From: Stephen Gran <steve@lobefin.net>
Date: Sun, 7 Jun 2009 10:25:10 +0000 (+0100)
Subject: Move reject of localonly users to predata.  This allows callouts to
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=2ec5592691eda1d08906014389fa31fe31662a61;p=mirror%2Fdsa-puppet.git

Move reject of localonly users to predata.  This allows callouts to
work.  This feels dishonest.
Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 98d608ce3..bbfd0c657 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -108,6 +108,7 @@ if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
 end
 out
 %>
+acl_smtp_predata = acl_check_predata
 
 # accept domain literal syntax in e-mail addresses. To actually make use of
 # this a router is also required
@@ -280,6 +281,13 @@ RT_QUEUE_MAP = /srv/rt.debian.org/mail/rt_queue_map
 ######################################################################
 begin acl
 
+acl_localonly:
+  accept  local_parts   = +local_only_users
+          domains       = +local_domains
+          hosts         = !+debianhosts
+
+  deny
+
 check_helo:
 
   warn    set acl_c1    = 0
@@ -513,10 +521,22 @@ out
           condition     = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}}
 	  message       = no mail should ever come from <$sender_address>
 
-  deny    local_parts   = +local_only_users
-  	  domains       = +local_domains
-          hosts         = !+debianhosts
-	  message       = mail for $local_part is only accepted internally
+  warn    condition     = ${if eq{$acl_m6}{}}
+          acl           = acl_localonly
+          set acl_m6    = localonly
+          set acl_m7    = ${if eq{$acl_m7}{}{$local_part@$domain}{$acl_m7, $local_part@$domain}}
+
+  warn    condition     = ${if eq{$acl_m6}{}}
+          !acl          = acl_localonly
+          set acl_m6    = normal
+
+  defer   condition     = ${if eq{$acl_m6}{localonly}}
+          !acl          = acl_localonly
+          log_message   = Only one profile at a time, please
+
+  defer   condition     = ${if eq{$acl_m6}{normal}}
+          acl           = acl_localonly
+          log_message   = Only one profile at a time, please
 
 <%=
 out=''
@@ -788,6 +808,13 @@ end
 out
 %>
 
+acl_check_predata:
+  deny   condition     = ${if eq{$acl_m6}{localonly}}
+         message       = $acl_m7 does not send mail; nondelivery reports are rejected as fakes.
+
+  accept
+
+
 #!!# ACL that is used after the DATA command
 check_message:
   require verify = header_syntax