Mention that we verified the cert

[dsa-puppet.git] / modules / exim / files / common / exim4.conf
diff --git a/modules/exim/files/common/exim4.conf b/modules/exim/files/common/exim4.conf

index 65da8dc56a7ce44ffc67a212bf5e0ee42647b8c0..26464c2ac8459644e566f183499a0cce77c7d930 100644 (file)
--- a/modules/exim/files/common/exim4.conf
+++ b/modules/exim/files/common/exim4.conf
@@ -197,8 +197,12 @@ queue_list_requires_admin = false
  av_scanner = CLAMAV
  .endif
  
-.ifdef HAVE_USER_DEBBUGS MAIL_RELAY STUPID_FIREWALL
+.ifdef HAVE_USER_DEBBUGS MAIL_RELAY MAIL_IN_VIA_SUBMISSION
  daemon_smtp_ports = 25 : 587
+.else
+.ifdef MAIL_IN_VIA_2025
+daemon_smtp_ports = 25 : 2025
+.endif
  .endif
  
  admin_groups = adm
@@ -212,6 +216,14 @@ smtp_enforce_sync = true
  
  log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation
  
+received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
+                                 {${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
+                                 ${if and {{eq {$tls_certificate_verified}{1}}{def:tls_peerdn}}{from $tls_peerdn (verified)\n\t}}\
+                                 by $primary_hostname ${if def:received_protocol {with $received_protocol}} ${if def:tls_cipher {($tls_cipher)\n\t}}\
+                                 (Exim $version_number)\n\t\
+                                 ${if def:sender_address {(envelope-from <$sender_address>)\n\t}}\
+                                 id $message_exim_id${if def:received_for {\n\tfor $received_for}}
+
  # macro definitions.
  # Do not wrap!
  VDOMAINDATA = ${lookup{$domain}partial-lsearch{/etc/exim4/virtualdomains}{$value}}
@@ -517,7 +529,7 @@ check_recipient:
  
    warn    domains  = rt.debian.org
            set acl_m1 = RTMail
-          set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if match{$local_part}{[^+]+\\+\\d+} {RTMailRecipientHasSubaddress}}}}
+          set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{[^+]+\\+\\d+}}{match{$local_part}{[^+]+\\+new}}} {RTMailRecipientHasSubaddress}}}}
  
    warn    domains  = packages.qa.debian.org
            set acl_m1 = PTSMail
@@ -990,7 +1002,34 @@ bugs:
  .endif
  
  # This router delivers for rt.d.o
-rt:
+rt_force_new_verbose:
+  debug_print = "R: rt for $local_part+new@$domain"
+  driver = redirect
+  domains = rt.debian.org
+  require_files = /usr/bin/rt-mailgate : RT_QUEUE_MAP
+  local_parts = ${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}}
+  local_part_suffix = +new
+  pipe_transport = rt_pipe
+  data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
+  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+
+# FIXME: figure out how to generalize this approach so that all of the following would work
+# - rt+NNNN@rt.debian.org          : attach correspondence to ticket (verbose)
+# - rt+NNNN-quiesce@rt.debian.org  : attach correspondence to ticket (quiesce)
+# - rt+NNNN-<action>@rt.debian.org : attach correspondence to ticket (some action)
+# requires modification to custom condition in 'scrips'
+rt_force_new_quiesce:
+  debug_print = "R: rt for $local_part+new-quiesce@$domain"
+  driver = redirect
+  domains = rt.debian.org
+  require_files = /usr/bin/rt-mailgate : RT_QUEUE_MAP
+  local_parts = ${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}}
+  local_part_suffix = +new-quiesce
+  pipe_transport = rt_pipe
+  data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
+  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce"
+
+rt_otherwise:
    debug_print = "R: rt for $local_part@$domain"
    driver = redirect
    domains = rt.debian.org