X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/aa1d729df909b6579ed63e7ce4162ec5ed12aa17..75c5da85dcd5a6b5b66040dfd838c2bbf30ba4d5:/cookbooks/exim/templates/default/exim4.conf.erb diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb index 5766cd2f1..e9cb2b9c1 100644 --- a/cookbooks/exim/templates/default/exim4.conf.erb +++ b/cookbooks/exim/templates/default/exim4.conf.erb @@ -330,9 +330,7 @@ acl_check_rcpt: # testing for an empty sending host field. accept hosts = : -<% if node[:lsb][:release].to_i >= 10.04 -%> control = dkim_disable_verify -<% end -%> ############################################################################# # The following section of the ACL is concerned with local parts that contain @@ -422,9 +420,7 @@ acl_check_rcpt: accept hosts = +relay_from_hosts control = submission -<% if node[:lsb][:release].to_i >= 10.04 -%> control = dkim_disable_verify -<% end -%> # Accept if the message arrived over an authenticated connection, from # any host. Again, these messages are usually from MUAs, so recipient @@ -433,9 +429,7 @@ acl_check_rcpt: accept authenticated = * control = submission -<% if node[:lsb][:release].to_i >= 10.04 -%> control = dkim_disable_verify -<% end -%> # Insist that any other recipient address that we accept is either in one of # our local domains, or is in a domain for which we explicitly allow @@ -503,6 +497,12 @@ acl_check_data: message = This message scored $spam_score SpamAssassin points. <% end -%> + # Deny spammy messages with headers of the form: + # X-PHP-Originating-Script: :SendMail.class.php + # X-PHP-Originating-Script: :ExtendedMail.class.php + deny condition = ${if match {$h_X-PHP-Originating-Script:}{^[0-9]+:(Send|Extended)Mail\\.class\\.php\$}} + message = This message failed local spam checks. + # Accept the message. accept