X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=ee73e02e07c358ca26983073f87a483f04917c8b;hb=b43dbb621c4983145441757c3eee344600cbefb8;hp=e7a73de7d8bc44a9bf368e93ac48af1d5a34fb6f;hpb=e76e6b2577f5216a2674c181e25c6c8c59d33783;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index e7a73de7d..ee73e02e0 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -27,10 +27,6 @@ # is much like a local domain, execpt that the delivery location # and allowed set of users is controlled by a virtual domain # alias file and not /etc/passwd. Wildcards are permitted -# relayhosts - Hostnames that can send any arbitarily addressed mail to -# us. This is primarily only useful for emergency 'queue -# flushing' operations, but should be populated with a list -# of trusted machines. Wildcards are not permitted # bsmtp_domains - Domains that we deliver locally via bsmtp # submission-domains - Domains for which mail will be accepted via the # submission port @@ -311,10 +307,10 @@ GREYLIST_LOCAL_PARTS = ${if match_domain{$domain}{+virtual_domains}\ # If a user has not explicitly disabled the option, the assumption is in # favour of filtering. HAS_DEFAULT_OPTIONS = ${if and {\ - {eq{${lookup{$local_part}dbmnz{/var/lib/misc/$primary_hostname/default-mail-options.db}{$value}{TRUE}}}{TRUE}}\ - {exists{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.db}}}}\ - {! eq {${lookup{$local_part}dbmnz{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.db}}}}}{}}\ - }} + {eq{${lookup{$local_part}dbmnz{/var/lib/misc/$primary_hostname/default-mail-options.db}{$value}{TRUE}}}{TRUE}}\ + {exists{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.db}}}}\ + {! eq {${lookup{$local_part}dbmnz{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.db}}}}}{}}\ + }} <%- if @is_rtmaster -%> # This subject rewrite is embedded in double-quoted strings. As such, some of # the items need more escaping than usual, otherwise \N becomes simply "N" and @@ -729,7 +725,7 @@ check_recipient: <%- if @is_packagesmaster -%> warn condition = ${if eq {$acl_m_prf}{PackagesMail}} condition = ${if eq {$sender_address}{$local_part@$domain}} - message = X-Packages-FromTo-Same: yes + add_header = X-Packages-FromTo-Same: yes <%- end -%> deny condition = ${if !eq {$acl_m_prf}{PopconMail}} @@ -814,7 +810,7 @@ check_recipient: log_message = greylisted. condition = ${if or { \ {eq{$acl_m_grey_recip}{1}} \ - {bool_lax{HAS_DEFAULT_OPTIONS}} \ + {bool_lax{$acl_m_defopt}} \ } \ } !senders = : @@ -855,7 +851,7 @@ check_recipient: domains = +handled_domains condition = ${if or { \ {eq{$acl_m_grey_recip}{1}} \ - {bool_lax{HAS_DEFAULT_OPTIONS}} \ + {bool_lax{$acl_m_defopt}} \ } \ } set acl_m_pgr = request=smtpd_access_policy\n\ @@ -885,7 +881,7 @@ check_recipient: domains = +handled_domains condition = ${if or { \ {eq{$acl_m_grey_recip}{1}} \ - {bool_lax{HAS_DEFAULT_OPTIONS}} \ + {bool_lax{$acl_m_defopt}} \ } \ } condition = ${if eq{${uc:${substr_0_7:$acl_m_pgr}}}{PREPEND}} @@ -919,7 +915,7 @@ check_recipient: !hosts = +debianhosts : WHITELIST deny message = host $sender_host_address is listed in $dnslist_domain ($dnslist_value); see $dnslist_text - condition = ${if bool_lax{HAS_DEFAULT_OPTIONS}} + condition = ${if bool_lax{$acl_m_defopt}} dnslists = relays.dnsbl.sorbs.net : xbl.spamhaus.org domains = +handled_domains !hosts = +debianhosts : WHITELIST @@ -940,7 +936,7 @@ check_recipient: !hosts = +debianhosts : WHITELIST deny message = domain $sender_address_domain is listed in $dnslist_domain ($dnslist_value); see $dnslist_text - condition = ${if bool_lax{HAS_DEFAULT_OPTIONS}} + condition = ${if bool_lax{$acl_m_defopt}} dnslists = dbl.spamhaus.org/$sender_address_domain domains = +handled_domains !hosts = +debianhosts : WHITELIST @@ -997,7 +993,7 @@ acl_check_mime: condition = ${if eq {$acl_m_prf}{markup}} set acl_m_srb = ${perl{surblspamcheck}} condition = ${if !eq{$acl_m_srb}{false}} - message = X-Surbl-Hit: $primary_hostname: $acl_m_srb + add_header = X-Surbl-Hit: $primary_hostname: $acl_m_srb # Dump MIME parts to disk. "default" creates sequentially-named files # in /scan// which should then be @@ -1072,6 +1068,30 @@ check_message: condition = ${if !eq {$acl_m_prf}{PopconMail}} message = Your mailer is not RFC 2047 compliant: message rejected + discard condition = ${if eq {$acl_m_prf}{blackhole}} + condition = ${if bool_lax{$acl_m_defopt}} + condition = ${if or {\ + {match {$message_body}{Wenn Sie zukünftig keine weiteren Informationen erhalten möchten,
unwissentlich oder unbeabsichtigt in den Verteiler aufgenommen wurden,}} \ + }\ + } + log_message = Discarded suspicious content for $recipients + + deny condition = ${if !eq {$acl_m_prf}{markup}} + condition = ${if bool_lax{$acl_m_defopt}} + condition = ${if or {\ + {match {$message_body}{Wenn Sie zukünftig keine weiteren Informationen erhalten möchten,
unwissentlich oder unbeabsichtigt in den Verteiler aufgenommen wurden,}} \ + }\ + } + message = Rejected due to suspicious content + + warn condition = ${if eq {$acl_m_prf}{markup}} + condition = ${if bool_lax{$acl_m_defopt}} + condition = ${if or {\ + {match {$message_body}{Wenn Sie zukünftig keine weiteren Informationen erhalten möchten,
unwissentlich oder unbeabsichtigt in den Verteiler aufgenommen wurden,}} \ + }\ + } + add_header = X-debian-content-warning: yes + <%- if has_variable?("clamd") && @clamd -%> discard condition = ${if eq {$acl_m_prf}{blackhole}} malware = */defer_ok