '/MX' - end - out += ' + route_list = * #{scope.lookupvar('site::nodeinfo')['smarthost']} host_find_failed = defer same_domain_copy_routing = yes no_more -' +" end out %> @@ -1107,7 +1104,7 @@ postmasterish: unseen = true expn = true local_parts = +postmasterish - domains = +handled_domains + domains = +virtual_domains : +bsmtp_domains data = debian-admin@debian.org headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}" @@ -1149,11 +1146,7 @@ userforward_verify: user = Debian-exim no_check_local_user directory_transport = address_directory -<%- if fqdn == "master.debian.org" -%> - domains = +local_domains : debian.org -<%- else -%> domains = +local_domains -<%- end -%> # filter - I have disabled filtering to force users to use .forward-foo files # or procmail. This will make it easier to move mailers in the future # @@ -1232,11 +1225,7 @@ userforward: check_ancestor check_local_user directory_transport = address_directory -<%- if fqdn == "master.debian.org" -%> - domains = +local_domains : debian.org -<%- else -%> domains = +local_domains -<%- end -%> # filter - I have disabled filtering to force users to use .forward-foo files # or procmail. This will make it easier to move mailers in the future # @@ -1264,11 +1253,7 @@ procmail: debug_print = "R: procmail for $local_part@$domain" driver = accept check_local_user -<%- if fqdn == "master.debian.org" -%> - domains = +local_domains : debian.org -<%- else -%> domains = +local_domains -<%- end -%> headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}" local_part_suffix = -* local_part_suffix_optional @@ -1441,9 +1426,19 @@ virt_users: transport_current_directory = ${extract{directory}{VDOMAINDATA}} user = ${extract{user}{VDOMAINDATA}} group = ${extract{group}{VDOMAINDATA}} - data = ${if exists{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}\ - {${lookup{$local_part}cdb\ - {${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}}} + # Manually construct the forwarding address, preserving the + # local_part_suffix if the remote host is master. + data = ${if and {{exists{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}\ + {! eq {${lookup{$local_part}cdb\ + {${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}}\ + {}}}\ + {${local_part:${lookup{$local_part}cdb\ + {${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}}\ + ${if eq {${domain:${lookup{$local_part}cdb\ + {${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}}}{master.debian.org}{$local_part_suffix} {}}\ + @\ + ${domain:${lookup{$local_part}cdb\ + {${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}}}} domains = +virtual_domains file_transport = address_file headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}" @@ -1566,7 +1561,7 @@ address_reply: remote_smtp: driver = smtp - connect_timeout = 1m + connect_timeout = 15s delay_after_cutoff = false tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key