From d992a9ed3e6632a998aaca2ff3d2e767e8b172f2 Mon Sep 17 00:00:00 2001
From: Christian Boltz <cboltz@opensuse.org>
Date: Feb 09 2022 17:12:13 +0000
Subject: Merge branch 'bugfix/mx-last-changes' into 'production'


Bugfix/mx last changes

See merge request infra/salt!540
---

diff --git a/pillar/role/mailserver.sls b/pillar/role/mailserver.sls
index 5d68090..3de8548 100644
--- a/pillar/role/mailserver.sls
+++ b/pillar/role/mailserver.sls
@@ -52,10 +52,10 @@ profile:
       smtpd_tls_loglevel: 1
       smtpd_tls_CAfile: '/etc/postfix/LetsEncryptCA_chain.crt'
       smtpd_tls_CApath: '/etc/ssl/certs'
-      smtpd_tls_cert_file: '/etc/postfix/star_opensuse_org_rsa_letsencrypt.crt'
-      smtpd_tls_key_file: ' /etc/postfix/star_opensuse_org_rsa_letsencrypt_key.pem'
-      smtpd_tls_eccert_file: '/etc/postfix/star_opensuse_org_ecdsa_letsencrypt.crt'
-      smtpd_tls_eckey_file: ' /etc/postfix/star_opensuse_org_ecdsa_letsencrypt_key.pem'
+      smtpd_tls_cert_file: '/etc/ssl/services/star_opensuse_org_rsa_letsencrypt_fullchain_key_dh.pem'
+      smtpd_tls_key_file: '$smtpd_tls_cert_file'
+      smtpd_tls_eccert_file: '/etc/ssl/services/star_opensuse_org_ecdsa_letsencrypt_fullchain_key_dh.pem'
+      smtpd_tls_eckey_file: '$smtpd_tls_eccert_file'
       # 20200709 I have some names in /etc/hosts that are needed
       smtp_host_lookup: 'native'
       # 20200708 see http://www.postfix.org/SMTPUTF8_README.html
@@ -119,6 +119,7 @@ zypper:
     postgrey: {}
     clamav: {}
     spamassassin: {}
+    perl-razor-agents: {}
     mailgraph: {}
     mariadb-client: {}
     nsca-client: {}
diff --git a/salt/profile/mailserver/files/cron/member_aliases b/salt/profile/mailserver/files/cron/member_aliases
index 94f0233..8bfb3de 100644
--- a/salt/profile/mailserver/files/cron/member_aliases
+++ b/salt/profile/mailserver/files/cron/member_aliases
@@ -2,5 +2,4 @@
 SHELL=/bin/sh
 PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/local/bin/
 MAILTO=admin-auto@opensuse.org
-0 * * * * root /usr/local/bin/get_member_aliases
-
+5 * * * * root /usr/local/bin/get_member_aliases
diff --git a/salt/profile/mailserver/files/cron/regen_dh_primes b/salt/profile/mailserver/files/cron/regen_dh_primes
index cf8cbb8..bdd8141 100644
--- a/salt/profile/mailserver/files/cron/regen_dh_primes
+++ b/salt/profile/mailserver/files/cron/regen_dh_primes
@@ -6,4 +6,3 @@ openssl dhparam -out dh512.tmp 512   2>/dev/null && mv dh512.tmp dh512.pem
 openssl dhparam -out dh1024.tmp 1024 2>/dev/null && mv dh1024.tmp dh1024.pem
 openssl dhparam -out dh2048.tmp 2048 2>/dev/null && mv dh2048.tmp dh2048.pem
 chmod 644 dh512.pem dh1024.pem dh2048.pem
-
diff --git a/salt/profile/mailserver/files/header_checks b/salt/profile/mailserver/files/header_checks
index 20d5088..9ba0b83 100644
--- a/salt/profile/mailserver/files/header_checks
+++ b/salt/profile/mailserver/files/header_checks
@@ -1,3 +1,8 @@
 /^X-Spam-Virus:[\s\t]+yes[\s]+(.+)/     reject Virus identified $1
 /^X-Spam-Status:[\s\t]+yes.*score=([0-9.]+).*required=([0-9.]+)/        reject Spam identified ($1/$2)
 
+if /^Subject:.*New Tumbleweed snapshot.*released/
+if /^To:.*(factory@lists.|opensuse-factory@)opensuse.org/
+!/^From:.*dimstar@(opensuse.org|suse.de)/  REJECT  please dont do that
+endif
+endif
diff --git a/salt/profile/mailserver/files/manually-blocked-users b/salt/profile/mailserver/files/manually-blocked-users
index 661b8cd..e84005e 100644
--- a/salt/profile/mailserver/files/manually-blocked-users
+++ b/salt/profile/mailserver/files/manually-blocked-users
@@ -10,3 +10,5 @@ formacionintegral21.com	reject Rejected as spam.
 learningzoneasia.com	reject Rejected as spam.
 ilearnexperience.com	reject Rejected as spam.
 integracionprofesional21.com reject Rejected as spam.
+innovalearnonline.com   reject Rejected as spam.
+innovalearntraining.com reject Rejected as spam.
diff --git a/salt/profile/mailserver/files/spamassassin/opensuse.cf b/salt/profile/mailserver/files/spamassassin/opensuse.cf
index 2947dae..8a9a9cf 100644
--- a/salt/profile/mailserver/files/spamassassin/opensuse.cf
+++ b/salt/profile/mailserver/files/spamassassin/opensuse.cf
@@ -7,7 +7,6 @@ whitelist_to    *+help@opensuse.org
 whitelist_to    *+confunsub-*@opensuse.org
 whitelist_to    *+confsub-*@opensuse.org
 
-
 # ditto for mailman commands
 whitelist_to    *-confirm+*@lists.opensuse.org
 whitelist_to    *-join@lists.opensuse.org
diff --git a/salt/profile/mailserver/files/virtual-opensuse-aliases b/salt/profile/mailserver/files/virtual-opensuse-aliases
index 3efb194..a64be3c 100644
--- a/salt/profile/mailserver/files/virtual-opensuse-aliases
+++ b/salt/profile/mailserver/files/virtual-opensuse-aliases
@@ -32,11 +32,9 @@ mailer-daemon           per@opensuse.org
 # 20200916 https://progress.opensuse.org/issues/70891
 redmine@opensuse.org    redmine+admin@progress.infra.opensuse.org
 
-
 # https://progress.opensuse.org/issues/99726
 tweet-os@opensuse.org   social.media@opensuse.org
 social.media@opensuse.org       ddemaio@opensuse.org henne.vogelsang@opensuse.org
 
 # 20211215 pjessen, cboltz
 security@opensuse.org   admin-auto@opensuse.org, security@suse.de
-