X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=fb7b0838bc1ea7fc1555ca51cafc5e60a180b58f;hb=68a9001c3cd5c120c52a470ffd70fcc7d68964f7;hp=0eaa935d1c204a4d9277ee6982787c3087577d9d;hpb=2bd0f7f35308dede2a5c8fa98a69c0ed5bc7045a;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 0eaa935d1..fb7b0838b 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -121,8 +121,6 @@ allow_domain_literals = true
 # Other domain and host lists may follow.
 # @ is the local FQDN, @[] matches the IP adress of any local interface.
 
-.include_if_exists /etc/exim4/local-settings.conf
-
 domainlist local_domains = @ : \
     @[] : \
     localhost : \
@@ -241,7 +239,7 @@ ports = []
 out = "daemon_smtp_ports = "
 ports << 25
 
-if nodeinfo['bugsmaster']
+if nodeinfo['bugsmaster'] or nodeinfo['bugsmx']
   ports << 587
 end
 
@@ -415,11 +413,10 @@ out
 %>
 
 <%= 
-out = ""
 if nodeinfo['smarthost'].empty?
-  out = "
+  out = '
   # These are in HELO acl so that they are only run once.  They increment a counter,
-  # so we don't want it to increment per rcpt to.
+  # so we don\'t want it to increment per rcpt to.
 
   warn    dnslists       = list.dnswl.org&0.0.0.3
           log_message    = Hit on list.dnswl.org for $sender_host_address
@@ -454,7 +451,7 @@ if nodeinfo['smarthost'].empty?
           dnslists       = dul.dnsbl.sorbs.net
           set acl_c_scr  = ${eval:$acl_c_scr+15}
 
-  # If the sender's helo name is empty, the message will be rejected later
+  # If the sender\'s helo name is empty, the message will be rejected later
   # because the helo is empty.  If the rDNS lookup failed, we are already
   # going to greylist them, so no sense worrying about it here.  Finally,
   # if rDNS does not match helo name (both lower cased first), greylist.
@@ -463,7 +460,7 @@ if nodeinfo['smarthost'].empty?
           condition      = ${if eq {$host_lookup_failed}{1}{no}{yes}}
           condition      = ${if def:sender_helo_name {yes}{no}}
           condition      = ${if eq {${lc:$sender_helo_name}}{${lc:$sender_host_name}}{no}{yes}}
-          log_message    = HELO doesn't match rDNS
+          log_message    = HELO doesn\'t match rDNS
           set acl_c_scr  = ${eval:$acl_c_scr+8}
 
   # Regexes of doom
@@ -484,15 +481,22 @@ if nodeinfo['smarthost'].empty?
        set acl_c_scr   = ${eval:$acl_c_scr+7}
 
   # Random HELO (run of 7 consonants) (constructed by viruses).  We purposefully
-  # skip matching on machines named .*smtp.*, since that's 4 already.  This is a fairly
-  # naive test, so it's not worth much
+  # skip matching on machines named .*smtp.*, since that\'s 4 already.  This is a fairly
+  # naive test, so it\'s not worth much
 
   warn condition       = ${if match {${lc:$sender_helo_name}}{smtp}{no}{yes}}
        condition       = ${if match {${lc:$sender_helo_name}}{\N^[a-z0-9]+\.[a-z]+$\N}}
        condition       = ${if match {${lc:$sender_helo_name}}{\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}}
        log_message     = random HELO
        set acl_c_scr   = ${eval:$acl_c_scr+5}
-"
+'
+else
+  out = '
+  drop !hosts          = +debianhosts
+       log_message     = mail from non-d.o host
+       message         = Interesting.  I doubt that should have happened.
+'
+end
 out
 %>
 
@@ -855,6 +859,10 @@ out
          senders       = ${if exists{/etc/exim4/blacklist}{/etc/exim4/blacklist}{}}
          message       = We have blacklisted <$sender_address>.  Please stop mailing us
 
+<%= 
+out = ""
+if nodeinfo['smarthost'].empty?
+  out = '
   deny    message  = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text
           dnslists = ${if match_domain{$domain}{+virtual_domains}\
 		     {${if exists {${extract{directory}{VDOMAINDATA}{${value}/rbllist}}}\
@@ -863,6 +871,10 @@ out
 		     ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-rbl}{$value}{}}}}
 	  domains       = +handled_domains : +rcpthosts
 	  !hosts        = +debianhosts : WHITELIST
+'
+end
+out
+%>
 
   deny    message  = domain $sender_address_domain is listed in $dnslist_domain; see $dnslist_text
           dnslists = ${if match_domain{$domain}{+virtual_domains}\
@@ -873,6 +885,10 @@ out
 	  domains       = +handled_domains : +rcpthosts
 	  !hosts        = +debianhosts : WHITELIST
 
+<%= 
+out = ""
+if nodeinfo['smarthost'].empty?
+  out = '
   deny    domains  = +handled_domains : +rcpthosts
           local_parts   = ${if match_domain{$domain}{+virtual_domains}\
 	           	   {${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\
@@ -880,7 +896,11 @@ out
 		           {${lookup{$local_part}lsearch{/etc/exim4/callout_users}{$local_part}{}} : \
 		           ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-callout}{$local_part}{}}}}
           !hosts   = +debianhosts : WHITELIST
-	  !verify  = sender/callout
+	  !verify  = sender/callout=90s,maxwait=300s
+'
+end
+out
+%>
 
 <%=
 out = ""
@@ -1360,14 +1380,18 @@ out
 
 <%=
 out = ""
-if nodeinfo['bugsmaster']
+if nodeinfo['bugsmaster'] or nodeinfo['bugsmx']
+  domain = 'bugs.debian.org'
+  if nodeinfo['bugsmaster']
+    domain = 'bugs-master.debian.org'
+  end
   out = '
 # This router delivers for bugs.d.o
 bugs:
   debug_print = "R: bugs for $local_part@$domain"
   driver = accept
   transport = bugs_pipe
-  domains = bugs.debian.org
+  domains = ' + domain + '
   cannot_route_message = Unknown or archived bug
   require_files = /org/bugs.debian.org/mail/run-procmail
   no_more
@@ -1660,7 +1684,7 @@ bsmtp:
 
 <%=
 out = ""
-if nodeinfo['bugsmaster']
+if nodeinfo['bugsmaster'] or nodeinfo['bugsmx']
   out = '
 bugs_pipe:
   driver = pipe