# testing for an empty sending host field.
accept hosts = :
-<% if node[:lsb][:release].to_i >= 10.04 -%>
control = dkim_disable_verify
-<% end -%>
#############################################################################
# The following section of the ACL is concerned with local parts that contain
accept hosts = +relay_from_hosts
control = submission
-<% if node[:lsb][:release].to_i >= 10.04 -%>
control = dkim_disable_verify
-<% end -%>
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
accept authenticated = *
control = submission
-<% if node[:lsb][:release].to_i >= 10.04 -%>
control = dkim_disable_verify
-<% end -%>
# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
message = This message scored $spam_score SpamAssassin points.
<% end -%>
+ # Deny spammy messages with headers of the form:
+ # X-PHP-Originating-Script: <digits>:<name>.php
+ # X-PHP-Originating-Script: <digits>:<name>.class.php
+ deny condition = ${if match {$h_X-PHP-Originating-Script:}{^[0-9]+:[A-Za-z]+(\\.class)?\\.php\$}}
+ !hosts = +relay_from_hosts
+ message = This message failed local spam checks.
+
# Accept the message.
accept
projects / chef.git / blobdiff