Bring in some more changes from dsa-exim

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/exim/files/common/exim4.conf b/modules/exim/files/common/exim4.conf
index 85201374bc4ca676393b471d94907facafa3a5be..019a4e08a647e640a77960a5dc18d3a49d1f6d91 100644 (file)
--- a/modules/exim/files/common/exim4.conf
+++ b/modules/exim/files/common/exim4.conf
@@ -413,7 +413,7 @@ check_recipient:
   defer   !hosts         = +debianhosts
           condition      = ${if >{${eval:$acl_c1}}{0}}
           ratelimit      = 10 / 60m / per_rcpt / $sender_host_address
-          message        = slow down (no reverse dns, or dialup)
+          message        = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists))
 
 .ifdef HAVE_POLICYD
   # Check with policyd-weight - this only works with a version after etch's,
@@ -632,10 +632,12 @@ check_message:
           message        = Blackisted URI found in body
 
   deny    condition      = ${if eq {$acl_m1}{DBSignedMail}}
-          condition      = ${if and {{!match {$message_body}{PGP MESSAGE}}        \
-                                     {!match {$message_body}{PGP SIGNED MESSAGE}} \
-                                     {!match {$message_body}{PGP SIGNATURE}}      \
-                                    }                                             \
+          condition      = ${if and {{!match {$message_body}{PGP MESSAGE}}              \
+                                     {!match {$message_body}{PGP SIGNED MESSAGE}}       \
+                                     {!match {$message_body}{PGP SIGNATURE}}            \
+                                     {!match {$header_content-type:}{multipart/signed}} \
+                                     {!match {$header_content-type:}{pgp}}              \
+                                    }                                                   \
                             }
           message        = Mail to this address needs to be PGP-signed