From 64915ab40b9d40efe69bb21bd40a4464adb15e77 Mon Sep 17 00:00:00 2001 From: "Adam D. Barratt" Date: Sun, 22 Sep 2019 20:25:00 +0100 Subject: [PATCH] eximconf.erb: standardise on style of condition checks From the Exim documentation: "If both strings are omitted, the result is the string true if the condition is true, and the empty string if the condition is false. This makes it less cumbersome to write custom ACL and router conditions." Signed-off-by: Adam D. Barratt --- modules/exim/templates/eximconf.erb | 136 ++++++++++++++-------------- 1 file changed, 68 insertions(+), 68 deletions(-) diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 0c8c4d8f6..d8f265a3c 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -295,7 +295,7 @@ acl_getprofile: warn recipients = survey@popcon.debian.org set acl_m_rprf = PopconMail - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} warn local_parts = +local_only_users domains = +local_domains @@ -309,92 +309,92 @@ acl_getprofile: set acl_m_rprf = localonly <%- end -%> - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} <%- if @is_rtmaster -%> warn domains = rt.debian.org set acl_m_rprf = RTMail - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} <%- end -%> <%- if @is_bugsmx -%> warn domains = bugs.debian.org set acl_m_rprf = BugsMail - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} <%- end -%> <%- if @is_packagesmaster -%> warn domains = packages.debian.org set acl_m_rprf = PackagesMail - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} <%- end -%> <%- if @is_packagesqamaster -%> warn recipients = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org set acl_m_rprf = PTSOwner - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} warn senders = : domains = packages.qa.debian.org condition = ${if match{$local_part}{\N^bounces+\N}} set acl_m_rprf = PTSListBounce - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} warn domains = packages.qa.debian.org set acl_m_rprf = PTSMail - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} <%- end -%> warn recipients = change@db.debian.org : changes@db.debian.org : chpasswd@db.debian.org : ping@db.debian.org : recommend@nm.debian.org set acl_m_rprf = DBSignedMail - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} warn domains = +virtual_domains condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}} condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{markup}} set acl_m_rprf = markup - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} warn domains = +virtual_domains condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}} condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{blackhole}} set acl_m_rprf = blackhole - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} warn domains = +virtual_domains condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}} condition = ${if eq{${lookup{$local_part}cdb{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}{$value}{}}}{markup}} set acl_m_rprf = markup - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} warn domains = +virtual_domains condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}} condition = ${if eq{${lookup{$local_part}cdb{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction.cdb}}}{$value}{}}}{blackhole}} set acl_m_rprf = blackhole - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} warn domains = +local_domains condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{markup}} set acl_m_rprf = markup - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} warn domains = +local_domains condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{blackhole}} set acl_m_rprf = blackhole - accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} + accept condition = ${if !eq {$acl_m_rprf}{}} warn set acl_m_rprf = normal @@ -424,7 +424,7 @@ check_helo: log_message = Hit on list.dnswl.org for $sender_host_address set acl_c_scr = ${eval:$acl_c_scr-10} - warn condition = ${if isip {$sender_helo_name}{true}{false}} + warn condition = ${if isip {$sender_helo_name}} log_message = remote host used IP address in HELO/EHLO greeting set acl_c_scr = ${eval:$acl_c_scr+20} @@ -451,9 +451,9 @@ check_helo: # if rDNS does not match helo name (both lower cased first), greylist. warn !hosts = +debianhosts - condition = ${if eq {$host_lookup_failed}{1}{no}{yes}} - condition = ${if def:sender_helo_name {yes}{no}} - condition = ${if eq {${lc:$sender_helo_name}}{${lc:$sender_host_name}}{no}{yes}} + condition = ${if !eq {$host_lookup_failed}{1}} + condition = ${if def:sender_helo_name} + condition = ${if !eq {${lc:$sender_helo_name}}{${lc:$sender_host_name}}} log_message = HELO doesn't match rDNS set acl_c_scr = ${eval:$acl_c_scr+8} @@ -478,7 +478,7 @@ check_helo: # skip matching on machines named .*smtp.*, since that's 4 already. This is a fairly # naive test, so it's not worth much - warn condition = ${if match {${lc:$sender_helo_name}}{smtp}{no}{yes}} + warn condition = ${if !match {${lc:$sender_helo_name}}{smtp}} condition = ${if match {${lc:$sender_helo_name}}{\N^[a-z0-9]+\.[a-z]+$\N}} condition = ${if match {${lc:$sender_helo_name}}{\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}} log_message = random HELO @@ -509,7 +509,7 @@ check_submission: defer log_message = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count message = Too many bad recipients, try again later - condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}} + condition = ${if > {${eval:$rcpt_fail_count}}{3}} defer ratelimit = 5 / 60m / per_rcpt / $sender_host_address @@ -545,7 +545,7 @@ check_recipient: condition = ${if eq{$acl_m_prf}{}} set acl_m_prf = $acl_m_rprf - defer condition = ${if eq{$acl_m_prf}{$acl_m_rprf}{no}{yes}} + defer condition = ${if !eq{$acl_m_prf}{$acl_m_rprf}} message = Different profile, please retry log_message = Only one profile at a time, please @@ -556,13 +556,13 @@ check_recipient: !acl = acl_spamlovers message = Too many bad recipients, try again later !hosts = +debianhosts - condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}} + condition = ${if > {${eval:$rcpt_fail_count}}{3}} # Dump spambots that are so stupid they say helo as our IP address drop !hosts = +debianhosts !acl = acl_spamlovers - condition = ${if eq {$sender_helo_name}{$interface_address}{yes}{no}} + condition = ${if eq {$sender_helo_name}{$interface_address}} message = HELO mismatch Forged HELO for ($sender_helo_name) # Also for spambots that say helo as us or one of our domains @@ -584,16 +584,16 @@ check_recipient: defer !hosts = +debianhosts !acl = acl_spamlovers - condition = ${if eq{$acl_m_frg}{}{no}{yes}} - condition = ${if eq{$sender_host_name}{}{yes}{no}} - condition = ${if eq{$host_lookup_failed}{1}{no}{yes}} + condition = ${if !eq{$acl_m_frg}{}} + condition = ${if eq{$sender_host_name}{}} + condition = ${if !eq{$host_lookup_failed}{1}} message = Access temporarily denied. Resolve failed PTR for $sender_host_address # If DNS works, go ahead and reject them drop !hosts = +debianhosts !acl = acl_spamlovers - condition = ${if and { {!eq{$acl_m_frg}{}}{!match{$sender_host_name}{${rxquote:$acl_m_frg}\N$\N}}}{yes}{no}} + condition = ${if and { {!eq{$acl_m_frg}{}}{!match{$sender_host_name}{${rxquote:$acl_m_frg}\N$\N}}}} message = HELO mismatch Forged HELO for ($sender_helo_name) # disabled accounts don't even get local mail. @@ -635,8 +635,8 @@ check_recipient: hosts = !+debianhosts message = mail from <$sender_address> not allowed externally - deny condition = ${if match_domain{$sender_address_domain}{+virtual_domains}{1}{0}} - condition = ${if exists {${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}}{1}{0}} + deny condition = ${if match_domain{$sender_address_domain}{+virtual_domains}} + condition = ${if exists {${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}}} condition = ${lookup{$sender_address_local_part}lsearch{${extract{directory}{VSENDERDOMAINDATA}{${value}/neversenders}}}{true}} message = no mail should ever come from <$sender_address> @@ -649,11 +649,11 @@ check_recipient: message = X-Packages-FromTo-Same: yes <%- end -%> - deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + deny condition = ${if !eq {$acl_m_prf}{PopconMail}} !verify = sender defer !hosts = +debianhosts - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} condition = ${if >{${eval:$acl_c_scr+0}}{0}} ratelimit = 10 / 60m / per_rcpt / $sender_host_address message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists) @@ -668,7 +668,7 @@ check_recipient: # closure, but I'm fairly sure it's now worth it, since the backport of # policyd-weight is trivial. warn !hosts = +debianhosts - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} set acl_m_pw = ${readsocket{inet:127.0.0.1:12525}\ {request=smtpd_access_policy\n\ protocol_state=RCPT\n\ @@ -686,39 +686,39 @@ check_recipient: # Defer on socket error defer !hosts = +debianhosts - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} - condition = ${if eq{$acl_m_pw}{socket failure}{yes}{no}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} + condition = ${if eq{$acl_m_pw}{socket failure}} message = Cannot connect to policyd-weight. Please try again later. # Set proposed action to $acl_m_act and message to $acl_m_mes warn !hosts = +debianhosts - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} set acl_m_mes = ${extract{action}{$acl_m_pw}} set acl_m_act = ${sg{$acl_m_pw}{\Naction=[^ ]+ (.*)\n\n\N}{\$1}} # Add X-policyd-weight header line to message warn !hosts = +debianhosts - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} message = $acl_m_mes - condition = ${if eq{$acl_m_act}{PREPEND}{yes}{no}} + condition = ${if eq{$acl_m_act}{PREPEND}} # Write log message, if policyd-weight can't run checks warn !hosts = +debianhosts - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} log_message = policyd-weight message: $acl_m_mes - condition = ${if eq{$acl_m_act}{DUNNO}{yes}{no}} + condition = ${if eq{$acl_m_act}{DUNNO}} # Deny mails which policyd-weight thinks are spam deny !hosts = +debianhosts - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} message = policyd-weight said: $acl_m_mes - condition = ${if eq{$acl_m_act}{550}{yes}{no}} + condition = ${if eq{$acl_m_act}{550}} # Defer messages when policyd-weight suggests so. defer !hosts = +debianhosts - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} message = policyd-weight said: $acl_m_mes - condition = ${if eq{$acl_m_act}{450}{yes}{no}} + condition = ${if eq{$acl_m_act}{450}} <%- end -%> <%- if @is_rtmaster -%> @@ -744,7 +744,7 @@ check_recipient: {/etc/greylistd/whitelist-hosts}{}} : \ ${if exists {/var/lib/greylistd/whitelist-hosts}\ {/var/lib/greylistd/whitelist-hosts}{}} - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} !authenticated = * domains = +handled_domains condition = ${readsocket{/var/run/greylistd/socket}\ @@ -760,15 +760,15 @@ check_recipient: warn !senders = : !hosts = : +debianhosts : WHITELIST - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} - condition = ${if def:acl_m_grey {no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} + condition = ${if ! def:acl_m_grey} set acl_m_grey = $pid.$tod_epoch.$sender_host_port # and defers the message if postgrey thinks it should be defered ... defer !senders = : !hosts = : +debianhosts : WHITELIST - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} !authenticated = * domains = +handled_domains local_parts = GREYLIST_LOCAL_PARTS @@ -797,7 +797,7 @@ check_recipient: warn !senders = : !hosts = : +debianhosts : WHITELIST - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} !authenticated = * domains = +handled_domains local_parts = GREYLIST_LOCAL_PARTS @@ -873,21 +873,21 @@ acl_check_mime: discard condition = ${if <{$message_size}{256000}} condition = ${if eq {$acl_m_prf}{blackhole}} set acl_m_srb = ${perl{surblspamcheck}} - condition = ${if eq{$acl_m_srb}{false}{no}{yes}} + condition = ${if !eq{$acl_m_srb}{false}} log_message = discarded surbl message for $recipients deny condition = ${if <{$message_size}{256000}} - condition = ${if eq {$acl_m_prf}{markup}{no}{yes}} - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{markup}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} set acl_m_srb = ${perl{surblspamcheck}} - condition = ${if eq{$acl_m_srb}{false}{no}{yes}} + condition = ${if !eq{$acl_m_srb}{false}} log_message = $acl_m_srb message = $acl_m_srb warn condition = ${if <{$message_size}{256000}} condition = ${if eq {$acl_m_prf}{markup}} set acl_m_srb = ${perl{surblspamcheck}} - condition = ${if eq{$acl_m_srb}{false}{no}{yes}} + condition = ${if !eq{$acl_m_srb}{false}} message = X-Surbl-Hit: $primary_hostname: $acl_m_srb accept @@ -918,7 +918,7 @@ check_message: <%- if @is_packagesqamaster -%> deny !hosts = +debianhosts condition = ${if eq {$acl_m_prf}{PTSMail}} - condition = ${if def:h_X-PTS-Approved:{false}{true}} + condition = ${if !def:h_X-PTS-Approved:} message = messages to the PTS require an X-PTS-Approved header <%- end -%> @@ -935,7 +935,7 @@ check_message: accept verify = certificate accept hosts = +debianhosts - deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + deny condition = ${if !eq {$acl_m_prf}{PopconMail}} !verify = header_syntax message = Invalid header syntax: $acl_verify_message @@ -946,13 +946,13 @@ check_message: condition = ${if or {{match {$rh_Subject:}{[\200-\377]}}\ {match {$rh_To:}{[\200-\377]}}\ {match {$rh_From:}{[\200-\377]}}\ - {match {$rh_Cc:}{[\200-\377]}}}{true}{false}} - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + {match {$rh_Cc:}{[\200-\377]}}}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} message = improper use of 8-bit data in message header: message rejected deny - condition = ${if match {$rh_Subject:}{[^[:print:]]\{8\}}{true}{false}} - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if match {$rh_Subject:}{[^[:print:]]\{8\}}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} message = Your mailer is not RFC 2047 compliant: message rejected <%- if has_variable?("clamd") && @clamd -%> @@ -963,8 +963,8 @@ check_message: malware = */defer_ok log_message = discarded malware message for $recipients - deny condition = ${if eq {$acl_m_prf}{markup}{no}{yes}} - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + deny condition = ${if !eq {$acl_m_prf}{markup}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} <%- if scope.call_function('versioncmp', [@lsbmajdistrelease, '8']) <= 0 -%> demime = * <%- end -%> @@ -983,26 +983,26 @@ check_message: discard condition = ${if <{$message_size}{256000}} condition = ${if eq {$acl_m_prf}{blackhole}} set acl_m_srb = ${perl{surblspamcheck}} - condition = ${if eq{$acl_m_srb}{false}{no}{yes}} + condition = ${if !eq{$acl_m_srb}{false}} log_message = discarded surbl message for $recipients deny condition = ${if <{$message_size}{256000}} - condition = ${if eq {$acl_m_prf}{markup}{no}{yes}} - condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} + condition = ${if !eq {$acl_m_prf}{markup}} + condition = ${if !eq {$acl_m_prf}{PopconMail}} set acl_m_srb = ${perl{surblspamcheck}} - condition = ${if eq{$acl_m_srb}{false}{no}{yes}} + condition = ${if !eq{$acl_m_srb}{false}} log_message = $acl_m_srb message = $acl_m_srb warn condition = ${if <{$message_size}{256000}} condition = ${if eq {$acl_m_prf}{markup}} set acl_m_srb = ${perl{surblspamcheck}} - condition = ${if eq{$acl_m_srb}{false}{no}{yes}} + condition = ${if !eq{$acl_m_srb}{false}} message = X-Surbl-Hit: $primary_hostname: $acl_m_srb <%- end -%> # Check header_sender except for survey@popcon.d.o - deny condition = ${if eq{$acl_m_prf}{PopconMail}{false}{true}} + deny condition = ${if !eq{$acl_m_prf}{PopconMail}} !verify = header_sender message = No valid sender found in the From:, Sender: and Reply-to: headers -- 2.20.1