log_message = Only one profile at a time, please
# Defer after too many bad RCPT TO's. Legit MTAs will retry later.
- # This is a rough pass at preventing addres harvesting or other mail blasts.
+ # This is a rough pass at preventing address harvesting or other mail blasts.
defer log_message = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count
!acl = acl_spamlovers
<%- end -%>
<%- if nodeinfo['rtmaster'] -%>
warn condition = ${if eq{$acl_m_prf}{RTMail}}
- set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}} {RTMailRecipientHasSubaddress}}}}
+ set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}{match{$local_part}{3520}}} {RTMailRecipientHasSubaddress}}}}
+ # temporary hack because weasel screwed up and gave people an rt-3520@ address, which doesn't really work normally.
+ #set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}} {RTMailRecipientHasSubaddress}}}}
+
<%- end -%>
<%- if has_variable?("greylistd") && greylistd == "true" -%>
<%- if nodeinfo.has_key?('heavy_exim') and nodeinfo['heavy_exim'] -%>
acl_check_mime:
+ accept verify = certificate
+ accept hosts = +debianhosts
+
discard condition = ${if <{$message_size}{256000}}
condition = ${if eq {$acl_m_prf}{blackhole}}
set acl_m_srb = ${perl{surblspamcheck}}
#!!# ACL that is used after the DATA command
check_message:
+
+ # Some people put from hostmaster@something.debian.org in the From
+ # header. Take their crack pipe away.
+ drop condition = ${if match{${lc:$h_From:}}{\Npostmaster@([^.]+\.)?debian\.org\N}}
+
<%- if nodeinfo['rtmaster'] -%>
deny condition = ${if eq {$acl_m_prf}{RTMail}}
condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \
begin rewrite
\N^buildd_(.*)@franck\.debian\.org$\N buildd_$1@buildd.debian.org T
-\N^buildd_(.*)@klecker\.debian\.org$\N buildd_$1@buildd.debian.org T
*@debian.org ${lookup{$1}cdb{/var/lib/misc/${primary_hostname}/mail-forward.cdb}{$value}fail} T
*@people.debian.org ${lookup{$1}cdb{/var/lib/misc/${primary_hostname}/mail-forward.cdb}{$value}fail} T
#*@${primary_hostname} "${if exists{/etc/exim4/email-addresses}{${lookup{$1}lsearch{/etc/exim4/email-addresses}{$value}fail}}fail}" fFs
transport_home_directory = ${extract{directory}{VDOMAINDATA}}
user = ${extract{user}{VDOMAINDATA}}
+# No direct match, so try doing a regex match if there's an
+# aliases.regex
+virt_aliases_regex:
+ debug_print = "R: virt_aliases_regex for $local_part$local_part_suffix@$domain"
+ driver = redirect
+ allow_defer
+ allow_fail
+ data = ${if exists{\
+ ${extract{directory}{VDOMAINDATA}{${value}/aliases.regex}}}\
+ {${lookup{$local_part}nwildlsearch*{\
+ ${extract{directory}{VDOMAINDATA}{$value/aliases.regex}}\
+ }}}}
+ directory_transport = address_directory
+ domains = +virtual_domains
+ file_transport = ${if eq {${extract{group_writable}{VDOMAINDATA}}}{true}{address_file_group}{address_file}}
+ cannot_route_message = Unknown user
+ group = ${extract{group}{VDOMAINDATA}}
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+ pipe_transport = address_pipe
+ qualify_preserve_domain
+ retry_use_local_part
+ transport_current_directory = ${extract{directory}{VDOMAINDATA}}
+ transport_home_directory = ${extract{directory}{VDOMAINDATA}}
+ user = ${extract{user}{VDOMAINDATA}}
+
userforward:
debug_print = "R: userforward for $local_part${local_part_suffix}@$domain"
driver = redirect
local_part_suffix = +new
pipe_transport = rt_pipe
data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
- headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+ headers_remove = Subject
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}"
# FIXME: figure out how to generalize this approach so that all of the following would work
# - rt+NNNN@rt.debian.org : attach correspondence to ticket (verbose)
local_part_suffix = +new-quiesce
pipe_transport = rt_pipe
data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
- headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce"
+ headers_remove = Subject
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}"
rt_otherwise:
debug_print = "R: rt for $local_part@$domain"
local_part_suffix_optional
pipe_transport = rt_pipe
data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
- headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+ headers_remove = Subject
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}"
<%- end -%>
projects / dsa-puppet.git / blobdiff