domainlist handled_domains = +local_domains : +virtual_domains : +bsmtp_domains
+domainlist ourself_and_handled = $primary_hostname : +handled_domains
+
localpartlist local_only_users = lsearch;/etc/exim4/localusers
localpartlist postmasterish = postmaster : abuse : hostmaster
hostlist debianhosts = <; ; 127.0.0.1 ; ::1 ; /var/lib/misc/thishost/debianhosts ; 89.16.166.49 ; 82.195.75.76 ; 2001:41b8:202:deb:bab5:0:52c3:4b4c
-hostlist reservedaddrs = <%= scope.lookupvar('site::nodeinfo')['reservedaddrs'] %>
+hostlist reservedaddrs = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : 172.16.0.0/12 : 192.0.0.0/24 : 192.168.0.0/16 : 224.0.0.0/4 : 240.0.0.0/5 : 248.0.0.0/5
<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
# Domains we relay for; that is domains that aren't considered local but we
smtp_load_reserve = 20
<%- else -%>
queue_run_max = 5
+<%- if scope.lookupvar('::processorcount').to_s != 'undefined' -%>
deliver_queue_load_max = <%= [scope.lookupvar('::processorcount').to_i,2].max * 5 %>
queue_only_load = <%= [scope.lookupvar('::processorcount').to_i,2].max * 4 %>
+<%- else -%>
+deliver_queue_load_max = 10
+queue_only_load = 8
+<%- end -%>
<%- end -%>
queue_list_requires_admin = false
drop !hosts = +debianhosts
!acl = acl_spamlovers
- condition = ${if match_domain{$sender_helo_name}{$primary_hostname:+handled_domains}}
+ condition = ${if match_domain{$sender_helo_name}{+ourself_and_handled}}
condition = ${if !match{$sender_host_name}{${rxquote:$sender_helo_name}\N$\N}}
message = HELO mismatch Forged HELO for ($sender_helo_name)
<%- end -%>
accept local_parts = +postmasterish
- domains = +handled_domains
+ domains = +virtual_domains : +bsmtp_domains
deny hosts = ${if exists{/etc/exim4/host_blacklist}{/etc/exim4/host_blacklist}{}}
message = I'm terribly sorry, but it seems you have been blacklisted
${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-callout}{$local_part}{}}
!hosts = +debianhosts : WHITELIST
!verify = sender/callout=90s,maxwait=300s
+ message = "Sender verification failed: $acl_verify_message"
<%- end -%>
<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
<%- end -%>
<%- if scope.lookupvar('site::nodeinfo')['packagesqamaster'] -%>
- deny !hosts = +debianhosts : 217.196.43.134
+ deny !hosts = +debianhosts : 5.153.231.21
condition = ${if eq {$acl_m_prf}{PTSMail}}
condition = ${if def:h_X-PTS-Approved:{false}{true}}
message = messages to the PTS require an X-PTS-Approved header
deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
!verify = header_syntax
- message = Invalid syntax in the header
+ message = Invalid header syntax: $acl_verify_message
# RFC 822 and 2822 say that headers must be ASCII. This kinda emulates
# postfix's strict_7bit_headers option, but only checks a few common problem
<%=
out = ""
if not scope.lookupvar('site::nodeinfo')['smarthost'].empty?
-out = '
+out = "
smarthost:
- debug_print = "R: smarthost for $local_part@$domain"
+ debug_print = \"R: smarthost for $local_part@$domain\"
driver = manualroute
domains = !+handled_domains
transport = remote_smtp_smarthost
- route_list = * ' + scope.lookupvar('site::nodeinfo')['smarthost']
- if scope.lookupvar('site::nodeinfo')['smarthost'] == 'mailout.debian.org'
- out += '/MX'
- end
- out += '
+ route_list = * #{scope.lookupvar('site::nodeinfo')['smarthost']}
host_find_failed = defer
same_domain_copy_routing = yes
no_more
-'
+"
end
out
%>
unseen = true
expn = true
local_parts = +postmasterish
- domains = +handled_domains
+ domains = +virtual_domains : +bsmtp_domains
data = debian-admin@debian.org
headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
user = Debian-exim
no_check_local_user
directory_transport = address_directory
-<%- if fqdn == "master.debian.org" -%>
- domains = +local_domains : debian.org
-<%- else -%>
domains = +local_domains
-<%- end -%>
# filter - I have disabled filtering to force users to use .forward-foo files
# or procmail. This will make it easier to move mailers in the future
#
check_ancestor
check_local_user
directory_transport = address_directory
-<%- if fqdn == "master.debian.org" -%>
- domains = +local_domains : debian.org
-<%- else -%>
domains = +local_domains
-<%- end -%>
# filter - I have disabled filtering to force users to use .forward-foo files
# or procmail. This will make it easier to move mailers in the future
#
debug_print = "R: procmail for $local_part@$domain"
driver = accept
check_local_user
-<%- if fqdn == "master.debian.org" -%>
- domains = +local_domains : debian.org
-<%- else -%>
domains = +local_domains
-<%- end -%>
headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
local_part_suffix = -*
local_part_suffix_optional
file_transport = address_file
pipe_transport = address_pipe
domains = packages.debian.org
- require_files = /org/packages.debian.org/conf/maintainer
- data = ${lookup{$local_part}cdb{/org/packages.debian.org/conf/maintainer.cdb}}
+ require_files = /srv/packages.debian.org/conf/maintainer
+ data = ${lookup{$local_part}cdb{/srv/packages.debian.org/conf/maintainer.cdb}}
headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
- transport_home_directory = /org/packages.debian.org/mail
- transport_current_directory = /org/packages.debian.org/mail
+ transport_home_directory = /srv/packages.debian.org/mail
+ transport_current_directory = /srv/packages.debian.org/mail
check_ancestor
retry_use_local_part
no_more
transport_current_directory = ${extract{directory}{VDOMAINDATA}}
user = ${extract{user}{VDOMAINDATA}}
group = ${extract{group}{VDOMAINDATA}}
- data = ${if exists{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}\
- {${lookup{$local_part}cdb\
- {${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}}}
+ # Manually construct the forwarding address, preserving the
+ # local_part_suffix if the remote host is master.
+ data = ${if and {{exists{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}\
+ {! eq {${lookup{$local_part}cdb\
+ {${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}}\
+ {}}}\
+ {${local_part:${lookup{$local_part}cdb\
+ {${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}}\
+ ${if eq {${domain:${lookup{$local_part}cdb\
+ {${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}}}{master.debian.org}{$local_part_suffix} {}}\
+ @\
+ ${domain:${lookup{$local_part}cdb\
+ {${extract{directory}{VDOMAINDATA}{${value}/mail-forward.cdb}}}}}}}
domains = +virtual_domains
file_transport = address_file
headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
remote_smtp:
driver = smtp
- connect_timeout = 1m
+ connect_timeout = 15s
delay_after_cutoff = false
tls_certificate = /etc/exim4/ssl/thishost.crt
tls_privatekey = /etc/exim4/ssl/thishost.key