X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/51db68ce3db19e407f230a45d6d351b66bab53a8..eac3fe1c2ebfb180334bfa7d1465b3b2fa38df69:/cookbooks/exim/templates/default/exim4.conf.erb diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb index be44f9294..ca868683a 100644 --- a/cookbooks/exim/templates/default/exim4.conf.erb +++ b/cookbooks/exim/templates/default/exim4.conf.erb @@ -330,9 +330,7 @@ acl_check_rcpt: # testing for an empty sending host field. accept hosts = : -<% if node[:lsb][:release].to_i >= 10.04 -%> control = dkim_disable_verify -<% end -%> ############################################################################# # The following section of the ACL is concerned with local parts that contain @@ -387,7 +385,8 @@ acl_check_rcpt: # Block sender of spam backscatter - deny senders = www-data@www.easyticket.de:*@email.realestate.co.nz + deny senders = www-data@www.easyticket.de:*@email.realestate.co.nz:sipdentistry@mail.mediaworksonline.com:www-data@*.consoglobe.com:lina-noreply@jobstreet.com:apache@704210-web2.tristatecamera.com:webmaster@openstreetmap.org + !hosts = +relay_from_hosts # Accept mail to postmaster in any local domain, regardless of the source, # and without verifying the sender. @@ -421,9 +420,7 @@ acl_check_rcpt: accept hosts = +relay_from_hosts control = submission -<% if node[:lsb][:release].to_i >= 10.04 -%> control = dkim_disable_verify -<% end -%> # Accept if the message arrived over an authenticated connection, from # any host. Again, these messages are usually from MUAs, so recipient @@ -432,9 +429,7 @@ acl_check_rcpt: accept authenticated = * control = submission -<% if node[:lsb][:release].to_i >= 10.04 -%> control = dkim_disable_verify -<% end -%> # Insist that any other recipient address that we accept is either in one of # our local domains, or is in a domain for which we explicitly allow @@ -502,6 +497,12 @@ acl_check_data: message = This message scored $spam_score SpamAssassin points. <% end -%> + # Deny spammy messages with headers of the form: + # X-PHP-Originating-Script: :.php + # X-PHP-Originating-Script: :.class.php + deny condition = ${if match {$h_X-PHP-Originating-Script:}{^[0-9]+:[A-Za-z]+(\\.class)?\\.php\$}} + message = This message failed local spam checks. + # Accept the message. accept