From: Stephen Gran Date: Fri, 22 May 2009 23:25:55 +0000 (+0100) Subject: Let's try a nice SURBL lookup for the PTS mail X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=4a90da07c6b9efbd5cd4d52e31b1ec3925257d5a;p=mirror%2Fdsa-puppet.git Let's try a nice SURBL lookup for the PTS mail Signed-off-by: Stephen Gran --- diff --git a/files/etc/puppet/lib/puppet/parser/functions/nodeinfo.rb b/files/etc/puppet/lib/puppet/parser/functions/nodeinfo.rb index 159b869e9..64e94dbd1 100644 --- a/files/etc/puppet/lib/puppet/parser/functions/nodeinfo.rb +++ b/files/etc/puppet/lib/puppet/parser/functions/nodeinfo.rb @@ -29,23 +29,28 @@ module Puppet::Parser::Functions end end - results['mail_port'] = '' + results['mail_port'] = '' results['smarthost'] = '' + results['heavy_exim'] = "" results['smarthost_port'] = 587 - results['reservedaddrs'] = '0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : 172.16.0.0/12 : 192.0.0.0/17 : 192.168.0.0/16 : 224.0.0.0/4 : 240.0.0.0/5 : 248.0.0.0/5' + results['reservedaddrs'] = '0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : 172.16.0.0/12 : 192.0.0.0/17 : 192.168.0.0/16 : 224.0.0.0/4 : 240.0.0.0/5 : 248.0.0.0/5' if yaml.has_key?('mail_port') and yaml['mail_port'].has_key?(host) results['mail_port'] = yaml['mail_port'][host] end if yaml.has_key?('need_smarthost') and yaml['need_smarthost'].include?(host) - results['smarthost'] = "mailout.debian.org" + results['smarthost'] = "mailout.debian.org" end if yaml.has_key?('reservedaddrs') and yaml['reservedaddrs'].has_key?(host) results['reservedaddrs'] = yaml['reservedaddrs'][host] end + if yaml.has_key?('heavy_exim') and yaml['heavy_exim'].include?(host) + results['heavy_exim'] = "true" + end + ldap = LDAP::Conn.new('db.debian.org') results['ldap'] = [] diff --git a/manifests/site.pp b/manifests/site.pp index 809d74c46..fcf97e889 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -31,7 +31,12 @@ node default { } case $mta { - "exim4": { include exim } + "exim4": { + case $nodeinfo['heavy_exim'] { + "true": { include eximmx } + default: { include exim } + } + } default: {} } diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml index 2b3c006d2..19550c512 100644 --- a/modules/debian-org/misc/local.yaml +++ b/modules/debian-org/misc/local.yaml @@ -68,6 +68,8 @@ need_smarthost: - ancina.debian.org - allegri.debian.org - piatti.debian.org +heavy_exim: + - powell.debian.org services: bugsmaster: rietz.debian.org qamaster: merkel.debian.org diff --git a/modules/exim/files/common/ccTLD.txt b/modules/exim/files/common/ccTLD.txt new file mode 100644 index 000000000..d04aa8aad --- /dev/null +++ b/modules/exim/files/common/ccTLD.txt @@ -0,0 +1,1931 @@ +2000.hu +ab.ca +ab.se +abo.pa +ac.ae +ac.am +ac.at +ac.bd +ac.be +ac.cn +ac.com +ac.cr +ac.cy +ac.fj +ac.fk +ac.gg +ac.gn +ac.hu +ac.id +ac.il +ac.im +ac.in +ac.ir +ac.je +ac.jp +ac.ke +ac.kr +ac.lk +ac.ma +ac.me +ac.mw +ac.ng +ac.nz +ac.om +ac.pa +ac.pg +ac.rs +ac.ru +ac.rw +ac.se +ac.th +ac.tj +ac.tz +ac.ug +ac.uk +ac.vn +ac.yu +ac.za +ac.zm +ac.zw +act.au +ad.jp +adm.br +adult.ht +adv.br +adygeya.ru +aero.mv +aero.tt +aeroport.fr +agr.br +agrar.hu +agro.pl +ah.cn +aichi.jp +aid.pl +ak.us +akita.jp +al.us +aland.fi +alderney.gg +alt.na +alt.za +altai.ru +am.br +amur.ru +amursk.ru +aomori.jp +ar.us +arkhangelsk.ru +army.mil +arq.br +art.br +art.do +art.dz +art.ht +art.pl +arts.co +arts.ro +arts.ve +asn.au +asn.lv +ass.dz +assedic.fr +assn.lk +asso.dz +asso.fr +asso.gp +asso.ht +asso.mc +asso.re +astrakhan.ru +at.tf +at.tt +atm.pl +ato.br +au.com +au.tt +augustow.pl +auto.pl +av.tr +avocat.fr +avoues.fr +az.us +babia-gora.pl +baikal.ru +barreau.fr +bashkiria.ru +bbs.tr +bc.ca +bd.se +be.tt +bedzin.pl +bel.tr +belgie.be +belgorod.ru +beskidy.pl +bg.tf +bialowieza.pl +bialystok.pl +bib.ve +bielawa.pl +bieszczady.pl +bio.br +bir.ru +biz.az +biz.bh +biz.cy +biz.et +biz.fj +biz.ly +biz.mv +biz.nr +biz.om +biz.pk +biz.pl +biz.pr +biz.tj +biz.tr +biz.tt +biz.ua +biz.vn +bj.cn +bl.uk +bmd.br +boleslawiec.pl +bolt.hu +bourse.za +br.com +brand.se +british-library.uk +bryansk.ru +buryatia.ru +busan.kr +bydgoszcz.pl +bytom.pl +c.se +ca.tf +ca.tt +ca.us +casino.hu +cbg.ru +cc.bh +cci.fr +ch.tf +ch.vu +chambagri.fr +chel.ru +chelyabinsk.ru +cherkassy.ua +chernigov.ua +chernovtsy.ua +chiba.jp +chirurgiens-dentistes.fr +chita.ru +chukotka.ru +chungbuk.kr +chungnam.kr +chuvashia.ru +cieszyn.pl +cim.br +city.hu +city.za +ck.ua +club.tw +cmw.ru +cn.com +cn.ua +cng.br +cnt.br +co.ae +co.ag +co.am +co.ao +co.at +co.ba +co.bw +co.ck +co.cr +co.dk +co.ee +co.fk +co.gg +co.hu +co.id +co.il +co.im +co.in +co.ir +co.je +co.jp +co.ke +co.kr +co.ls +co.ma +co.me +co.mu +co.mw +co.mz +co.nz +co.om +co.rs +co.rw +co.st +co.th +co.tj +co.tt +co.tv +co.tz +co.ua +co.ug +co.uk +co.us +co.uz +co.ve +co.vi +co.yu +co.za +co.zm +co.zw +com.ac +com.ae +com.af +com.ag +com.ai +com.al +com.am +com.an +com.ar +com.au +com.aw +com.az +com.ba +com.bb +com.bd +com.bh +com.bm +com.bn +com.bo +com.br +com.bs +com.bt +com.bz +com.cd +com.ch +com.cn +com.co +com.cu +com.cy +com.dm +com.do +com.dz +com.ec +com.ee +com.eg +com.er +com.es +com.et +com.fj +com.fk +com.fr +com.ge +com.gh +com.gi +com.gn +com.gp +com.gr +com.gt +com.gu +com.hk +com.hn +com.hr +com.ht +com.io +com.jm +com.jo +com.kg +com.kh +com.ki +com.kw +com.ky +com.kz +com.la +com.lb +com.lc +com.li +com.lk +com.lr +com.lv +com.ly +com.mg +com.mk +com.mm +com.mn +com.mo +com.mt +com.mu +com.mv +com.mw +com.mx +com.my +com.na +com.nc +com.nf +com.ng +com.ni +com.np +com.nr +com.om +com.pa +com.pe +com.pf +com.pg +com.ph +com.pk +com.pl +com.pr +com.ps +com.pt +com.py +com.qa +com.re +com.ro +com.ru +com.rw +com.sa +com.sb +com.sc +com.sd +com.sg +com.sh +com.st +com.sv +com.sy +com.tj +com.tn +com.tr +com.tt +com.tw +com.ua +com.uy +com.uz +com.vc +com.ve +com.vi +com.vn +com.vu +com.ws +com.ye +conf.au +conf.lv +consulado.st +coop.br +coop.ht +coop.mv +coop.mw +coop.tt +cpa.pro +cq.cn +cri.nz +crimea.ua +csiro.au +ct.us +cul.na +cv.ua +cz.tf +czeladz.pl +czest.pl +d.se +daegu.kr +daejeon.kr +dagestan.ru +dc.us +de.com +de.net +de.tf +de.tt +de.us +de.vu +dk.org +dk.tt +dlugoleka.pl +dn.ua +dnepropetrovsk.ua +dni.us +dns.be +donetsk.ua +dp.ua +dpn.br +dr.tr +dudinka.ru +e-burg.ru +e.se +e12.ve +e164.arpa +ebiz.tw +ecn.br +ed.ao +ed.cr +ed.jp +edu.ac +edu.af +edu.ai +edu.al +edu.am +edu.an +edu.ar +edu.au +edu.az +edu.ba +edu.bb +edu.bd +edu.bh +edu.bm +edu.bn +edu.bo +edu.br +edu.bt +edu.ck +edu.cn +edu.co +edu.cu +edu.dm +edu.do +edu.dz +edu.ec +edu.ee +edu.eg +edu.er +edu.es +edu.et +edu.ge +edu.gh +edu.gi +edu.gp +edu.gr +edu.gt +edu.gu +edu.hk +edu.hn +edu.ht +edu.hu +edu.in +edu.it +edu.jm +edu.jo +edu.kg +edu.kh +edu.kw +edu.ky +edu.kz +edu.lb +edu.lc +edu.lk +edu.lr +edu.lv +edu.ly +edu.me +edu.mg +edu.mm +edu.mn +edu.mo +edu.mt +edu.mv +edu.mw +edu.mx +edu.my +edu.na +edu.ng +edu.ni +edu.np +edu.nr +edu.om +edu.pa +edu.pe +edu.pf +edu.ph +edu.pk +edu.pl +edu.pr +edu.ps +edu.pt +edu.py +edu.qa +edu.rs +edu.ru +edu.rw +edu.sa +edu.sb +edu.sc +edu.sd +edu.sg +edu.sh +edu.sk +edu.st +edu.sv +edu.tf +edu.tj +edu.tr +edu.tt +edu.tw +edu.ua +edu.uk +edu.uy +edu.ve +edu.vi +edu.vn +edu.vu +edu.ws +edu.ye +edu.yu +edu.za +edunet.tn +ehime.jp +ekloges.cy +elblag.pl +elk.pl +embaixada.st +eng.br +ens.tn +ernet.in +erotica.hu +erotika.hu +es.kr +es.tt +esp.br +etc.br +eti.br +eu.com +eu.org +eu.tf +eu.tt +eun.eg +experts-comptables.fr +f.se +fam.pk +far.br +fareast.ru +fax.nr +fed.us +fgov.be +fh.se +fhs.no +fhsk.se +fhv.se +fi.cr +fie.ee +film.hu +fin.ec +fin.tn +firm.co +firm.ht +firm.in +firm.ro +firm.ve +fj.cn +fl.us +fm.br +fnd.br +folkebibl.no +forum.hu +fot.br +fr.tt +fr.vu +from.hr +fst.br +fukui.jp +fukuoka.jp +fukushima.jp +fylkesbibl.no +g.se +g12.br +ga.us +game.tw +games.hu +gangwon.kr +gb.com +gb.net +gbr.me +gc.ca +gd.cn +gda.pl +gdansk.pl +geek.nz +gen.in +gen.nz +gen.tr +geometre-expert.fr +ggf.br +gifu.jp +glogow.pl +gmina.pl +gniezno.pl +go.cr +go.id +go.jp +go.ke +go.kr +go.th +go.tj +go.tz +go.ug +gob.bo +gob.do +gob.es +gob.gt +gob.hn +gob.mx +gob.ni +gob.pa +gob.pe +gob.pk +gob.sv +gob.ve +gok.pk +gon.pk +gop.pk +gorlice.pl +gos.pk +gouv.fr +gouv.ht +gouv.rw +gov.ac +gov.ae +gov.af +gov.ai +gov.al +gov.am +gov.ar +gov.au +gov.az +gov.ba +gov.bb +gov.bd +gov.bf +gov.bh +gov.bm +gov.bo +gov.br +gov.bt +gov.by +gov.ch +gov.ck +gov.cn +gov.co +gov.cu +gov.cx +gov.cy +gov.dm +gov.do +gov.dz +gov.ec +gov.eg +gov.er +gov.et +gov.fj +gov.fk +gov.ge +gov.gg +gov.gh +gov.gi +gov.gn +gov.gr +gov.gu +gov.hk +gov.hu +gov.ie +gov.il +gov.im +gov.in +gov.io +gov.ir +gov.it +gov.je +gov.jm +gov.jo +gov.jp +gov.kg +gov.kh +gov.kw +gov.ky +gov.kz +gov.lb +gov.lc +gov.li +gov.lk +gov.lr +gov.lt +gov.lu +gov.lv +gov.ly +gov.ma +gov.me +gov.mg +gov.mm +gov.mn +gov.mo +gov.mt +gov.mv +gov.mw +gov.my +gov.ng +gov.np +gov.nr +gov.om +gov.ph +gov.pk +gov.pl +gov.pr +gov.ps +gov.pt +gov.py +gov.qa +gov.rs +gov.ru +gov.rw +gov.sa +gov.sb +gov.sc +gov.sd +gov.sg +gov.sh +gov.sk +gov.st +gov.sy +gov.tj +gov.tn +gov.to +gov.tp +gov.tr +gov.tt +gov.tv +gov.tw +gov.ua +gov.uk +gov.ve +gov.vi +gov.vn +gov.ws +gov.ye +gov.za +gov.zm +gov.zw +govt.nz +gr.jp +grajewo.pl +greta.fr +grozny.ru +grp.lk +gs.cn +gsm.pl +gub.uy +guernsey.gg +gunma.jp +gv.ao +gv.at +gwangju.kr +gx.cn +gyeongbuk.kr +gyeonggi.kr +gyeongnam.kr +gz.cn +h.se +ha.cn +hb.cn +he.cn +health.vn +herad.no +hi.cn +hi.us +hiroshima.jp +hk.cn +hl.cn +hn.cn +hokkaido.jp +hotel.hu +hotel.lk +hs.kr +hu.com +huissier-justice.fr +hyogo.jp +i.se +ia.us +ibaraki.jp +icnet.uk +id.au +id.fj +id.ir +id.lv +id.ly +id.us +idf.il +idn.sg +idrett.no +idv.hk +idv.tw +if.ua +il.us +ilawa.pl +imb.br +in-addr.arpa +in.rs +in.th +in.ua +in.us +incheon.kr +ind.br +ind.er +ind.gg +ind.gt +ind.in +ind.je +ind.tn +inf.br +inf.cu +info.au +info.az +info.bh +info.co +info.cu +info.cy +info.ec +info.et +info.fj +info.ht +info.hu +info.mv +info.nr +info.pl +info.pr +info.ro +info.sd +info.tn +info.tr +info.tt +info.ve +info.vn +ing.pa +ingatlan.hu +inima.al +int.am +int.ar +int.az +int.bo +int.co +int.lk +int.mv +int.mw +int.pt +int.ru +int.rw +int.tf +int.tj +int.tt +int.ve +int.vn +intl.tn +ip6.arpa +iris.arpa +irkutsk.ru +isa.us +ishikawa.jp +isla.pr +it.ao +it.tt +its.me +ivano-frankivsk.ua +ivanovo.ru +iwate.jp +iwi.nz +iz.hr +izhevsk.ru +jamal.ru +jar.ru +jaworzno.pl +jeju.kr +jelenia-gora.pl +jeonbuk.kr +jeonnam.kr +jersey.je +jet.uk +jgora.pl +jl.cn +jobs.tt +jogasz.hu +jor.br +joshkar-ola.ru +js.cn +jx.cn +k-uralsk.ru +k.se +k12.ec +k12.il +k12.tr +kagawa.jp +kagoshima.jp +kalisz.pl +kalmykia.ru +kaluga.ru +kamchatka.ru +kanagawa.jp +kanazawa.jp +karelia.ru +karpacz.pl +kartuzy.pl +kaszuby.pl +katowice.pl +kawasaki.jp +kazan.ru +kazimierz-dolny.pl +kchr.ru +kemerovo.ru +kepno.pl +ketrzyn.pl +kg.kr +kh.ua +khabarovsk.ru +khakassia.ru +kharkov.ua +kherson.ua +khmelnitskiy.ua +khv.ru +kids.us +kiev.ua +kirov.ru +kirovograd.ua +kitakyushu.jp +klodzko.pl +km.ua +kms.ru +kobe.jp +kobierzyce.pl +kochi.jp +koenig.ru +kolobrzeg.pl +komforb.se +komi.ru +kommunalforbund.se +kommune.no +komvux.se +konin.pl +konskowola.pl +konyvelo.hu +kostroma.ru +kr.ua +krakow.pl +krasnoyarsk.ru +ks.ua +ks.us +kuban.ru +kumamoto.jp +kurgan.ru +kursk.ru +kustanai.ru +kutno.pl +kuzbass.ru +kv.ua +ky.us +kyonggi.kr +kyoto.jp +la.us +lakas.hu +lanarb.se +lanbib.se +lapy.pl +law.pro +law.za +lebork.pl +legnica.pl +lel.br +lezajsk.pl +lg.jp +lg.ua +limanowa.pl +lipetsk.ru +lkd.co.im +ln.cn +lodz.pl +lomza.pl +lowicz.pl +ltd.co.im +ltd.cy +ltd.gg +ltd.gi +ltd.je +ltd.lk +ltd.uk +lubin.pl +lublin.pl +lugansk.ua +lukow.pl +lutsk.ua +lviv.ua +m.se +ma.us +magadan.ru +magnitka.ru +mail.pl +malbork.pl +malopolska.pl +maori.nz +mari-el.ru +mari.ru +marine.ru +mat.br +matsuyama.jp +mazowsze.pl +mazury.pl +mb.ca +md.us +me.uk +me.us +med.br +med.ec +med.ee +med.ht +med.ly +med.om +med.pa +med.pro +med.sa +med.sd +medecin.fr +media.hu +media.pl +mi.th +mi.us +miasta.pl +mie.jp +mielec.pl +mielno.pl +mil.ac +mil.ae +mil.am +mil.ar +mil.az +mil.ba +mil.bd +mil.bo +mil.br +mil.by +mil.co +mil.do +mil.ec +mil.eg +mil.er +mil.fj +mil.ge +mil.gh +mil.gt +mil.gu +mil.hn +mil.id +mil.in +mil.io +mil.jo +mil.kg +mil.kh +mil.kr +mil.kw +mil.kz +mil.lb +mil.lt +mil.lu +mil.lv +mil.mg +mil.mv +mil.my +mil.no +mil.np +mil.nz +mil.om +mil.pe +mil.ph +mil.pl +mil.ru +mil.rw +mil.se +mil.sh +mil.sk +mil.st +mil.tj +mil.tr +mil.tw +mil.uk +mil.uy +mil.ve +mil.ye +mil.za +miyagi.jp +miyazaki.jp +mk.ua +mn.us +mo.cn +mo.us +mob.nr +mobi.tt +mobil.nr +mobile.nr +mod.gi +mod.om +mod.uk +mordovia.ru +mosreg.ru +mragowo.pl +ms.kr +ms.us +msk.ru +mt.us +muni.il +murmansk.ru +mus.br +museum.mn +museum.mv +museum.mw +museum.no +museum.om +museum.tt +music.mobi +mytis.ru +n.se +nagano.jp +nagasaki.jp +nagoya.jp +nakhodka.ru +naklo.pl +nalchik.ru +name.ae +name.az +name.cy +name.et +name.fj +name.hr +name.mv +name.my +name.pr +name.tj +name.tr +name.tt +name.vn +nara.jp +nat.tn +national-library-scotland.uk +naturbruksgymn.se +navy.mil +nb.ca +nc.us +nd.us +ne.jp +ne.ke +ne.kr +ne.tz +ne.ug +ne.us +nel.uk +net.ac +net.ae +net.af +net.ag +net.ai +net.al +net.am +net.an +net.ar +net.au +net.az +net.ba +net.bb +net.bd +net.bh +net.bm +net.bn +net.bo +net.br +net.bs +net.bt +net.bz +net.cd +net.ch +net.ck +net.cn +net.co +net.cu +net.cy +net.dm +net.do +net.dz +net.ec +net.eg +net.er +net.et +net.fj +net.fk +net.ge +net.gg +net.gn +net.gp +net.gr +net.gt +net.gu +net.hk +net.hn +net.ht +net.id +net.il +net.im +net.in +net.io +net.ir +net.je +net.jm +net.jo +net.jp +net.kg +net.kh +net.ki +net.kw +net.ky +net.kz +net.la +net.lb +net.lc +net.li +net.lk +net.lr +net.lu +net.lv +net.ly +net.ma +net.me +net.mm +net.mo +net.mt +net.mu +net.mv +net.mw +net.mx +net.my +net.na +net.nc +net.nf +net.ng +net.ni +net.np +net.nr +net.nz +net.om +net.pa +net.pe +net.pg +net.ph +net.pk +net.pl +net.pr +net.ps +net.pt +net.py +net.qa +net.ru +net.rw +net.sa +net.sb +net.sc +net.sd +net.sg +net.sh +net.st +net.sy +net.tf +net.th +net.tj +net.tn +net.tr +net.tt +net.tw +net.ua +net.uk +net.uy +net.uz +net.vc +net.ve +net.vi +net.vn +net.vu +net.ws +net.ye +net.za +new.ke +news.hu +nf.ca +ngo.lk +ngo.ph +ngo.pl +ngo.za +nh.us +nhs.uk +nic.im +nic.in +nic.tt +nic.uk +nieruchomosci.pl +niigata.jp +nikolaev.ua +nj.us +nkz.ru +nl.ca +nls.uk +nm.cn +nm.us +nnov.ru +no.com +nom.ad +nom.ag +nom.br +nom.co +nom.es +nom.fk +nom.fr +nom.mg +nom.ni +nom.pa +nom.pe +nom.pl +nom.re +nom.ro +nom.ve +nom.za +nome.pt +norilsk.ru +not.br +notaires.fr +nov.ru +novosibirsk.ru +nowaruda.pl +ns.ca +nsk.ru +nsn.us +nsw.au +nt.au +nt.ca +nt.ro +ntr.br +nu.ca +nui.hu +nv.us +nx.cn +ny.us +nysa.pl +o.se +od.ua +odessa.ua +odo.br +off.ai +og.ao +oh.us +oita.jp +ok.us +okayama.jp +okinawa.jp +olawa.pl +olecko.pl +olkusz.pl +olsztyn.pl +omsk.ru +on.ca +opoczno.pl +opole.pl +or.at +or.cr +or.id +or.jp +or.ke +or.kr +or.th +or.tz +or.ug +or.us +orenburg.ru +org.ac +org.ae +org.ag +org.ai +org.al +org.am +org.an +org.ar +org.au +org.az +org.ba +org.bb +org.bd +org.bh +org.bm +org.bn +org.bo +org.br +org.bs +org.bt +org.bw +org.bz +org.cd +org.ch +org.ck +org.cn +org.co +org.cu +org.cy +org.dm +org.do +org.dz +org.ec +org.ee +org.eg +org.er +org.es +org.et +org.fj +org.fk +org.ge +org.gg +org.gh +org.gi +org.gn +org.gp +org.gr +org.gt +org.gu +org.hk +org.hn +org.ht +org.hu +org.il +org.im +org.in +org.io +org.ir +org.je +org.jm +org.jo +org.jp +org.kg +org.kh +org.ki +org.kw +org.ky +org.kz +org.la +org.lb +org.lc +org.li +org.lk +org.lr +org.ls +org.lu +org.lv +org.ly +org.ma +org.me +org.mg +org.mk +org.mm +org.mn +org.mo +org.mt +org.mu +org.mv +org.mw +org.mx +org.my +org.na +org.nc +org.ng +org.ni +org.np +org.nr +org.nz +org.om +org.pa +org.pe +org.pf +org.ph +org.pk +org.pl +org.pr +org.ps +org.pt +org.py +org.qa +org.ro +org.rs +org.ru +org.sa +org.sb +org.sc +org.sd +org.se +org.sg +org.sh +org.st +org.sv +org.sy +org.tj +org.tn +org.tr +org.tt +org.tw +org.ua +org.uk +org.uy +org.uz +org.vc +org.ve +org.vi +org.vn +org.vu +org.ws +org.ye +org.yu +org.za +org.zm +org.zw +oryol.ru +osaka.jp +oskol.ru +ostroda.pl +ostroleka.pl +ostrowiec.pl +ostrowwlkp.pl +otc.au +oz.au +pa.us +palana.ru +parliament.cy +parliament.uk +parti.se +pb.ao +pc.pl +pe.ca +pe.kr +penza.ru +per.kh +per.sg +perm.ru +perso.ht +pharmacien.fr +pila.pl +pisz.pl +pl.tf +pl.ua +plc.co.im +plc.ly +plc.uk +plo.ps +podhale.pl +podlasie.pl +pol.dz +pol.ht +pol.tr +police.uk +polkowice.pl +poltava.ua +pomorskie.pl +pomorze.pl +port.fr +powiat.pl +poznan.pl +pp.az +pp.ru +pp.se +ppg.br +prd.fr +prd.mg +press.cy +press.ma +press.se +presse.fr +pri.ee +principe.st +priv.at +priv.hu +priv.me +priv.no +priv.pl +pro.ae +pro.br +pro.cy +pro.ec +pro.fj +pro.ht +pro.mv +pro.om +pro.pr +pro.tt +pro.vn +prochowice.pl +pruszkow.pl +przeworsk.pl +psc.br +psi.br +pskov.ru +ptz.ru +pub.sa +publ.pt +pulawy.pl +pvt.ge +pyatigorsk.ru +qc.ca +qc.com +qh.cn +qld.au +qsl.br +radom.pl +rawa-maz.pl +re.kr +realestate.pl +rec.br +rec.co +rec.ro +rec.ve +red.sv +reklam.hu +rel.ht +rel.pl +res.in +ri.us +rnd.ru +rnrt.tn +rns.tn +rnu.tn +rovno.ua +rs.ba +ru.com +ru.tf +rubtsovsk.ru +rv.ua +ryazan.ru +rybnik.pl +rzeszow.pl +s.se +sa.au +sa.com +sa.cr +saga.jp +saitama.jp +sakhalin.ru +samara.ru +sanok.pl +saotome.st +sapporo.jp +saratov.ru +sark.gg +sc.cn +sc.ke +sc.kr +sc.ug +sc.us +sch.ae +sch.gg +sch.id +sch.ir +sch.je +sch.lk +sch.ly +sch.ng +sch.om +sch.sa +sch.sd +sch.uk +sch.zm +school.fj +school.nz +school.za +sci.eg +sd.cn +sd.us +se.com +se.tt +sebastopol.ua +sec.ps +sejny.pl +sendai.jp +seoul.kr +sex.hu +sex.pl +sg.tf +sh.cn +shiga.jp +shimane.jp +shizuoka.jp +shop.ht +shop.hu +shop.pl +simbirsk.ru +sk.ca +sklep.pl +skoczow.pl +slask.pl +sld.do +sld.pa +slg.br +slupsk.pl +smolensk.ru +sn.cn +snz.ru +soc.lk +soros.al +sos.pl +sosnowiec.pl +spb.ru +sport.hu +srv.br +sshn.se +stalowa-wola.pl +starachowice.pl +stargard.pl +stat.no +stavropol.ru +store.co +store.ro +store.st +store.ve +stv.ru +suli.hu +sumy.ua +surgut.ru +suwalki.pl +swidnica.pl +swiebodzin.pl +swinoujscie.pl +sx.cn +syzran.ru +szczecin.pl +szczytno.pl +szex.hu +szkola.pl +t.se +takamatsu.jp +tambov.ru +targi.pl +tarnobrzeg.pl +tas.au +tatarstan.ru +te.ua +tec.ve +tel.no +tel.nr +tel.tr +telecom.na +telememo.au +ternopil.ua +test.ru +tgory.pl +tirana.al +tj.cn +tld.am +tlf.nr +tm.cy +tm.fr +tm.hu +tm.mc +tm.mg +tm.mt +tm.pl +tm.ro +tm.se +tm.za +tmp.br +tn.us +tochigi.jp +tokushima.jp +tokyo.jp +tom.ru +tomsk.ru +torun.pl +tottori.jp +tourism.pl +tourism.tn +toyama.jp +tozsde.hu +travel.pl +travel.tt +trd.br +tsaritsyn.ru +tsk.ru +tula.ru +tur.br +turek.pl +turystyka.pl +tuva.ru +tv.bo +tv.br +tv.sd +tver.ru +tw.cn +tx.us +tychy.pl +tyumen.ru +u.se +udm.ru +udmurtia.ru +uk.com +uk.net +uk.tt +ulan-ude.ru +ulsan.kr +unam.na +unbi.ba +uniti.al +unsa.ba +upt.al +uri.arpa +urn.arpa +us.com +us.tf +us.tt +ustka.pl +ut.us +utazas.hu +utsunomiya.jp +uu.mt +uy.com +uz.ua +uzhgorod.ua +va.us +vatican.va +vdonsk.ru +vet.br +veterinaire.fr +vgs.no +vic.au +video.hu +vinnica.ua +vladikavkaz.ru +vladimir.ru +vladivostok.ru +vn.ua +volgograd.ru +vologda.ru +voronezh.ru +vrn.ru +vt.us +vyatka.ru +w.se +wa.au +wa.us +wakayama.jp +walbrzych.pl +warmia.pl +warszawa.pl +waw.pl +weather.mobi +web.co +web.do +web.id +web.lk +web.pk +web.tj +web.tr +web.ve +web.za +wegrow.pl +wi.us +wielun.pl +wlocl.pl +wloclawek.pl +wodzislaw.pl +wolomin.pl +wroc.pl +wroclaw.pl +wv.us +www.ro +wy.us +x.se +xj.cn +xz.cn +y.se +yakutia.ru +yamagata.jp +yamaguchi.jp +yamal.ru +yamanashi.jp +yaroslavl.ru +yekaterinburg.ru +yk.ca +yn.cn +yokohama.jp +yuzhno-sakhalinsk.ru +z.se +za.com +za.pl +zachpomor.pl +zagan.pl +zaporizhzhe.ua +zarow.pl +zgora.pl +zgorzelec.pl +zgrad.ru +zhitomir.ua +zj.cn +zlg.br +zp.ua +zt.ua diff --git a/modules/exim/files/common/exim_surbl.pl b/modules/exim/files/common/exim_surbl.pl new file mode 100644 index 000000000..4f72a14f7 --- /dev/null +++ b/modules/exim/files/common/exim_surbl.pl @@ -0,0 +1,315 @@ +# +# Copyright (c) 2006-2007 Erik Mugele. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# NOTES +# ----- +# +# 1. This script makes use of the Country Code Top Level +# Domains (ccTLD) provided by the SURBL group at +# http://spamcheck.freeapp.net/two-level-tlds +# THE VARIABLE $cctld_file MUST BE SET TO THE FULL PATH AND +# NAME OF THE FILE CONTAINING THE CCTLD LIST! (see below) +# +# 2. This script makes use of whitelisting of popular domains. The +# source of the list can be found here: +# http://spamassassin.apache.org/full/3.1.x/dist/rules/25_uribl.cf +# These are domains that are whitelisted by the SURBL group so it +# doesn't make sense to waste resources doing lookups on them. +# THE VARIABLE $whitelist_file MUST BE SET TO THE FULL PATH AND +# NAME OF THE FILE CONTAINING THE WHITE LIST! (see below) +# +# 3. Per the guidelines at http://www.surbl.org, if your site processes +# more than 100,000 messages per day, you should NOT be using the +# public SURBL name servers but should be rsync-ing from them and +# running your own. See http://www3.surbl.org/rsync-signup.html +# +sub surblspamcheck +{ +# Designed and written by Erik Mugele, 2004-2006 +# http://www.teuton.org/~ejm +# Version 2.0 + + # The following variable is the full path to the file containing the + # list of Country Code Top Level Domains (ccTLD). + # --------------------------------------------------------------------- + # THIS VARIABLE MUST BE SET TO THE FULL PATH AND NAME OF THE FILE + # CONTAINING THE CCTLD LIST! + # --------------------------------------------------------------------- + my $cctld_file = "/etc/exim4/ccTLD.txt"; + + # The following variable is the full path to the file containing + # whitelist entries. + # --------------------------------------------------------------------- + # THIS VARIABLE MUST BE SET TO THE FULL PATH AND NAME OF THE FILE + # CONTAINING THE WHITELIST DOMAINS! + # --------------------------------------------------------------------- + my $whitelist_file = "/etc/exim4/surbl_whitelist.txt"; + + # This variable defines the maximum MIME file size that will be checked + # if this script is called by the MIME ACL. This is primarily to + # keep the load down on the server. Size is in bytes. + my $max_file_size = 50000; + + # The following two variables enable or disable the SURBL and URIBL + # lookups. Set to 1 to enable and 0 to disable. + my $surbl_enable = 1; + my $uribl_enable = 1; + + # Check to see if a decode MIME attachment is being checked or + # just a plain old text message with no attachments + my $exim_body = ""; + my $mime_filename = Exim::expand_string('$mime_decoded_filename'); + if ($mime_filename) { + # DEBUG Statement + #warn ("MIME FILENAME: $mime_filename\n"); + # If the MIME file is too large, skip it. + if (-s $mime_filename <= $max_file_size) { + open(fh,"<$mime_filename"); + binmode(fh); + while (read(fh,$buff,1024)) { + $exim_body .= $buff; + } + close (fh); + } else { + $exim_body = ""; + } + } else { + $exim_body = Exim::expand_string('$message_body'); + } + + sub surbllookup { + # This subroutine does the actual DNS lookup and builds and returns + # the return message for the SURBL lookup. + my @params = @_; + my $surbldomain = ".multi.surbl.org"; + @dnsbladdr=gethostbyname($params[0].$surbldomain); + # If gethostbyname() returned anything, build a return message. + $return_string = ""; + if (scalar(@dnsbladdr) != 0) { + $return_string = "Blacklisted URL in message. (".$params[0].") in"; + @surblipaddr = unpack('C4',($dnsbladdr[4])[0]); + if ($surblipaddr[3] & 64) { + $return_string .= " [jp]"; + } + if ($surblipaddr[3] & 32) { + $return_string .= " [ab]"; + } + if ($surblipaddr[3] & 16) { + $return_string .= " [ob]"; + } + if ($surblipaddr[3] & 8) { + $return_string .= " [ph]"; + } + if ($surblipaddr[3] & 4) { + $return_string .= " [ws]"; + } + if ($surblipaddr[3] & 2) { + $return_string .= " [sc]"; + } + $return_string .= ". See http://www.surbl.org/lists.html."; + } + return $return_string; + } + + sub uribllookup { + # This subroutine does the actual DNS lookup and builds and returns + # the return message for the URIBL check. + my @params = @_; + my $surbldomain = ".black.uribl.com"; + @dnsbladdr=gethostbyname($params[0].$surbldomain); + # If gethostbyname() returned anything, build a return message. + $return_string = ""; + if (scalar(@dnsbladdr) != 0) { + $return_string = "Blacklisted URL in message. (".$params[0].") in"; + @surblipaddr = unpack('C4',($dnsbladdr[4])[0]); + if ($surblipaddr[3] & 8) { + $return_string .= " [red]"; + } + if ($surblipaddr[3] & 4) { + $return_string .= " [grey]"; + } + if ($surblipaddr[3] & 2) { + $return_string .= " [black]"; + } + $return_string .= ". See http://lookup.uribl.com."; + } + return $return_string; + } + + sub converthex { + # This subroutin converts two hex characters to an ASCII character. + # It is called when ASCII obfuscation or Printed-Quatable characters + # are found (i.e. %AE or =AE). + # It should return a converted/plain address after splitting off + # everything that isn't part of the address portion of the URL. + my @ob_parts = @_; + my $address = $ob_parts[0]; + for (my $j=1; $j < scalar(@ob_parts); $j++) { + $address .= chr(hex(substr($ob_parts[$j],0,2))); + $address .= substr($ob_parts[$j],2,); + } + $address = (split(/[^A-Za-z0-9._\-]/,$address))[0]; + return $address + } + + ################ + # Main Program # + ################ + + if ($exim_body) { + # Find all the URLs in the message by finding the HTTP string + @parts = split /[hH][tT][tT][pP]:\/\//,$exim_body; + if (scalar(@parts) > 1) { + # Read the entries from the ccTLD file. + open (cctld_handle,$cctld_file) or die "Can't open $cctld_file.\n"; + while () { + next if (/^#/ || /^$/ || /^\s$/); + push(@cctlds,$_); + } + close (cctld_handle) or die "Close: $!\n"; + # Read the entries from the whitelist file. + open (whitelist_handle,$whitelist_file) or die "Can't open $whitelist_file.\n"; + while () { + next if (/^#/ || /^$/ || /^\s$/); + push(@whitelist,$_); + } + close (whitelist_handle) or die "Close: $!\n"; + # Go through each of the HTTP parts that were found in the message + for ($i=1; $i < scalar(@parts); $i++) { + # Special case of Quoted Printable EOL marker + $parts[$i] =~ s/=\n//g; + # Split the parts and find the address portion of the URL. + # Address SHOULD be either a FQDN, IP address, or encoded address. + $address = (split(/[^A-Za-z0-9\._\-%=]/,$parts[$i]))[0]; + # Check for an =. If it exists, we assume the URL is doing + # Quoted-Printable. Decode it and redine $address + if ($address =~ /=/) { + @ob_parts = split /=/,$address; + $address = converthex(@ob_parts); + } + # Check for a %. If it exists the URL is using % ASCII + # obfuscation. Decode it and redefine $address. + if ($address =~ /%/) { + @ob_parts = split /%/,$address; + $address = converthex(@ob_parts); + } + # Split the the address into the elements separated by periods. + @domain = split /\./,$address; + # Check the length of the domain name. If less then two elements + # at this point it is probably bogus or there is a bug in one of + # the decoding/converting routines above. + if (scalar(@domain) >= 2) { + $return_result=""; + # By default, assume that the domain check is on a + # "standard" two level domain + $spamcheckdomain=$domain[-2].".".$domain[-1]; + # Check for a two level domain + if (((scalar(@domain) == 2) || (scalar(@domain) >= 5)) && + (grep(/^$spamcheckdomain$/i,@cctlds))) { + $return_result="cctld"; + } + # Check for a three level domain + if (scalar(@domain) == 3) { + if (grep(/^$spamcheckdomain$/i,@cctlds)) { + $spamcheckdomain=$domain[-3].".".$spamcheckdomain; + if (grep(/^$spamcheckdomain$/,@cctlds)) { + $return_result="cctld"; + } + } + } + # Check for a four level domain + if (scalar(@domain) == 4) { + # Check to see if the domain is an IP address + if ($domain[-1] =~ /[a-zA-Z]/) { + if (grep(/^$spamcheckdomain$/i,@cctlds)) { + $spamcheckdomain=$domain[-3].".".$spamcheckdomain; + if (grep(/^$spamcheckdomain$/i,@cctlds)) { + $spamcheckdomain=$domain[-4].".".$spamcheckdomain; + } + } + } else { + # Domain is an IP address + $spamcheckdomain=$domain[3].".".$domain[2]. + ".".$domain[1].".".$domain[0]; + } + } + # DEBUG statement + #warn ("FOUND DOMAIN ($mime_filename): $spamcheckdomain\n"); + # If whitelisting is enabled check domain against the + # whitelist. + if ($whitelist_file ne "") { + foreach $whitelist_entry (@whitelist) { + chomp($whitelist_entry); + if ($spamcheckdomain =~ m/^$whitelist_entry$/i) { + $return_result="whitelisted"; + last; + } + } + } + # If the domain is whitelisted or in the cctld skip adding + # it to the lookup list. + if ($return_result eq "") { + if (scalar(@lookupdomains) > 0) { + # Check so see if the domain already is in the list. + if (not grep(/^$spamcheckdomain$/i,@lookupdomains)) { + push(@lookupdomains,$spamcheckdomain); + } + } else { + push(@lookupdomains,$spamcheckdomain); + } + } + } + } + # If there are items in the lookupdomains list then + # perform lookups on them. If there are not, something is wrong + # and just return false. There should always be something in the list. + if (scalar(@lookupdomains) > 0) { + foreach $i (@lookupdomains) { + # DEBUG statement. + #warn ("CHECKING DOMAIN ($mime_filename): $i\n"); + # If SURBL lookups are enabled do an SURBL lookup + if ($surbl_enable == 1) { + $return_result = surbllookup($i); + } + # If URIBL lookups are enabled and the SURBL lookup failed + # do a URIBL lookup + if (($uribl_enable == 1) && ($return_result eq "")) { + $return_result = uribllookup($i); + } + # If we got a hit return the result to Exim + if ($return_result ne "") { + undef @cctlds; + undef @whitelist; + return $return_result; + } + } + } + } + } + # We didn't find any URLs or the URLs we did find were not + # listed so return false. + undef @cctlds; + undef @whitelist; + return false; +} + diff --git a/modules/exim/files/common/surbl_whitelist.txt b/modules/exim/files/common/surbl_whitelist.txt new file mode 100644 index 000000000..c3bb7236c --- /dev/null +++ b/modules/exim/files/common/surbl_whitelist.txt @@ -0,0 +1,203 @@ +example.com +example.net +example.org +126.com +163.com +2o7.net +4at1.com +5iantlavalamp.com +about.com +adelphia.net +adobe.com +advertising.com +agora-inc.com +agoramedia.com +akamai.net +akamaitech.net +amazon.com +ancestry.com +aol.com +apache.org +apple.com +arcamax.com +astrology.com +atdmt.com +att.net +aweber.com +bbc.co.uk +bcentral.com +beliefnet.com +bellsouth.net +bfi0.com +blogspot.com +bridgetrack.com +cafe24.com +charter.net +chtah.com +citibank.com +citizensbank.com +cjb.net +classmates.com +click-url.com +clickbank.net +cnet.com +cnn.com +com.com +com.ne.kr +comcast.net +constantcontact.com +corporate-ir.net +cox.net +cs.com +custhelp.com +daum.net +dd.se +debian.org +dell.com +directtrack.com +domain.com +doubleclick.net +dsbl.org +earthlink.net +ebay.co.uk +ebay.com +ebayimg.com +ebaystatic.com +ed10.net +ed4.net +edgesuite.net +ediets.com +egroups.com +emode.com +exacttarget.com +excite.com +exct.net +f-secure.com +flowgo.com +free.fr +freebsd.org +freelotto.com +gentoo.org +geocities.com +gmail.com +gmx.net +go.com +google.com +googleadservices.com +grisoft.com +hallmark.com +hinet.net +hotbar.com +hotmail.com +hotpop.com +hp.com +ibm.com +ientrymail.com +incredimail.com +investorplace.com +ivillage.com +joingevalia.com +juno.com +kernel.org +livejournal.com +lycos.com +m0.net +m7z.net +mac.com +macromedia.com +mail.com +mail.ru +mailscanner.info +marketwatch.com +mcafee.com +mchsi.com +mediaplex.com +messagelabs.com +microsoft.com +military.com +mindspring.com +mit.edu +monster.com +msn.com +nate.com +netatlantic.com +netflix.com +netscape.com +netscape.net +netzero.net +norman.com +nytimes.com +optonline.net +osdn.com +overstock.com +p0.com +pacbell.net +pandasoftware.com +partner2profit.com +paypal.com +peoplepc.com +plaxo.com +pm0.net +postdirect.com +prodigy.net +radaruol.com.br +real.com +redhat.com +regions.com +regionsnet.com +rm04.net +rogers.com +rr.com +rs6.net +rsvp0.net +sbcglobal.net +sec.gov +sf.net +shaw.ca +shockwave.com +smileycentral.com +smithbarney.com +sourceforge.net +spamcop.net +speedera.net +sportsline.com +sun.com +suntrust.com +sympatico.ca +t-online.de +tails.nl +telus.net +terra.com.br +ticketmaster.com +tickle.com +tinyurl.com +tiscali.co.uk +tom.com +tone.co.nz +topica.com +tux.org +uol.com.br +ups.com +verizon.net +vistaprint.com +w3.org +wamu.com +wanadoo.fr +washingtonpost.com +weatherbug.com +web.de +webshots.com +webtv.net +wsj.com +xmr3.com +yahoo.ca +yahoo.co.kr +yahoo.co.uk +yahoo.com +yahoo.com.br +yahoogroups.com +yimg.com +yopi.de +yourfreedvds.com +yoursite.com +zdnet.com diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp index 4d503f1ab..f3231783f 100644 --- a/modules/exim/manifests/init.pp +++ b/modules/exim/manifests/init.pp @@ -138,6 +138,18 @@ class exim { } class eximmx inherits exim { - include clamav - include postgrey + file { + "/etc/exim4/ccTLD.txt": + require => Package["exim4-daemon-heavy"], + source => [ "puppet:///exim/common/ccTLD.txt" ] + ; + "/etc/exim4/surbl_whitelist.txt": + require => Package["exim4-daemon-heavy"], + source => [ "puppet:///exim/common/surbl_whitelist.txt" ] + ; + "/etc/exim4/exim_surbl.pl": + require => Package["exim4-daemon-heavy"], + source => [ "puppet:///exim/common/exim_surbl.pl" ] + ; + } } diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 5cf1322ad..b5c4d4e7e 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -84,6 +84,16 @@ out # MAIN CONFIGURATION SETTINGS # ###################################################################### +<%= +out='' +if not nodeinfo['heavy_exim'].empty? + out = " +perl_startup = do '/etc/exim4/exim_surbl.pl' +" +end +out +%> + # These options specify the Access Control Lists (ACLs) that # are used for incoming SMTP messages - after the RCPT and DATA # commands, respectively. @@ -824,6 +834,18 @@ out {${lookup{$local_part@$domain}nwildlsearch{/etc/exim4/sa_users}{$local_part}{}}}\ {${lookup{$local_part}lsearch{/etc/exim4/sa_users}{$local_part}{}}}}}} +<%= +out='' +if not nodeinfo['heavy_exim'].empty? +out=' + deny condition = ${if <{$message_size}{256000}} + set acl_m5 = ${perl{surblspamcheck}} + condition = ${if eq{$acl_m5}{false}{no}{yes}} + log_message = $acl_m5 +' +end +out +%> # Check header_sender except for survey@popcon.d.o deny condition = ${if eq{$acl_m1}{PopconMail}{false}{true}} !verify = header_sender