X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/8d6026914fa894ed81b27415fc5914f9fa9d40a4..ebdaae1efe2eba3b67edbce8f2a6d256f97cae84:/cookbooks/exim/templates/default/exim4.conf.erb diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb index 3c187d699..d9d12f83b 100644 --- a/cookbooks/exim/templates/default/exim4.conf.erb +++ b/cookbooks/exim/templates/default/exim4.conf.erb @@ -330,9 +330,7 @@ acl_check_rcpt: # testing for an empty sending host field. accept hosts = : -<% if node[:lsb][:release].to_i >= 10.04 -%> control = dkim_disable_verify -<% end -%> ############################################################################# # The following section of the ACL is concerned with local parts that contain @@ -385,6 +383,11 @@ acl_check_rcpt: deny local_parts = root:postmaster:webmaster:abuse:support senders = : + # Block sender of spam backscatter + + deny senders = www-data@www.easyticket.de:*@email.realestate.co.nz:sipdentistry@mail.mediaworksonline.com:www-data@*.consoglobe.com:lina-noreply@jobstreet.com:apache@704210-web2.tristatecamera.com:webmaster@openstreetmap.org + !hosts = +relay_from_hosts + # Accept mail to postmaster in any local domain, regardless of the source, # and without verifying the sender. @@ -417,9 +420,7 @@ acl_check_rcpt: accept hosts = +relay_from_hosts control = submission -<% if node[:lsb][:release].to_i >= 10.04 -%> control = dkim_disable_verify -<% end -%> # Accept if the message arrived over an authenticated connection, from # any host. Again, these messages are usually from MUAs, so recipient @@ -428,9 +429,7 @@ acl_check_rcpt: accept authenticated = * control = submission -<% if node[:lsb][:release].to_i >= 10.04 -%> control = dkim_disable_verify -<% end -%> # Insist that any other recipient address that we accept is either in one of # our local domains, or is in a domain for which we explicitly allow @@ -498,6 +497,13 @@ acl_check_data: message = This message scored $spam_score SpamAssassin points. <% end -%> + # Deny spammy messages with headers of the form: + # X-PHP-Originating-Script: :.php + # X-PHP-Originating-Script: :.class.php + deny condition = ${if match {$h_X-PHP-Originating-Script:}{^[0-9]+:[A-Za-z]+(\\.class)?\\.php\$}} + !hosts = +relay_from_hosts + message = This message failed local spam checks. + # Accept the message. accept