warn recipients = survey@popcon.debian.org
set acl_m_rprf = PopconMail
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
warn local_parts = +local_only_users
domains = +local_domains
set acl_m_rprf = localonly
<%- end -%>
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
<%- if @is_rtmaster -%>
warn domains = rt.debian.org
set acl_m_rprf = RTMail
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
<%- end -%>
<%- if @is_bugsmx -%>
warn domains = bugs.debian.org
set acl_m_rprf = BugsMail
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
<%- end -%>
<%- if @is_packagesmaster -%>
warn domains = packages.debian.org
set acl_m_rprf = PackagesMail
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
<%- end -%>
<%- if @is_packagesqamaster -%>
warn recipients = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org
set acl_m_rprf = PTSOwner
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
warn senders = :
domains = packages.qa.debian.org
condition = ${if match{$local_part}{\N^bounces+\N}}
set acl_m_rprf = PTSListBounce
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
warn domains = packages.qa.debian.org
set acl_m_rprf = PTSMail
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
<%- end -%>
warn recipients = change@db.debian.org : changes@db.debian.org : chpasswd@db.debian.org : ping@db.debian.org : recommend@nm.debian.org
set acl_m_rprf = DBSignedMail
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
warn domains = +virtual_domains
condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}}
condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{markup}}
set acl_m_rprf = markup
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
warn domains = +virtual_domains
condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}}
condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{blackhole}}
set acl_m_rprf = blackhole
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
warn domains = +virtual_domains
condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}}
condition = ${if eq{${lookup{$local_part}cdb{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}{$value}{}}}{markup}}
set acl_m_rprf = markup
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
warn domains = +virtual_domains
condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}}
condition = ${if eq{${lookup{$local_part}cdb{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}{$value}{}}}{blackhole}}
set acl_m_rprf = blackhole
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
warn domains = +local_domains
condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{markup}}
set acl_m_rprf = markup
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
warn domains = +local_domains
condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{blackhole}}
set acl_m_rprf = blackhole
- accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ accept condition = ${if !eq {$acl_m_rprf}{}}
warn set acl_m_rprf = normal
log_message = Hit on list.dnswl.org for $sender_host_address
set acl_c_scr = ${eval:$acl_c_scr-10}
- warn condition = ${if isip {$sender_helo_name}{true}{false}}
+ warn condition = ${if isip {$sender_helo_name}}
log_message = remote host used IP address in HELO/EHLO greeting
set acl_c_scr = ${eval:$acl_c_scr+20}
# if rDNS does not match helo name (both lower cased first), greylist.
warn !hosts = +debianhosts
- condition = ${if eq {$host_lookup_failed}{1}{no}{yes}}
- condition = ${if def:sender_helo_name {yes}{no}}
- condition = ${if eq {${lc:$sender_helo_name}}{${lc:$sender_host_name}}{no}{yes}}
+ condition = ${if !eq {$host_lookup_failed}{1}}
+ condition = ${if def:sender_helo_name}
+ condition = ${if !eq {${lc:$sender_helo_name}}{${lc:$sender_host_name}}}
log_message = HELO doesn't match rDNS
set acl_c_scr = ${eval:$acl_c_scr+8}
# skip matching on machines named .*smtp.*, since that's 4 already. This is a fairly
# naive test, so it's not worth much
- warn condition = ${if match {${lc:$sender_helo_name}}{smtp}{no}{yes}}
+ warn condition = ${if !match {${lc:$sender_helo_name}}{smtp}}
condition = ${if match {${lc:$sender_helo_name}}{\N^[a-z0-9]+\.[a-z]+$\N}}
condition = ${if match {${lc:$sender_helo_name}}{\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}}
log_message = random HELO
defer log_message = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count
message = Too many bad recipients, try again later
- condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
+ condition = ${if > {${eval:$rcpt_fail_count}}{3}}
defer
ratelimit = 5 / 60m / per_rcpt / $sender_host_address
condition = ${if eq{$acl_m_prf}{}}
set acl_m_prf = $acl_m_rprf
- defer condition = ${if eq{$acl_m_prf}{$acl_m_rprf}{no}{yes}}
+ defer condition = ${if !eq{$acl_m_prf}{$acl_m_rprf}}
message = Different profile, please retry
log_message = Only one profile at a time, please
!acl = acl_spamlovers
message = Too many bad recipients, try again later
!hosts = +debianhosts
- condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
+ condition = ${if > {${eval:$rcpt_fail_count}}{3}}
# Dump spambots that are so stupid they say helo as our IP address
drop !hosts = +debianhosts
!acl = acl_spamlovers
- condition = ${if eq {$sender_helo_name}{$interface_address}{yes}{no}}
+ condition = ${if eq {$sender_helo_name}{$interface_address}}
message = HELO mismatch Forged HELO for ($sender_helo_name)
# Also for spambots that say helo as us or one of our domains
defer !hosts = +debianhosts
!acl = acl_spamlovers
- condition = ${if eq{$acl_m_frg}{}{no}{yes}}
- condition = ${if eq{$sender_host_name}{}{yes}{no}}
- condition = ${if eq{$host_lookup_failed}{1}{no}{yes}}
+ condition = ${if !eq{$acl_m_frg}{}}
+ condition = ${if eq{$sender_host_name}{}}
+ condition = ${if !eq{$host_lookup_failed}{1}}
message = Access temporarily denied. Resolve failed PTR for $sender_host_address
# If DNS works, go ahead and reject them
drop !hosts = +debianhosts
!acl = acl_spamlovers
- condition = ${if and { {!eq{$acl_m_frg}{}}{!match{$sender_host_name}{${rxquote:$acl_m_frg}\N$\N}}}{yes}{no}}
+ condition = ${if and { {!eq{$acl_m_frg}{}}{!match{$sender_host_name}{${rxquote:$acl_m_frg}\N$\N}}}}
message = HELO mismatch Forged HELO for ($sender_helo_name)
# disabled accounts don't even get local mail.
hosts = !+debianhosts
message = mail from <$sender_address> not allowed externally
- deny condition = ${if match_domain{$sender_address_domain}{+virtual_domains}{1}{0}}
- condition = ${if exists {${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}}{1}{0}}
+ deny condition = ${if match_domain{$sender_address_domain}{+virtual_domains}}
+ condition = ${if exists {${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}}}
condition = ${lookup{$sender_address_local_part}lsearch{${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}}{true}}
message = no mail should ever come from <$sender_address>
message = X-Packages-FromTo-Same: yes
<%- end -%>
- deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ deny condition = ${if !eq {$acl_m_prf}{PopconMail}}
!verify = sender
defer !hosts = +debianhosts
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
condition = ${if >{${eval:$acl_c_scr+0}}{0}}
ratelimit = 10 / 60m / per_rcpt / $sender_host_address
message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists)
# closure, but I'm fairly sure it's now worth it, since the backport of
# policyd-weight is trivial.
warn !hosts = +debianhosts
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
set acl_m_pw = ${readsocket{inet:127.0.0.1:12525}\
{request=smtpd_access_policy\n\
protocol_state=RCPT\n\
# Defer on socket error
defer !hosts = +debianhosts
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
- condition = ${if eq{$acl_m_pw}{socket failure}{yes}{no}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
+ condition = ${if eq{$acl_m_pw}{socket failure}}
message = Cannot connect to policyd-weight. Please try again later.
# Set proposed action to $acl_m_act and message to $acl_m_mes
warn !hosts = +debianhosts
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
set acl_m_mes = ${extract{action}{$acl_m_pw}}
set acl_m_act = ${sg{$acl_m_pw}{\Naction=[^ ]+ (.*)\n\n\N}{\$1}}
# Add X-policyd-weight header line to message
warn !hosts = +debianhosts
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
message = $acl_m_mes
- condition = ${if eq{$acl_m_act}{PREPEND}{yes}{no}}
+ condition = ${if eq{$acl_m_act}{PREPEND}}
# Write log message, if policyd-weight can't run checks
warn !hosts = +debianhosts
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
log_message = policyd-weight message: $acl_m_mes
- condition = ${if eq{$acl_m_act}{DUNNO}{yes}{no}}
+ condition = ${if eq{$acl_m_act}{DUNNO}}
# Deny mails which policyd-weight thinks are spam
deny !hosts = +debianhosts
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
message = policyd-weight said: $acl_m_mes
- condition = ${if eq{$acl_m_act}{550}{yes}{no}}
+ condition = ${if eq{$acl_m_act}{550}}
# Defer messages when policyd-weight suggests so.
defer !hosts = +debianhosts
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
message = policyd-weight said: $acl_m_mes
- condition = ${if eq{$acl_m_act}{450}{yes}{no}}
+ condition = ${if eq{$acl_m_act}{450}}
<%- end -%>
<%- if @is_rtmaster -%>
{/etc/greylistd/whitelist-hosts}{}} : \
${if exists {/var/lib/greylistd/whitelist-hosts}\
{/var/lib/greylistd/whitelist-hosts}{}}
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
!authenticated = *
domains = +handled_domains
condition = ${readsocket{/var/run/greylistd/socket}\
warn
!senders = :
!hosts = : +debianhosts : WHITELIST
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
- condition = ${if def:acl_m_grey {no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
+ condition = ${if ! def:acl_m_grey}
set acl_m_grey = $pid.$tod_epoch.$sender_host_port
# and defers the message if postgrey thinks it should be defered ...
defer
!senders = :
!hosts = : +debianhosts : WHITELIST
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
!authenticated = *
domains = +handled_domains
local_parts = GREYLIST_LOCAL_PARTS
warn
!senders = :
!hosts = : +debianhosts : WHITELIST
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
!authenticated = *
domains = +handled_domains
local_parts = GREYLIST_LOCAL_PARTS
discard condition = ${if <{$message_size}{256000}}
condition = ${if eq {$acl_m_prf}{blackhole}}
set acl_m_srb = ${perl{surblspamcheck}}
- condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ condition = ${if !eq{$acl_m_srb}{false}}
log_message = discarded surbl message for $recipients
deny condition = ${if <{$message_size}{256000}}
- condition = ${if eq {$acl_m_prf}{markup}{no}{yes}}
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{markup}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
set acl_m_srb = ${perl{surblspamcheck}}
- condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ condition = ${if !eq{$acl_m_srb}{false}}
log_message = $acl_m_srb
message = $acl_m_srb
warn condition = ${if <{$message_size}{256000}}
condition = ${if eq {$acl_m_prf}{markup}}
set acl_m_srb = ${perl{surblspamcheck}}
- condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ condition = ${if !eq{$acl_m_srb}{false}}
message = X-Surbl-Hit: $primary_hostname: $acl_m_srb
accept
<%- if @is_packagesqamaster -%>
deny !hosts = +debianhosts
condition = ${if eq {$acl_m_prf}{PTSMail}}
- condition = ${if def:h_X-PTS-Approved:{false}{true}}
+ condition = ${if !def:h_X-PTS-Approved:}
message = messages to the PTS require an X-PTS-Approved header
<%- end -%>
accept verify = certificate
accept hosts = +debianhosts
- deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ deny condition = ${if !eq {$acl_m_prf}{PopconMail}}
!verify = header_syntax
message = Invalid header syntax: $acl_verify_message
condition = ${if or {{match {$rh_Subject:}{[\200-\377]}}\
{match {$rh_To:}{[\200-\377]}}\
{match {$rh_From:}{[\200-\377]}}\
- {match {$rh_Cc:}{[\200-\377]}}}{true}{false}}
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ {match {$rh_Cc:}{[\200-\377]}}}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
message = improper use of 8-bit data in message header: message rejected
deny
- condition = ${if match {$rh_Subject:}{[^[:print:]]\{8\}}{true}{false}}
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if match {$rh_Subject:}{[^[:print:]]\{8\}}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
message = Your mailer is not RFC 2047 compliant: message rejected
<%- if has_variable?("clamd") && @clamd -%>
malware = */defer_ok
log_message = discarded malware message for $recipients
- deny condition = ${if eq {$acl_m_prf}{markup}{no}{yes}}
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ deny condition = ${if !eq {$acl_m_prf}{markup}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
<%- if scope.call_function('versioncmp', [@lsbmajdistrelease, '8']) <= 0 -%>
demime = *
<%- end -%>
discard condition = ${if <{$message_size}{256000}}
condition = ${if eq {$acl_m_prf}{blackhole}}
set acl_m_srb = ${perl{surblspamcheck}}
- condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ condition = ${if !eq{$acl_m_srb}{false}}
log_message = discarded surbl message for $recipients
deny condition = ${if <{$message_size}{256000}}
- condition = ${if eq {$acl_m_prf}{markup}{no}{yes}}
- condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
+ condition = ${if !eq {$acl_m_prf}{markup}}
+ condition = ${if !eq {$acl_m_prf}{PopconMail}}
set acl_m_srb = ${perl{surblspamcheck}}
- condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ condition = ${if !eq{$acl_m_srb}{false}}
log_message = $acl_m_srb
message = $acl_m_srb
warn condition = ${if <{$message_size}{256000}}
condition = ${if eq {$acl_m_prf}{markup}}
set acl_m_srb = ${perl{surblspamcheck}}
- condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ condition = ${if !eq{$acl_m_srb}{false}}
message = X-Surbl-Hit: $primary_hostname: $acl_m_srb
<%- end -%>
# Check header_sender except for survey@popcon.d.o
- deny condition = ${if eq{$acl_m_prf}{PopconMail}{false}{true}}
+ deny condition = ${if !eq{$acl_m_prf}{PopconMail}}
!verify = header_sender
message = No valid sender found in the From:, Sender: and Reply-to: headers
projects / mirror / dsa-puppet.git / commitdiff