eximconf: more RBLs for the default set

[mirror/dsa-puppet.git] / modules / exim / templates / eximconf.erb

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 4979e42..0cd231b 100644 (file)
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -306,7 +306,7 @@ GREYLIST_LOCAL_PARTS = ${if match_domain{$domain}{+virtual_domains}\
                        {${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/grey_users}}}{$local_part}{}}}{}}}\
                        {${lookup{$local_part}lsearch{/etc/exim4/grey_users}{$local_part}{}}}} : \
                        ${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-greylist}{$local_part}{}}
-HAS_DEFAULT_OPTIONS  = ${if eq{${lookup{$local_part}dbmnz{/var/lib/misc/$primary_hostname/default-mail-options.db}{$value}{FALSE}}}{TRUE}}
+HAS_DEFAULT_OPTIONS  = ${if eq{${lookup{$local_part}dbmnz{/var/lib/misc/$primary_hostname/default-mail-options.db}{$value}{TRUE}}}{TRUE}}
 <%- if @is_rtmaster -%>
 # This subject rewrite is embedded in double-quoted strings. As such, some of
 # the items need more escaping than usual, otherwise \N becomes simply "N" and
@@ -606,6 +606,7 @@ check_recipient:
   warn    set acl_m_grey_recip = 0
 
   warn    local_parts          = GREYLIST_LOCAL_PARTS
+          domains              = +handled_domains
           set acl_m_grey_recip = 1
 
   # Defer after too many bad RCPT TO's.  Legit MTAs will retry later.
@@ -799,6 +800,7 @@ check_recipient:
                                  {/etc/greylistd/whitelist-hosts}{}} : \
                      ${if exists {/var/lib/greylistd/whitelist-hosts}\
                                  {/var/lib/greylistd/whitelist-hosts}{}} 
+    !dnslists      = list.dnswl.org&0.0.0.3
     condition      = ${if !eq {$acl_m_prf}{PopconMail}}
     !authenticated = *
     domains        = +handled_domains
@@ -815,6 +817,7 @@ check_recipient:
   warn
     !senders       = :
     !hosts         = : +debianhosts : WHITELIST
+    !dnslists      = list.dnswl.org&0.0.0.3
     condition      = ${if !eq {$acl_m_prf}{PopconMail}}
     condition      = ${if ! def:acl_m_grey}
     set acl_m_grey = $pid.$tod_epoch.$sender_host_port
@@ -823,6 +826,7 @@ check_recipient:
   defer
     !senders       = :
     !hosts         = : +debianhosts : WHITELIST
+    !dnslists      = list.dnswl.org&0.0.0.3
     condition      = ${if !eq {$acl_m_prf}{PopconMail}}
     !authenticated = *
     domains        = +handled_domains
@@ -852,6 +856,7 @@ check_recipient:
  warn
     !senders       = :
     !hosts         = : +debianhosts : WHITELIST
+    !dnslists      = list.dnswl.org&0.0.0.3
     condition      = ${if !eq {$acl_m_prf}{PopconMail}}
     !authenticated = *
     domains        = +handled_domains
@@ -890,6 +895,12 @@ check_recipient:
           domains  = +handled_domains
           !hosts   = +debianhosts : WHITELIST
 
+  deny    message   = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text
+          condition = ${if bool_lax{HAS_DEFAULT_OPTIONS}}
+          dnslists  = relays.dnsbl.sorbs.net : xbl.spamhaus.org
+          domains   = +handled_domains
+          !hosts    = +debianhosts : WHITELIST
+
 <%- end -%>
   deny    message  = domain $sender_address_domain is listed in $dnslist_domain; see $dnslist_text
           dnslists = ${if match_domain{$domain}{+virtual_domains}\
@@ -905,6 +916,12 @@ check_recipient:
           domains  = +handled_domains
           !hosts   = +debianhosts : WHITELIST
 
+  deny    message   = domain $sender_address_domain is listed in $dnslist_domain; see $dnslist_text
+          condition = ${if bool_lax{HAS_DEFAULT_OPTIONS}}
+          dnslists  = dbl.spamhaus.org/$sender_address_domain
+          domains   = +handled_domains
+          !hosts    = +debianhosts : WHITELIST
+
 <%- unless @use_smarthost -%>
   deny    domains  = +handled_domains
           local_parts = ${if match_domain{$domain}{+virtual_domains}\