acl_check_rcpt: warn set acl_m_smtp_command_rcpt_to = $smtp_command warn set acl_m_smtp_command_rcpt_tos = ${acl_m_smtp_command_rcpt_tos}${smtp_command}\n warn set acl_m9 = ${sg{${sg{$acl_m13}{\Nabuse_or_postmaster=\d*\N}{}}}{\Nwhite_list_compat=\d*\N}{}} # обнуляем счетчик баллов для опционального грейлистинга warn set acl_c8 = scores=0 log_message= # Проверка адреса отправителя в blacklist-ах warn set acl_m1 = set acl_m0 = ${lookup{$sender_address}wildlsearch{CONFDIR/access-mail}\ {${if eq{$value}{}{REJECT}{$value}}}{}\ } condition = ${if eq{$acl_m0}{}{no}{yes}} set acl_m1 = ${extract{1}{:}{$acl_m0}} acl = normalize_action set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m2 = ${if eq{$acl_m2}{}{Access denied}{$acl_m2}} set acl_m0 = ${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${if eq{$acl_m0}{}{sender address blacklisted${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} warn condition = ${if match{$acl_m1}{warn}{yes}{no}} log_message = $acl_m0${if eq{${extract{pause}{$acl_m1}}}{}{}{: message delayed for ${extract{pause}{$acl_m1}}s}} add_header = X-Warn-Sender: $acl_m2 warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m15 = ${acl_m15}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} log_message = $acl_m0 message = ${expand:$acl_m2} defer condition = ${if match{$acl_m1}{defer}{yes}{no}} log_message = $acl_m0 message = ${expand:$acl_m2} drop condition = ${if match{$acl_m1}{drop}{yes}{no}} log_message = $acl_m0 message = ${expand:$acl_m2} # Проверка существования получателей # Защита от словарных аттак drop log_message = Dictionary attack ($rcpt_fail_count failed probes). Dropping connection message = User unknown (${eval:$rcpt_fail_count+1} failed queries) condition = ${if >{$rcpt_fail_count}{${eval:5-2}} {1}{0}} delay = 30s domains = +local_domains ! verify = recipient # Поиск адреса получетеля в virtusertable warn set acl_m0 = warn condition = ${if eq{$acl_m0}{}{yes}{no}} domains = +virtuser_domains : +local_domains set acl_m0 = ${sg{\ ${lookup{$local_part@$domain}wildlsearch{CONFDIR/virtusertable}\ {$value}{\ ${lookup{@$domain}wildlsearch{CONFDIR/virtusertable}{$value}{}}\ }}\ }{\N%1\N}{$local_part}} deny condition = ${if match{$acl_m0}{\N(?i)^\s*(deny|reject)\s*:(.+)$\N}{yes}{no}} message = ${if match{$acl_m0}{\N(?i)^\s*(deny|reject)\s*:(.+)$\N}{$2}{}} defer condition = ${if match{$acl_m0}{\N(?i)^\s*defer\s*:(.+)$\N}{yes}{no}} message = ${if match{$acl_m0}{\N(?i)^\s*defer\s*:(.+)$\N}{$1}{}} # Проверка существования получателей из локальных доменов deny condition = ${if eq{$acl_m_skip_verify_recipient}{yes}{no}{yes}} domains = +local_domains message = User unknown log_message = User unknown ! verify = recipient # Проверка существования получетеля из домена MS Exchange deny domains = +exchange_domains ! recipients = @@wildlsearch;CONFDIR/skip_exch_check ! verify = recipient/callout deny hosts = +relay_from_hosts ! verify = recipient/defer_ok deny authenticated = * ! verify = recipient/defer_ok warn set acl_m0 = domains = +local_domains local_parts = postmaster : abuse set acl_m0 = abuse set acl_m9 = abuse_or_postmaster=1 $acl_m9 set acl_m13 = abuse_or_postmaster=1 $acl_m13 warn set acl_m1 = no hosts = +relay_from_hosts set acl_m1 = yes warn authenticated = * set acl_m1 = yes warn condition = $acl_m1 condition = ${if eq{$acl_m0}{accept}{yes}{no}} condition = ${if eq{\ ${perl{dbm_save}{/var/spool/exim/db/greylist.db}\ {0.0.0.0|$local_part@$domain|$sender_address}\ {\ block_expires=$tod_epoch \ record_expires=${eval:$tod_epoch+240*60} \ blocked_count=0 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} # accept condition = ${if eq{$acl_m9}{}{no}{yes}} accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m9}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m9}}}{1}}\ {eq{${extract{authenticated}{$acl_m9}}}{1}}\ }{yes}{no}} accept domains = +local_domains # condition = ${if eq{$acl_m9}{}{no}{yes}} # condition = ${if eq{${sg{$acl_m9}{\N\s*spam_hater=1\s*}{}}}{}{no}{yes}} condition = ${if or{\ {eq{${extract{submitted}{$acl_m9}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m9}}}{1}}\ {eq{${extract{authenticated}{$acl_m9}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m9}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m9}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m9}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m9}}}{1}}\ }{yes}{no}} # Проверка корректности почтового ящика получателя deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # Проверка HELO/EHLO: # Наличие в HELO наших адресов/доменов # HELO used our own credentials deny condition = ${if eq{$interface_address}{}{no}{yes}} condition = ${if eq{$sender_helo_name}{[$interface_address]}{yes}{no}} message = Invalid greeting used log_message = HELO used my own credentials deny condition = ${if eq{$sender_helo_name}{$primary_hostname}{yes}{no}} message = Invalid greeting used log_message = HELO used my own credentials deny condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}} message = Invalid greeting used log_message = HELO used my own credentials # HELO, состоящих из одной точки, или без точки # HELO is With only Point or Without Point deny condition = ${if match{$sender_helo_name}{\N\|\N}{no}{yes}} condition = ${if match{$sender_helo_name}{\N^<.*>$\N}{no}{yes}} condition = ${if or{\ {!match{$sender_helo_name}{\N\.\N}} \ {match{$sender_helo_name}{\N^\.$\N}} \ {match{$sender_helo_name}{\N\.\.\N}} \ {match{$sender_helo_name}{\N^\.\N}} \ {match{$sender_helo_name}{\N^[^\.]+\.$\N}} \ {match{$sender_helo_name}{\N@\N}} \ }{yes}{no}} message = Invalid greeting used log_message = HELO is With only Point or Without Point ($sender_helo_name) # HELO в виде IP адреса # HELO used IP address # 5xx в случае указания IP адреса в качестве HELO deny condition = ${if isip{$sender_helo_name}{yes}{no}} message = Invalid greeting used log_message = HELO used IP address # Проверка наличия HELO в черном списке # в т. ч. проверка HELO в виде имени хоста, принадлежащего к dial-up/dsl/cable сетям warn set acl_m1 = set acl_m0 = ${lookup{$sender_host_address}\ iplsearch{CONFDIR/access-helo}\ {${if eq{$value}{}{REJECT}{$value}}}\ {\ ${lookup{$sender_helo_name}\ wildlsearch{CONFDIR/access-helo}\ {${if eq{$value}{}{REJECT}{$value}}}\ {no}}\ }} condition = ${if eq{$acl_m0}{no}{no}{yes}} set acl_m1 = ${extract{1}{:}{$acl_m0}} acl = normalize_action set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${if eq{$acl_m0}{}{helo $sender_helo_name blacklisted${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} # set acl_m2 = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} # Warning в случае принадлежности HELO к blacklisted сетям # Warning if sender HELO in blacklisted network warn condition = ${if match{$acl_m1}{warn}{yes}{no}} add_header = X-Warn-HELO-Blacklisted: ${if eq{$acl_m2}{}{HELO $sender_helo_name is blacklisted}{$acl_m2}} log_message = $acl_m0${if eq{${extract{pause}{$acl_m1}}}{}{}{: message delayed for ${extract{pause}{$acl_m1}}s}} # Pause в случае принадлежности HELO к blacklisted сетям # Pause if sender HELO in blacklisted network warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m15 = ${acl_m15}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n # Reject в случае принадлежности HELO к blacklisted сетям # Reject if sender HELO in blacklisted network deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} message = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} log_message = $acl_m0 # Defer в случае принадлежности HELO к blacklisted сетям # Defer if sender HELO in blacklisted network defer condition = ${if match{$acl_m1}{defer}{yes}{no}} message = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} log_message = $acl_m0 # Drop в случае принадлежности HELO к blacklisted сетям # Drop if sender HELO in blacklisted network drop condition = ${if match{$acl_m1}{drop}{yes}{no}} message = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} log_message = $acl_m0 # warn on verify helo warn ! verify = helo log_message = verify HELO ($sender_helo_name) # Прием почты для abuse адресов accept domains = +local_domains local_parts = postmaster : abuse set acl_m9 = abuse_or_postmaster=1 $acl_m9 set acl_m13 = abuse_or_postmaster=1 $acl_m13 # Проверка количества получателей в DSN warn senders = : condition = ${if >{$rcpt_count}{1} {1}} log_message = "Only one receipient accepted for NULL sender" ! hosts = +relay_from_hosts # Проверка рилея отправителя в blacklist-ах warn set acl_m1 = set acl_m0 = ${lookup{$sender_host_address}\ iplsearch{CONFDIR/access-relay}\ {${if eq{$value}{}{reject}{$value}}}\ {\ ${lookup{$sender_host_name}\ wildlsearch{CONFDIR/access-relay}\ {${if eq{$value}{}{reject}{$value}}}\ {no}}\ }} condition = ${if eq{$acl_m0}{no}{no}{yes}} set acl_m1 = ${extract{1}{:}{$acl_m0}} acl = normalize_action set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${if eq{$acl_m0}{}{relay $sender_host_name blacklisted${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} # set acl_m2 = ${if eq{$acl_m2}{}{Access from relay $sender_host_name denied according to the local policy}{$acl_m2}} # Pause в случае принадлежности хоста рилея к blacklisted сетям # Pause if sender host in blacklisted network warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m15 = ${acl_m15}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n # Reject в случае принадлежности хоста рилея к blacklisted сетям # Reject if sender host in blacklisted network deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} message = ${if eq{$acl_m2}{}{Access from relay $sender_host_name denied according to the local policy}{$acl_m2}} log_message = $acl_m0 # Defer в случае принадлежности хоста рилея к blacklisted сетям # Defer if sender host in blacklisted network defer condition = ${if match{$acl_m1}{defer}{yes}{no}} message = ${if eq{$acl_m2}{}{Access from relay $sender_host_name defered according to the local policy}{$acl_m2}} log_message = $acl_m0 # Drop в случае принадлежности хоста рилея к blacklisted сетям # Drop if sender host in blacklisted network drop condition = ${if match{$acl_m1}{drop}{yes}{no}} message = ${if eq{$acl_m2}{}{Access from relay $sender_host_name droped according to the local policy}{$acl_m2}} log_message = $acl_m0 # Warning в случае принадлежности хоста рилея к blacklisted сетям # Warning if sender host in blacklisted network warn condition = ${if match{$acl_m1}{warn}{yes}{no}} add_header = X-Warn-Relay-BlackListed: ${if eq{$acl_m2}{}{relay $sender_host_name is blacklisted}{$acl_m2}} log_message = $acl_m0 # Reject в случае принадлежности хоста рилея к listed сетям # Reject if sender host in listed network deny condition = ${if eq{$acl_m0}{no}{yes}{no}} hosts = +hosts_blacklisted message = Access from relay $sender_host_address denied according to the local policy log_message = Sender relay $sender_host_address blacklisted # Warning в случае принадлежности хоста рилея к listed сетям # Warning if sender host in listed network warn condition = ${if match{$acl_m0}{no}{yes}{no}} hosts = +hosts_blacklist_dialup add_header = X-Warn-Relay-BlackListed: Access from dial-up/dsl/cable relays denied /A record/ # Warning в случае принадлежности хоста рилея к listed сетям # Warning if sender host in listed network log_message = Access from dial-up/dsl/cable relays denied /A record/ # Block messages where the sender domain resolves to bad IPs warn set acl_m0 = skip condition = ${if eq{$sender_address_domain}{}{no}{yes}} condition = ${if match_domain{$sender_address_domain}\ {+local_domains }\ {no}{yes}} set acl_c2 = CONFDIR/access-mail-domain-a condition = ${lookup{$sender_address_domain}wildlsearch{$acl_c2}{\ ${if eq{${lc:$value}}{ok}{no}{yes}}\ }{yes}} set acl_m0 = warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} set acl_m1 = a=$sender_address_domain acl = acl_dnsdb condition = ${if eq{$acl_m2}{defer}{no}{yes}} acl = acl_iplsearch defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m2}{defer}{yes}{no}} log_message = Cannot resolve A record for sender domain $sender_address_domain message = Cannot resolve A record for sender domain $sender_address_domain warn set acl_m1 = condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} set acl_m1 = ${extract{1}{:}{$acl_m0}} acl = normalize_action set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m2 = ${if eq{$acl_m2}{}{Access denied}{$acl_m2}} set acl_m0 = ${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}} set acl_m0 = ${if eq{$acl_m0}{}{Domain of sender $sender_address_domain has bad A record${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m15 = ${acl_m15}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} log_message = $acl_m0 message = $acl_m2 defer condition = ${if match{$acl_m1}{defer}{yes}{no}} log_message = $acl_m0 message = $acl_m2 drop condition = ${if match{$acl_m1}{drop}{yes}{no}} log_message = $acl_m0 message = $acl_m2 warn condition = ${if match{$acl_m1}{warn}{yes}{no}} log_message = $acl_m0 add_header = X-Warn-Mail-A: $acl_m0 # Проверка хоста отправителя на принадлежность к relay_from_hosts, # если домен адреса отправителя является внутренним warn ! hosts = +relay_from_hosts condition = ${lookup{$sender_address_domain} \ wildlsearch{CONFDIR/domains-internal}{yes}{no}} log_message = internal domain $sender_address_domain in MAIL FROM command add_header = X-Warn-Internal: internal domain $sender_address_domain in MAIL FROM command warn ! hosts = +relay_from_hosts condition = ${if or{\ {eq{${lookup{$sender_address}\ wildlsearch{CONFDIR/domains-internal}{internal}{}}}\ {internal}}\ {eq{${lookup{$sender_address|from}\ wildlsearch{CONFDIR/domains-internal}{internal}{}}}\ {internal}}\ }{yes}{no}} log_message = internal address $sender_address in MAIL FROM command add_header = X-Warn-Internal: internal address $sender_address in MAIL FROM command # Проверка хоста отправителя на принадлежность к relay_from_hosts, # если домен адреса получателя является внутренним warn ! hosts = +relay_from_hosts domains = +internal_domains log_message = Internal domain $domain in RCPT TO command add_header = X-Warn-Internal: Internal domain $domain in RCPT TO command warn ! hosts = +relay_from_hosts condition = ${if or{\ {eq{${lookup{$sender_address}\ wildlsearch{CONFDIR/domains-internal}{internal}{}}}\ {internal}}\ {eq{${lookup{$sender_address|from}\ wildlsearch{CONFDIR/domains-internal}{internal}{}}}\ {internal}}\ }{yes}{no}} log_message = internal address $local_part@$domain in RCPT TO command add_header = X-Warn-Internal: internal address $local_part@$domain in RCPT TO command # Проверка хоста отправителя на принадлежность к relay_from_hosts, если адреса # отправителя и получателя совпадают и домен в них является локальным warn set acl_m1 = hosts = +relay_from_hosts set acl_m1 = skip warn authenticated = * set acl_m1 = skip warn condition = ${if eq{$acl_m1}{skip}{no}{yes}} domains = +local_domains condition = ${if eq{$sender_address}{$local_part@$domain}{yes}{no}} set acl_m1 = WARN acl = normalize_action set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} set acl_m0 = The same local addresses in MAIL FROM and RCPT TO from nonlocal relay set acl_m2 = Access denied warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m15 = ${acl_m15}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} log_message = $acl_m0 message = $acl_m2 defer condition = ${if match{$acl_m1}{defer}{yes}{no}} log_message = $acl_m0 message = $acl_m2 drop condition = ${if match{$acl_m1}{drop}{yes}{no}} log_message = $acl_m0 message = $acl_m2 warn condition = ${if match{$acl_m1}{warn}{yes}{no}} log_message = $acl_m0 add_header = X-Warn-Local: $acl_m0 # Проверка резолвинга рилея в реверсной зоне DNS warn set acl_m0 = no_skip warn authenticated = * set acl_m0 = skip warn hosts = +relay_from_hosts set acl_m0 = skip # временные проблемы резолвинга записи рилея в реверсной зоне DNS # для неисключаемых из проверки возвращаем warn, # если в confCHECK_RELAY_RESOLVE и confCHECK_RELAY_FORGED нет reject или defer warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{0}{yes}{no}} # condition = ${if eq{$host_lookup_deferred}{1}{yes}{no}} log_message = Cannot resolve PTR record for $sender_host_address add_header = X-Warn-Resolve: Cannot resolve PTR record for $sender_host_address # несовпадение записи рилея в прямой и реверсной зонах DNS # в confCHECK_RELAY_FORGED не указаны reject, deny и defer warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{no}{yes}} add_header = X-Warn-Resolve: IP name forged for $sender_host_address # отсутствие записи рилея в реверсной зоне DNS # в confCHECK_RELAY_RESOLVE не указаны reject, deny и defer warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{yes}{no}} add_header = X-Warn-Resolve: IP name lookup failed for $sender_host_address log_message = IP name lookup failed for $sender_host_address\ # Проверка адреса отправителя warn set acl_m12 = deny \ hosts = !+skip_verify_sender ! authenticated = * ! senders = @@wildlsearch;CONFDIR/skip_verify_sender_mail ! verify = sender/callout=120s${acl_m12} # condition = ${if eq{$sender_verify_failure}{recipient}{yes}{no}} warn set acl_m0 = hosts = !+relay_from_hosts ! authenticated = * condition = ${if !match {${extract{2}{:}{$acl_m_smtp_command_mail_from}}}{\N^\s*<.*>\N}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = Go and read RFC2821. The angle brackets in MAIL FROM command are a requirement set acl_m0 = "$acl_m_smtp_command_mail_from" - MAIL FROM address without angle brackets warn condition = ${if eq{$acl_m0}{}{no}{yes}} add_header = X-Warn-Mail: $acl_m0 log_message = $acl_m0 warn condition = ${if eq{$acl_m0}{}{no}{yes}} delay = 20s set acl_m15 = ${acl_m15}\t\ delay=20s\t\t\ $acl_m0\n warn set acl_m0 = hosts = !+relay_from_hosts ! authenticated = * condition = ${if !match {${extract{2}{:}{$acl_m_smtp_command_rcpt_to}}}{\N^\s*<.*>\N}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = Go and read RFC2821. The angle brackets in RCPT TO command are a requirement set acl_m0 = "$acl_m_smtp_command_rcpt_to" - RCPT TO address without angle brackets warn condition = ${if eq{$acl_m0}{}{no}{yes}} add_header = X-Warn-Rcpt: $acl_m0 log_message = $acl_m0 warn condition = ${if eq{$acl_m0}{}{no}{yes}} delay = 20s set acl_m15 = ${acl_m15}\t\ delay=20s\t\t\ $acl_m0\n # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : helo.rbl.mx.org.ua set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain delay = 30s set acl_m15 = ${acl_m15}\t\ delay=30s\t\t\ $sender_host_address is in a black list at $dnslist_domain\n deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : rcpt.rbl.mx.org.ua set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain delay = 30s set acl_m15 = ${acl_m15}\t\ delay=30s\t\t\ $sender_host_address is in a black list at $dnslist_domain\n deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +defer_unknown : dul.ru set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : dul.dnsbl.sorbs.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : dialups.mail-abuse.org set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : dynablock.easynet.nl set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : dynablock.njabl.org set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : bl.spamcop.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : cbl.abuseat.org set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : new.dnsbl.sorbs.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : smtp.dnsbl.sorbs.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : http.dnsbl.sorbs.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain # Проверка хоста рилея отправителя в DNSBL warn set acl_m0 = no hosts = !+skip_dnsbl_check dnslists = +exclude_unknown : socks.dnsbl.sorbs.net set acl_m0 = yes add_header = X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain deny condition = $acl_m0 message = rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain log_message = $sender_host_address is in a black list at $dnslist_domain # Использование серых списков с кешем в DBM # определяем необходимость использования "серого списка" warn set acl_m0 = no_skip warn ! domains = +greylist_domains : +local_domains set acl_m0 = skip warn authenticated = * set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for authenticated sender\n warn hosts = +skip_greylist_hosts : +relay_from_hosts set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for +skip_greylist_hosts or +relay_from_hosts\n warn condition = ${if eq{$local_part}{postmaster}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for postmaster address\n warn condition = ${if eq{$local_part}{abuse}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for abuse address\n warn condition = ${if eq{$sender_address_local_part}{}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for empty sender address\n warn condition = ${if eq{$sender_address_local_part}{postmaster}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for postmaster sender address local part\n warn condition = ${lookup{$sender_host_address|$sender_address|$local_part@$domain}\ lsearch{CONFDIR/skip_greylist}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist by triplet of sender host address, sender address and recipient address\n warn recipients = @@wildlsearch;CONFDIR/skip_greylist_recipients set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist by recipient address\n warn senders = @@wildlsearch;CONFDIR/skip_greylist_senders set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist sender address\n # если использовать серый список необходимо, # ищем запись о рилее/отправителе/получателе в "сером списке" warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} set acl_m0 = ${lookup{0.0.0.0|$sender_address|$local_part@$domain}\ dbm{/var/spool/exim/db/greylist.db}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if <{${extract{record_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} set acl_m0 = warn condition = ${if eq{$acl_m0}{}{yes}{no}} set acl_m0 = ${lookup{$sender_host_address|$sender_address|$local_part@$domain}\ dbm{/var/spool/exim/db/greylist.db}} # время блокировки записи в "сером списке" больше нуля # если запись в "сером списке" не найдена, создаем ее defer condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if eq{\ ${perl{dbm_save}{/var/spool/exim/db/greylist.db}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${eval:$tod_epoch+9*60} \ record_expires=${eval:$tod_epoch+300*60} \ blocked_count=1 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} message = Message delayed. Please try again later log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain # если запись в "сером списке" найдена, но истек record_expires defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if <{${extract{record_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} condition = ${if eq{\ ${perl{dbm_save}{/var/spool/exim/db/greylist.db}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${eval:$tod_epoch+9*60} \ record_expires=${eval:$tod_epoch+300*60} \ blocked_count=1 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} message = Message delayed. Please try again later log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain # если запись в "сером списке" найдена, но не истек block_expires defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if >{${extract{block_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} condition = ${if eq{\ ${perl{dbm_save}{/var/spool/exim/db/greylist.db}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${extract{block_expires}{$acl_m0}} \ record_expires=${extract{record_expires}{$acl_m0}} \ blocked_count=${eval:${extract{blocked_count}{$acl_m0}}+1} \ passed_count=${extract{passed_count}{$acl_m0}} \ aborted_count=${extract{aborted_count}{$acl_m0}} \ origin_type=${extract{origin_type}{$acl_m0}} \ create_time=${extract{create_time}{$acl_m0}} \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} message = Message delayed. Please try again later log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain # если запись в "сером списке" найдена, block_expires истек, а record_expires не истек warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if eq{\ ${perl{dbm_save}{/var/spool/exim/db/greylist.db}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${extract{block_expires}{$acl_m0}} \ record_expires=${eval:$tod_epoch+36*24*60*60} \ blocked_count=${extract{blocked_count}{$acl_m0}} \ passed_count=${eval:${extract{passed_count}{$acl_m0}}+1} \ aborted_count=${extract{aborted_count}{$acl_m0}} \ origin_type=${extract{origin_type}{$acl_m0}} \ create_time=${extract{create_time}{$acl_m0}} \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} set acl_m15 = ${acl_m15}\t\ skip greylist: blocking time have expired but record TTL does not\n # Прием почты для получателей из локальных доменов accept domains = +local_domains endpass # Прием почты для получателей из доменов MS Exchange accept domains = +exchange_domains endpass # Отказ в приеме остальной почты deny message = Relay not permitted. Proper authentication required acl_check_predata: deny condition = ${if eq{$acl_m16}{}{no}{yes}} log_message = ${extract{1}{|}{$acl_m16}} message = ${extract{2}{|}{$acl_m16}} logwrite = original recipients: $recipients accept acl_check_mime: accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m13}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m13}}}{1}}\ {eq{${extract{authenticated}{$acl_m13}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m13}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m13}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m13}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m13}}}{1}}\ }{yes}{no}} accept acl_check_data: warn condition = ${if eq{$acl_m6}{}{no}{yes}} control = fakereject/${extract{3}{|}{$acl_m6}} log_message = ${extract{1}{|}{$acl_m6}} add_header = ${extract{2}{|}{$acl_m6}} add_header = X-Original-Recipients: $recipients logwrite = original recipients: $recipients warn set acl_m4 = warn set acl_m6 = warn set acl_m6 = ${if eq{$acl_m6}{}{$acl_m6:}}X-Spam-Checker-Version:X-Spam-Info:X-Spam-Score:X-Spam-Status:X-Spam-Report:X-Spam-Flag:X-Spam-Level:X-Spam-Action:X-Spam-Original-Recipients # Content Scanning # проверяем, надо ли делать исключение из проверки warn set acl_m5 = no_skip # делаем исключение, если это письмо для postmaster или abuse warn condition = ${if eq{${extract{abuse_or_postmaster}{$acl_m13}}}{1}{yes}{no}} set acl_m4 = ${acl_m4}\ X-Spam-Info: skip content checks on $primary_hostname for abuse addresses\n logwrite = skip content checks for abuse addresses set acl_m5 = skip # делаем исключение, если хост отправителя указан в глобальном white list warn condition = ${if eq{${extract{white_list_relays}{$acl_m13}}}{1}{yes}{no}} set acl_m4 = ${acl_m4}\ X-Spam-Info: skip content checks on $primary_hostname for white listed relay ($sender_host_address)\n logwrite = skip content checks for white listed relay set acl_m5 = skip warn condition = ${if eq{${extract{white_list_senders}{$acl_m13}}}{1}{yes}{no}} set acl_m4 = ${acl_m4}\ X-Spam-Info: skip content checks on $primary_hostname for white listed sender ($sender_address)\n logwrite = skip content checks for white listed sender set acl_m5 = skip # делаем исключение, если хост отправителя указан в +relay_from_hosts warn hosts = +relay_from_hosts set acl_m4 = ${acl_m4}\ X-Spam-Info: skip content checks on $primary_hostname for relay from host ($sender_host_address)\n logwrite = skip content checks for relay from host set acl_m5 = skip # делаем исключение, если отправитель аутентифицировался warn authenticated = * set acl_m4 = ${acl_m4}\ X-Spam-Info: skip content checks on $primary_hostname for authenticated sender\n logwrite = skip content checks for authenticated sender set acl_m5 = skip # делаем исключение, если размер сообщения превышает confCONTENT_SCANNING_MAX_MSG_SIZE warn condition = ${if >{$message_size}{192k}{yes}{no}} set acl_m4 = ${acl_m4}\ X-Spam-Info: skip content checks on $primary_hostname for large message ($message_size>192k)\n logwrite = skip content checks for large message (>192k) set acl_m5 = skip warn condition = ${if eq{$acl_m17}{quarantined}{yes}{no}} logwrite = original recipients: $recipients add_header = X-Original-Recipients: $recipients # Антивирусные проверки # Присвоение значения флагу warn set acl_c0 = clean # Проверка письма warn set acl_c1 = $acl_c0 set acl_c0 = clean set acl_m0 = clamd:/var/run/clamav/clamd set acl_m1 = skip_no_mbox_unspool set acl_m1 = check_no_mbox_unspool acl = acl_check_data_av warn condition = ${if eq{$acl_c0}{clean}{yes}{no}} add_header = X-AV-Status: ClamAV on $primary_hostname at $tod_log: clean # Отмена удаления проверяемого письма из /var/spool/exim/scan в случае # DEFERа от антивируса # в параметреах был указан defer_no_mbox_unspool warn \ condition = ${if eq{$acl_m1}{check_no_mbox_unspool}{yes}{no}} condition = ${if eq{$acl_c0}{defer}{yes}{no}} control = no_mbox_unspool log_message = ClamAV: error while scanning message\ , spool files will not be deleted\ add_header = X-AV-Status: ClamAV on $primary_hostname at $tod_log: deferred\ , mbox will not be unspooled\ # Фиктивный отказ от приема зараженного письма с пометкой письма # для помещения в карантин # REJECT, QUARANTINE warn \ condition = ${if eq{$acl_c0}{infected}{yes}{no}} set acl_c0 = quarantine control = fakereject/ClamAV found a virus: $malware_name logwrite = original recipients: $recipients add_header = X-AV-Status: ClamAV on $primary_hostname at $tod_log: \ infected, malware $malware_name has been found\n\ X-Original-Recipients: $recipients log_message = ClamAV found a virus: $malware_name set acl_m7 = $acl_m7\ |ClamAV\ |$malware_name\ |/var/quarantine/AV/ClamAV/${malware_name}/${message_id}\ |"AntiVirus Admin "\ |$recipients\ |NEXT_PART_${sg{${tod_log}.${message_id}.${qualify_domain}.ClamAV}{\N\s\N}{.}}\ |${sg{CONFDIR/antivir_notification.txt}{CONFDIR}{/usr/local/etc/exim}} accept condition = ${if eq{$acl_c0}{quarantine}{yes}{no}} warn hosts = +relay_from_hosts condition = ${if def:h_Message-ID:{no}{yes}} add_header = Message-ID: warn authenticated = * condition = ${if def:h_Message-ID:{no}{yes}} add_header = Message-ID: warn condition = ${if def:h_Date:{no}{yes}} add_header = Date: $tod_full accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m13}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m13}}}{1}}\ {eq{${extract{authenticated}{$acl_m13}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m13}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m13}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m13}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m13}}}{1}}\ }{yes}{no}} acl = acl_smtp_data_before_accept add_header = X-Original-Recipients: $recipients # Проверка поля X-Mailer warn sender_domains = aol.com condition = ${if match {$header_X-Mailer:}{\N(?i)(aol|atlas|AIM WebMail)\N}{no}{yes}} add_header = X-Warn-Mailer: not AOL mailer log_message = not AOL mailer warn condition = ${if match {$header_X-Mailer:}{\N(?i)^The Bat\N}{yes}{no}} condition = ${if def:header_X-MSMail-Priority: {yes}{no}} add_header = X-Warn-Mailer: forged The Bat mailer log_message = forged The Bat mailer logwrite = original recipients: $recipients # Проверка наличия 8-битных символов в полях заголовка warn condition = ${if match {$rh_subject:}{\N(?m)[\x80-\xFF]\N} {yes}{no}} log_message = 8-bit characters not allowed in subject add_header = X-Warn-8bit-Header: 8-bit characters not allowed in subject warn condition = ${if match {$rh_from:} {\N(?m)[\x80-\xFF]\N} {yes}{no}} log_message = 8-bit characters not allowed in header addresses add_header = X-Warn-8bit-Header: 8-bit characters not allowed in header address # SpamAssassin # добавляем информацию о версии spamassassin warn set acl_m4 = ${acl_m4}\ X-Spam-Checker-Version: SpamAssassin Server version 3.1.8 on $primary_hostname\n warn condition = ${if eq{$acl_m5}{skip}{no}{yes}} acl = acl_check_data_sa warn set acl_m0 = condition = ${if eq{$acl_m5}{skip}{no}{yes}} condition = ${if eq{$acl_c0}{defer}{no}{yes}} condition = ${if eq{$spam_score_int}{}{no}{yes}} condition = ${if <{$spam_score_int}{100}{no}{yes}} set acl_m0 = certainly_spam warn condition = ${if eq{$acl_m5}{skip}{no}{yes}} condition = ${if eq{$acl_c0}{defer}{yes}{no}} set acl_m4 = ${acl_m4}\ X-Spam-Info: spamd connection deferred on $primary_hostname\n log_message = spamd connection deferred # Add X-Spam-Flag if spam is over system-wide threshold warn condition = ${if eq{$acl_m5}{skip}{no}{yes}} condition = ${if eq{$acl_c0}{defer}{no}{yes}} spam = mailnull set acl_m4 = ${sg{${acl_m4}}{\NX-Spam-Status: No\N}{X-Spam-Status: Yes}}\ X-Spam-Flag: YES\n\ X-Spam-Original-Recipients: $recipients\n logwrite = probably spam (score: $spam_score) # Reject and quarantine spam messages if spam score is over confSPAMASSASSIN_ACTION_SCORE warn condition = ${if eq{$acl_m0}{certainly_spam}{yes}{no}} control = fakereject/Spam is blocked (${message_id}) logwrite = Spam is blocked and quarantined ($spam_score ($spam_bar)) set acl_m4 = ${acl_m4}\ X-Spam-Action: quarantined${if match{$spam_report}{BAYES_99}{}{ for learning}}\n\ \texim-conf version=4.64/2007-Nov-25 00:16/2007-11-25 23:56\n\ $acl_m15 accept condition = ${if eq{$acl_m0}{certainly_spam}{yes}{no}} logwrite = original recipients: $recipients warn acl = acl_smtp_data_before_accept accept acl_smtp_data_before_accept: accept acl_dnsdb: # acl_m1 - запрос в виде тип_записи=аргумент # acl_m2 - результат запроса или defer в случае defer-а accept set acl_m2 = defer set acl_m2 = ${lookup dnsdb{$acl_m1}} accept set acl_m2 = acl_wildlsearch: # acl_m0 - результат # acl_m2 - список ключей # acl_c2 - путь к файлу данных accept condition = ${if eq{$acl_m2}{}{yes}{no}} warn set acl_m3 = ${extract{1}{\n}{$acl_m2}} set acl_m2 = ${sg{$acl_m2}{\N^.+\n?\N}{}} warn set acl_m0 = ${lookup{$acl_m3}wildlsearch{$acl_c2}{\ ${if eq{$value}{}{yes}{$value}}}{}} accept condition = ${if eq{$acl_m0}{}{no}{yes}} warn acl = acl_wildlsearch accept acl_iplsearch: # acl_m0 - результат # acl_m2 - список A записей # acl_c2 - путь к файлу со списком сетей и хостов accept condition = ${if eq{$acl_m2}{}{yes}{no}} warn set acl_m3 = ${extract{1}{\n}{$acl_m2}} set acl_m2 = ${sg{$acl_m2}{\N^.+\n?\N}{}} warn set acl_m0 = ${lookup{$acl_m3}iplsearch{$acl_c2}{\ ${if eq{$value}{}{yes}{$value}}}{}} accept condition = ${if eq{$acl_m0}{}{no}{yes}} warn acl = acl_iplsearch accept acl_ptrlist_iplsearch: # acl_m0 - результат # acl_m2 - список PTR записей # acl_c2 - путь к файлу со списком сетей и хостов accept condition = ${if eq{$acl_m2}{}{yes}{no}} warn set acl_m11 = ${extract{1}{\n}{$acl_m2}} set acl_m1 = ${sg{$acl_m2}{\N^.+\n?\N}{}} set acl_m2 = ${lookup dnsdb{a=$acl_m11}} acl = acl_iplsearch accept condition = ${if eq{$acl_m0}{}{no}{yes}} warn set acl_m2 = $acl_m1 warn acl = acl_ptrlist_iplsearch accept normalize_action: accept set acl_m1 = ${sg{${sg{${sg{${sg{${sg{${sg{${sg{\ ${lc:$acl_m1}\ }{\N^\s+\N}{}}\ }{\N\s+$\N}{}}\ }{:}{=}}\ }{warn}{warn=yes}}\ }{deny}{reject}}\ }{delay}{pause}}\ }{greylisting}{greylist}} acl_check_data_av: warn set acl_c0 = defer accept ! malware = * set acl_c0 = clean warn set acl_c0 = infected accept acl_check_data_sa: warn set acl_c0 = defer # Always add X-Spam-Score and X-Spam-Report headers, using spamassassin system-wide settings warn condition = ${if eq{$acl_m5}{skip}{no}{yes}} spam = mailnull:true set acl_m4 = ${acl_m4}\ X-Spam-Score: $spam_score ($spam_bar)\n\ ${sg{\ ${sg{X-Spam-Report: $spam_report\n}{\N\n\s+(X-Spam-\S*:\s)\N}{\n\$1}}\ }{\N\n\s+(X-Daemon-Classification:\s)\N}{\n\$1}} set acl_c0 = accept condition = ${if eq{$acl_c0}{defer}{yes}{no}} warn set acl_c0 = nospam spam = mailnull set acl_c0 = spam accept ###################################################################### # ROUTERS CONFIGURATION # # Specifies how addresses are handled # ######################################################################