X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=9dc92818a5c30191db88ad66a6ffbc922a5a4dad;hb=5a6ab1f3e3b79df87c63891606044f4d617c67c3;hp=aec6edbe9242992db3302793a700b327b8c560b8;hpb=0350939d4f33195041773775e73c635865b6c609;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index aec6edbe9..9dc92818a 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -77,7 +77,7 @@ ###################################################################### <%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%> -perl_startup = do '/etc/exim4/exim_surbl.pl' + perl_startup = do '/etc/exim4/exim_surbl.pl' <%- end -%> # These options specify the Access Control Lists (ACLs) that @@ -151,6 +151,11 @@ host_lookup = * untrusted_set_sender = * +# Some spam scanners (*cough* irritated *cough*) want the Sender field +# to exist. Appease them by not actually adding a Sender field. + +local_from_check = false + # Some operating systems use the "gecos" field in the system password file # to hold other information in addition to users' real names. Exim looks up # this field when it is creating "sender" and "from" headers. If these options @@ -264,6 +269,9 @@ GREYLIST_LOCAL_PARTS = ${if match_domain{$domain}{+virtual_domains}\ ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-greylist}{$local_part}{}} RT_QUEUE_MAP = /srv/rt.debian.org/mail/rt_queue_map +keep_environment = +add_environment = + ###################################################################### # ACL CONFIGURATION # ###################################################################### @@ -634,7 +642,7 @@ check_recipient: deny condition = ${if match_domain{$sender_address_domain}{+virtual_domains}{1}{0}} condition = ${if exists {${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}}{1}{0}} - condition = ${lookup{$sender_address_local_part}lsearch{${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}{true}} + condition = ${lookup{$sender_address_local_part}lsearch{${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}}{true}} message = no mail should ever come from <$sender_address> warn condition = ${if eq{$acl_m_prf}{localonly}} @@ -798,9 +806,6 @@ check_recipient: message = ${sg{$acl_m_pgr}{^\\w+\\s*}{}} <%- end -%> - accept local_parts = +postmasterish - domains = +virtual_domains : +bsmtp_domains - deny hosts = ${if exists{/etc/exim4/host_blacklist}{/etc/exim4/host_blacklist}{}} message = I'm terribly sorry, but it seems you have been blacklisted log_message = blacklisted IP @@ -809,6 +814,9 @@ check_recipient: senders = ${if exists{/etc/exim4/blacklist}{/etc/exim4/blacklist}{}} message = We have blacklisted <$sender_address>. Please stop mailing us + accept local_parts = +postmasterish + domains = +virtual_domains : +bsmtp_domains + <%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%> deny message = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text dnslists = ${if match_domain{$domain}{+virtual_domains}\ @@ -1327,7 +1335,7 @@ rt_force_new_verbose: local_parts = ${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}} local_part_suffix = +new pipe_transport = rt_pipe - data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}" + data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --ca-file /etc/ssl/ca-debian/ca-certificates.crt --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}" headers_remove = Subject headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}" @@ -1344,7 +1352,7 @@ rt_force_new_quiesce: local_parts = ${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}} local_part_suffix = +new-quiesce pipe_transport = rt_pipe - data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}" + data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --ca-file /etc/ssl/ca-debian/ca-certificates.crt --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}" headers_remove = Subject headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}" @@ -1357,7 +1365,7 @@ rt_otherwise: local_part_suffix = +* local_part_suffix_optional pipe_transport = rt_pipe - data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-(comment|done)}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{${if match{$local_part}{.*-done.*}{correspond-resolve}{correspond}}}}" + data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-(comment|done)}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --ca-file /etc/ssl/ca-debian/ca-certificates.crt --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{${if match{$local_part}{.*-done.*}{correspond-resolve}{correspond}}}}" headers_remove = Subject headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}" <%- end -%>