dnl dnl проверка наличия записи рилея в реверсной зоне DNS dnl dnl NO - не проводить проверку dnl WARN - вывод в лог файл предупреждения dnl DEFER - возврата клиенту кода 451 dnl REJECT - возврата клиенту кода 5xx, если запись отсутствует в реверсной зоне dnl и 451 в случае проблем с резолвингом dnl GREYLIST:XX - добавить XX баллов к счетчику опционального грейлистинга dnl DELAY:XX - задержка XX секунд перед ответом на RCPT TO dnl define(`confCHECK_RELAY_RESOLVE', `WARN')dnl dnl dnl проверка совпадения записей рилея в прямой и реверсной зонах DNS dnl (проверка работает только если переменная confCHECK_RELAY_RESOLVE не установлена в NO) dnl NO - не проводить проверку dnl WARN - вывод в лог файл предупреждения dnl DEFER - возврата клиенту кода 451 dnl REJECT - возврата клиенту кода 5xx dnl GREYLIST:XX - добавить XX баллов к счетчику опционального грейлистинга dnl DELAY:XX - задержка XX секунд перед ответом на RCPT TO dnl define(`confCHECK_RELAY_FORGED', `WARN')dnl dnl dnl исключеня из проверки резолвинга в реверсной зоне (список) dnl NO - не делать исключений из проверки резолвинга в реверсной зоне dnl AUTH - не проводить проверку аутентифицированных отправителей dnl RELAY_FROM - не проводить проверку исходящих сообщений dnl WARN - вывод в лог файл предупреждения dnl define(`confCHECK_RELAY_RESOLVE_SKIP', `AUTH RELAY_FROM')dnl dnl в confCHECK_RELAY_RESOLVE_SKIP могут быть указаны несколько значений, разделеные пробелом dnl dnl exim должен быть скомпилирован с поддержкой dnsdb dnl # Проверка резолвинга рилея в реверсной зоне DNS warn set acl_m0 = no_skip ifelse_strstr(confCHECK_RELAY_RESOLVE_SKIP, `AUTH', `dnl warn authenticated = * set acl_m0 = skip ') ifelse_strstr(confCHECK_RELAY_RESOLVE_SKIP, `RELAY_FROM', `dnl warn hosts = +relay_from_hosts set acl_m0 = skip ') # временные проблемы резолвинга записи рилея в реверсной зоне DNS ifelse_strstr(confCHECK_RELAY_RESOLVE_SKIP, `WARN', ` # возвращаем warn для исключений warn condition = ${if eq{$acl_m0}{skip}{yes}{no}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{0}{yes}{no}} log_message = Cannot resolve PTR record for $sender_host_address message = X-Warn-Resolve: Cannot resolve PTR record for $sender_host_address ') ifelse_strstr(confCHECK_RELAY_RESOLVE, `WARN', ` warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{0}{yes}{no}} message = X-Warn-Resolve: Cannot resolve PTR record for $sender_host_address log_message = Cannot resolve PTR record for $sender_host_address ', ` # возвращаем defer лишь в случае, если confCHECK_RELAY_RESOLVE равно DEFER или REJECT defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{0}{yes}{no}} log_message = Cannot resolve PTR record for $sender_host_address message = Access temporarily denied. \ Cannot resolve PTR record for $sender_host_address ') # несовпадение записи рилея в прямой и реверсной зонах DNS ifelse_strstr(confCHECK_RELAY_RESOLVE_SKIP, `WARN', ` # возвращаем warn для исключений warn condition = ${if eq{$acl_m0}{skip}{yes}{no}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{no}{yes}} log_message = IP name forged for $sender_host_address message = X-Warn-Resolve: IP name forged for $sender_host_address ') ifelse_strstr(confCHECK_RELAY_FORGED, `WARN', ` warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{no}{yes}} log_message = IP name forged for $sender_host_address message = X-Warn-Resolve: IP name forged for $sender_host_address ') ifelse_strstr(confCHECK_RELAY_FORGED, `DEFER', ` defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{no}{yes}} log_message = IP name forged for $sender_host_address message = Access temporarily denied. \ IP name forged for $sender_host_address ') ifelse_strstr(confCHECK_RELAY_FORGED, `REJECT', ` deny condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{no}{yes}} message = IP name forged for $sender_host_address ') ifelse_strstr(confCHECK_RELAY_FORGED, `GREYLIST', ` warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{no}{yes}} set acl_c8 = scores=${eval:${extract{scores}{$acl_c8}}+_DELCHAR_(_DELSUBSTR_(_DELSUBSTR_(_DELSUBSTR_(confCHECK_RELAY_FORGED,`MAIL'),`RCPT'),`GREYLIST:'),` ')} \ log_message="${extract{log_message}{$acl_c8}} IP name forged;" ') ifelse_strstr(confCHECK_RELAY_FORGED, `DELAY', ` warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{no}{yes}} log_message = IP name forged for $sender_host_address. Delayed for _DELCHAR_(_DELSUBSTR_(_DELSUBSTR_(_DELSUBSTR_(confCHECK_RELAY_FORGED,`MAIL'),`RCPT'),`DELAY:'),` ')sec delay = _DELCHAR_(_DELSUBSTR_(_DELSUBSTR_(_DELSUBSTR_(confCHECK_RELAY_FORGED,`MAIL'),`RCPT'),`DELAY:'),` ')s ') # отсутствие записи рилея в реверсной зоне DNS ifelse_strstr(confCHECK_RELAY_RESOLVE_SKIP, `WARN', ` # возвращаем warn для исключений warn condition = ${if eq{$acl_m0}{skip}{yes}{no}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{yes}{no}} log_message = IP name lookup failed for $sender_host_address message = X-Warn-Resolve: IP name lookup failed for $sender_host_address ') ifelse_strstr(confCHECK_RELAY_RESOLVE, `WARN', ` warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{yes}{no}} log_message = IP name lookup failed for $sender_host_address message = X-Warn-Resolve: IP name lookup failed for $sender_host_address ') ifelse_strstr(confCHECK_RELAY_RESOLVE, `DEFER', ` defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{yes}{no}} message = Access temporarily denied. \ = IP name lookup failed for $sender_host_address ') ifelse_strstr(confCHECK_RELAY_RESOLVE, `REJECT', ` deny condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{yes}{no}} message = IP name lookup failed for $sender_host_address ') ifelse_strstr(confCHECK_RELAY_RESOLVE, `GREYLIST', ` warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{yes}{no}} set acl_c8 = scores=${eval:${extract{scores}{$acl_c8}}+_DELCHAR_(_DELSUBSTR_(_DELSUBSTR_(_DELSUBSTR_(confCHECK_RELAY_RESOLVE,`MAIL'),`RCPT'),`GREYLIST:'),` ')} \ log_message="${extract{log_message}{$acl_c8}} IP name failed;" ') ifelse_strstr(confCHECK_RELAY_RESOLVE, `DELAY', ` warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} condition = ${if eq{$acl_c7}{}{yes}{no}} log_message = IP name lookup failed for $sender_host_address. Delayed for _DELCHAR_(_DELSUBSTR_(_DELSUBSTR_(_DELSUBSTR_(confCHECK_RELAY_RESOLVE,`MAIL'),`RCPT'),`DELAY:'),` ')sec delay = _DELCHAR_(_DELSUBSTR_(_DELSUBSTR_(_DELSUBSTR_(confCHECK_RELAY_RESOLVE,`MAIL'),`RCPT'),`DELAY:'),` ')s ')