dnl dnl использование серых списков dnl dnl NO - не использовать серые списки dnl YES - использовать серые списки dnl LEARN - использовать серые списки в режиме обучения (аналог define(`confGREYLIST_BLOCKED', `0')) dnl BLOCK_FIRST_ONLY - использовать серые списки в режиме блокирования только первого письма dnl (аналог define(`confGREYLIST_BLOCKED', `-1')) dnl OPTIONAL - опциональный грейлистинг dnl define(`confGREYLIST', `NO')dnl dnl dnl режим обучения: dnl define(`confGREYLIST_BLOCKED', `0')dnl dnl время блокировки записи в "сером списке" равно нулю dnl (принимаем все сообщения, производится лишь обучение кеша) dnl dnl режим обучения с блокированием лишь первой попытки отправки почты: dnl define(`confGREYLIST_BLOCKED', `-1')dnl dnl время блокировки записи в "сером списке" меньше нуля dnl (первое сообщение задерживается, остальные пропускаются) dnl dnl время блокировки записи в "сером списке" в минутах dnl define(`confGREYLIST_BLOCKED', `55')dnl dnl dnl минимальное время жизни записи в "сером списке" в минутах dnl define(`confGREYLIST_RECORD_EXPIRE_MIN', `300')dnl dnl dnl время жизни записи в "сером списке" в днях dnl define(`confGREYLIST_RECORD_EXPIRE', `36')dnl dnl dnl тип backend'а для подсистемы серых списков dnl DBM - использовать Berkeley DB dnl SQLITE - использовать SQLite dnl MYSQL - использовать MySQL dnl define(`confGREYLIST_BACKEND', `DBM')dnl dnl dnl пути к файлам кеша серых списков dnl define(`confGREYLIST_DBM_CACHE', `confSPOOLDIR/db/greylist.dbm')dnl dnl define(`confGREYLIST_SQLITE_CACHE', `confSPOOLDIR/db/greylist.db')dnl dnl dnl при SQLITE в confGREYLIST_BACKEND: dnl dnl define(`confGREYLIST_SQLITE_SELECT_PRELOAD', `\ dnl SELECT * FROM greylist \ dnl WHERE sender_host_address="0.0.0.0" AND sender_address="${quote_sqlite:$local_part@$domain}" AND recipient_address="${quote_sqlite:$sender_address}";')dnl dnl define(`confGREYLIST_SQLITE_UPDATE_PRELOAD', `\ dnl UPDATE greylist \ dnl SET block_expires=$tod_epoch, record_expires=${eval:$tod_epoch+confGREYLIST_ADDR_PRELOAD_TTL*60}, blocked_count=0, passed_count=0, aborted_count=0, origin_type="AUTO", create_time=$tod_epoch, last_update=$tod_epoch \ dnl WHERE sender_host_address="0.0.0.0" AND sender_address="${quote_sqlite:$local_part@$domain}" AND recipient_address="${quote_sqlite:$sender_address}";')dnl dnl define(`confGREYLIST_SQLITE_INSERT_PRELOAD', `\ dnl INSERT INTO greylist (sender_host_address, sender_address, recipient_address, block_expires, record_expires, blocked_count, passed_count, aborted_count, origin_type, create_time, last_update) \ dnl VALUES ("0.0.0.0", "${quote_sqlite:$local_part@$domain}", "${quote_sqlite:$sender_address}", $tod_epoch, ${eval:$tod_epoch+confGREYLIST_ADDR_PRELOAD_TTL*60}, 0, 0, 0, "AUTO", $tod_epoch, $tod_epoch);')dnl dnl dnl define(`confGREYLIST_SQLITE_CHECK_PRELOAD', `\ dnl SELECT * FROM greylist \ dnl WHERE sender_host_address="0.0.0.0" AND sender_address="${quote_sqlite:$sender_address}" AND recipient_address="${quote_sqlite:$local_part@$domain}";')dnl dnl define(`confGREYLIST_SQLITE_DELETE_PRELOAD', `\ dnl DELETE FROM greylist \ dnl WHERE sender_host_address="0.0.0.0" AND sender_address="${quote_sqlite:$sender_address}" AND recipient_address="${quote_sqlite:$local_part@$domain}";')dnl dnl dnl define(`confGREYLIST_SQLITE_SELECT', `\ dnl SELECT * FROM greylist \ dnl WHERE sender_host_address="${quote_sqlite:$sender_host_address}" AND sender_address="${quote_sqlite:$sender_address}" AND recipient_address="${quote_sqlite:$local_part@$domain}";')dnl dnl dnl define(`confGREYLIST_SQLITE_INSERT', `\ dnl INSERT INTO greylist (sender_host_address, sender_address, recipient_address, block_expires, record_expires, blocked_count, passed_count, aborted_count, origin_type, create_time, last_update) \ dnl VALUES ("$sender_host_address", "${quote_sqlite:$sender_address}", "${quote_sqlite:$local_part@$domain}", ${eval:$tod_epoch+confGREYLIST_BLOCKED*60}, ${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60}, 1, 0, 0, "AUTO", $tod_epoch, $tod_epoch);')dnl dnl define(`confGREYLIST_SQLITE_UPDATE_INIT', `\ dnl UPDATE greylist \ dnl SET block_expires=${eval:$tod_epoch+confGREYLIST_BLOCKED*60}, record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60}, blocked_count=1, passed_count=0, aborted_count=0, origin_type="AUTO", create_time=$tod_epoch, last_update=$tod_epoch \ dnl WHERE sender_host_address="$sender_host_address" AND sender_address="${quote_sqlite:$sender_address}" AND recipient_address="${quote_sqlite:$local_part@$domain}";')dnl dnl define(`confGREYLIST_SQLITE_UPDATE_BLOCK', `\ dnl UPDATE greylist \ dnl SET blocked_count=blocked_count+1, last_update=$tod_epoch \ dnl WHERE sender_host_address="$sender_host_address" AND sender_address="${quote_sqlite:$sender_address}" AND recipient_address="${quote_sqlite:$local_part@$domain}";')dnl dnl define(`confGREYLIST_SQLITE_UPDATE_PASS', `\ dnl UPDATE greylist \ dnl SET record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE*24*60*60}, passed_count=passed_count+1, last_update=$tod_epoch \ dnl WHERE (sender_host_address="$sender_host_address" OR sender_host_address="0.0.0.0") AND sender_address="${quote_sqlite:$sender_address}" AND recipient_address="${quote_sqlite:$local_part@$domain}";')dnl dnl dnl define(`confGREYLIST_SQLITE_LEARN_INSERT', `\ dnl INSERT INTO greylist (sender_host_address, sender_address, recipient_address, block_expires, record_expires, blocked_count, passed_count, aborted_count, origin_type, create_time, last_update) \ dnl VALUES ("$sender_host_address", "${quote_sqlite:$sender_address}", "${quote_sqlite:$local_part@$domain}", $tod_epoch, ${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60}, 1, 0, 0, "AUTO", $tod_epoch, $tod_epoch);')dnl dnl define(`confGREYLIST_SQLITE_LEARN_UPDATE_INIT', `\ dnl UPDATE greylist \ dnl SET block_expires=$tod_epoch, record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60}, blocked_count=1, passed_count=0, aborted_count=0, origin_type="AUTO", create_time=$tod_epoch, last_update=$tod_epoch \ dnl WHERE sender_host_address="$sender_host_address" AND sender_address="${quote_sqlite:$sender_address}" AND recipient_address="${quote_sqlite:$local_part@$domain}";')dnl dnl dnl define(`confGREYLIST_SQLITE_DELETE_EXPIRED', `DELETE FROM greylist WHERE block_expires < strftime(\"%s\",\"now\");')dnl dnl dnl dnl исключения из greylisting'а: dnl AUTH - исключения для аутентифицированных отправителей dnl FROM_<> - исключения для писем от пустого отправителя dnl FROM_POSTMASTER - исключения для писем от postmaster@ dnl TO_POSTMASTER - исключения для писем для postmaster@ dnl TO_ABUSE - исключения для писем для abuse@ dnl SPF_PASS - исключения для писем, успешно прошедших проверку соответствия хоста отправителя SPF записи домена отправителя dnl TLS_PASS - исключения для писем, при отправке которых использовался STARTTLS dnl define(`confGREYLIST_SKIP', `AUTH FROM_<> FROM_POSTMASTER TO_POSTMASTER TO_ABUSE') dnl dnl сообщение, возвращаемое клиенту при задержке почтового сообщения dnl define(`confGREYLIST_MESSAGE', `Message delayed as part of spam avoidance measure')dnl dnl define(`confGREYLIST_MESSAGE', `System too busy. Please try again later')dnl dnl define(`confGREYLIST_MESSAGE', `Temporary local problem - please try later')dnl dnl define(`confGREYLIST_MESSAGE', `Greylisted')dnl dnl dnl домены получателей, проверяемые по серым спискам, перечисляются в domains-greylist dnl хосты и сети, исключаемые из проверки по серым спискам, перечисляются в skip_greylist_relays dnl списки отправителей, исключаемых из проверки по серым спискам, перечисляются в файле skip_greylist_senders dnl список указывается в виде: dnl domain : addr1 : addr2 : addr3 dnl пример: dnl zuper.domain.com : user : info : admin dnl списки отправителей, исключаемых из проверки по серым спискам, перечисляются в файле skip_greylist_recipients dnl список указывается в виде: dnl domain : addr1 : addr2 : addr3 dnl пример: dnl zuper.domain.com : user : info : admin dnl триплеты адрес_рилея/адрес_отправителя/адрес_получателя, исключаемые из проверки по серым спискам, dnl перечисляются в файле skip_greylist в виде: dnl A.B.C.D|sender@domain1.tld|recipient@domain2.tld dnl пример: dnl 113.130.15.19|corvax@test.org.ua|test@local.domain dnl dnl страны, сети которых будут исключены из skip_greylist_relays dnl define(`confGREYLIST_COUNTRIES', `ar br cl cn co hk jp kr mx ng pe ph th tw')dnl dnl команда получения списка сетей по странам dnl define(`confGREYLIST_COUNTRIES_SYNC', `rsync -avz rsync://rsync.blackholes.us/zones/countries/${COUNTRY}.txt ../countries/${COUNTRY}.txt')dnl dnl dnl количество баллов, при которых письмо задерживается (применяется при define(`confGREYLIST', `OPTIONAL')) dnl define(`confGREYLIST_BLOCKED_OPTIONAL', `10')dnl dnl dnl использование динамических серых списков рилеев (при GREYLIST в confCHECK_MESSAGE_ID или SUBMIT_GREYLIST_* в confSPAMASSASSIN_ACTION) dnl NO - не использовать динамические серые списки рилеев dnl YES - использовать динамические серые списки рилеев dnl define(`confGREYLIST_RELAYS', `NO')dnl dnl dnl пути к файлам динамических серых списков рилеев dnl define(`confGREYLIST_DBM_RELAYS', `confSPOOLDIR/db/greylist_relays.dbm')dnl dnl define(`confGREYLIST_SQLITE_RELAYS', `confSPOOLDIR/db/greylist.db')dnl dnl dnl запросы для работы с динамическими серыми списками рилеев в SQLite dnl define(`confGREYLIST_SQLITE_RELAYS_SELECT', `SELECT * FROM greylist_relays WHERE sender_host_address="$sender_host_address";')dnl dnl define(`confGREYLIST_SQLITE_RELAYS_INSERT', `\ dnl INSERT INTO greylist_relays (sender_host_address, create_time, expire_time, reason) \ dnl VALUES ("$sender_host_address", $tod_epoch, $acl_m_ttl, "${quote_sqlite:$acl_m_reason}");')dnl dnl define(`confGREYLIST_SQLITE_RELAYS_UPDATE', `\ dnl UPDATE greylist_relays \ dnl SET create_time=$tod_epoch, expire_time=$acl_m_ttl, reason="${quote_sqlite:$acl_m_reason}" \ dnl WHERE sender_host_address="$sender_host_address";')dnl dnl define(`confGREYLIST_SQLITE_RELAYS_DELETE_EXPIRED', `DELETE FROM greylist_relays WHERE expire_time > 0 AND expire_time < strftime(\"%s\",\"now\");')dnl dnl dnl внесение в исключения серого списка записи при отсылке письма из dnl локальной сети или от аутентифицированного отправителя dnl NO - не вносить исключающую запись dnl YES - вносить исключающую запись dnl define(`confGREYLIST_ADDR_PRELOAD', `NO') dnl запись вносится в исключения на confGREYLIST_ADDR_PRELOAD_TTL минут dnl define(`confGREYLIST_ADDR_PRELOAD_TTL',`240') dnl ifdef(`confGREYLIST_MESSAGE', `dnl ifelse(len(X`'confGREYLIST_MESSAGE), `1', `dnl define(`confGREYLIST_MESSAGE', `Greylisted')dnl ')', `dnl define(`confGREYLIST_MESSAGE', `Greylisted')dnl ') ifelse(confGREYLIST, `LEARN', ` define(`confGREYLIST_BLOCKED', `0') ') ifelse(confGREYLIST, `BLOCK_FIRST_ONLY', ` define(`confGREYLIST_BLOCKED', `-1') ') ifelse(SECTION, `MAIN', `dnl dnl domainlist greylist_domains = lsearch;CONFDIR/domains-greylist hostlist skip_greylist_hosts = CONFDIR/skip_greylist_relays dnl ifelse(confGREYLIST, `OPTIONAL', ` hostlist greylist_hosts = CONFDIR/access-relay-greylist ') dnl ifelse(confGREYLIST, `OPTIONAL', `') dnl ') dnl ifelse(SECTION, `MAIN', `') ifelse(SECTION, `ACL_CHECK_RCPT_TOP', `dnl # обнуляем счетчик баллов для опционального грейлистинга warn set acl_m_optional_greylist = scores=0 log_message= ') dnl ifelse(SECTION, `ACL_CHECK_RCPT_TOP', `') ifelse(SECTION, `ACL_CHECK_RCPT_MIDDLE', `dnl dnl ifelse(confGREYLIST_ADDR_PRELOAD, `YES', `dnl warn set acl_m_preload = no hosts = +relay_from_hosts set acl_m_preload = yes warn authenticated = * set acl_m_preload = yes warn condition = $acl_m_preload ifelse(confGREYLIST_BACKEND, `DBM', `dnl condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {0.0.0.0|$local_part@$domain|$sender_address}\ {\ block_expires=$tod_epoch \ record_expires=${eval:$tod_epoch+confGREYLIST_ADDR_PRELOAD_TTL*60} \ blocked_count=0 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_result = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_SELECT_PRELOAD}{\ ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_UPDATE_PRELOAD}}\ }{\ ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_INSERT_PRELOAD}}\ }} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_result = ${lookup mysql{confGREYLIST_MYSQL_SELECT_PRELOAD}{\ ${lookup mysql{confGREYLIST_MYSQL_UPDATE_PRELOAD}}\ }{\ ${lookup mysql{confGREYLIST_MYSQL_INSERT_PRELOAD}}\ }} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') ') dnl ifelse(confGREYLIST_ADDR_PRELOAD, `YES', `') ') dnl ifelse(SECTION, `ACL_CHECK_RCPT_MIDDLE', `') ifelse(SECTION, `ACLS_ADDITIONAL', `dnl ifelse(confGREYLIST, `OPTIONAL', ` ifdef(`confGREYLIST_DATETIME', ` FEATURE(`greylist-datetime') ') dnl ifdef(`confGREYLIST_DATETIME', `') ifelse(confGREYLIST_RELAYS, `YES', `FEATURE(`greylist-relays')') ') dnl ifelse(confGREYLIST, `OPTIONAL', `') ') dnl ifelse(SECTION, `ACLS_ADDITIONAL', `') ifelse(SECTION, `ACL_CHECK_RCPT', `dnl # Использование серых списков ifelse(confGREYLIST, `OPTIONAL', ` ifdef(`confGREYLIST_DATETIME', ` FEATURE(`greylist-datetime') ') ifelse_strstr(confGREYLIST_RELAYS, `YES', ` FEATURE(`greylist-relays') ') dnl ifelse_strstr(confGREYLIST_RELAYS, `YES', `') ifelse_strstr(confGREYLIST_SMTP, `NO', `', ` FEATURE(`greylist-smtp') ') dnl ifelse_strstr(confGREYLIST_SMTP, `NO', `', `') ') dnl ifelse(confGREYLIST, `OPTIONAL', `') ###################################################################### # определяем необходимость использования "серого списка" warn set acl_m0 = no_skip warn ! domains = +greylist_domains : +local_domains set acl_m0 = skip ifelse(confGREYLIST, `OPTIONAL', `dnl set acl_m15 = ${acl_m15}\t\ skip optional greylist for non greylisted domain\n ') dnl ifelse(confGREYLIST, `OPTIONAL', `') ifelse_strstr(confGREYLIST_SKIP, `AUTH', `dnl warn authenticated = * set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for authenticated sender\n ')dnl ifelse_strstr(confGREYLIST_SKIP, `AUTH', `') warn hosts = +skip_greylist_hosts : +relay_from_hosts set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for +skip_greylist_hosts or +relay_from_hosts\n warn condition = ${lookup{$sender_host_name}wildlsearch{CONFDIR/skip_greylist_relays}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for relay from skip_greylist_relays\n ifelse_strstr(confGREYLIST_SKIP, `TO_POSTMASTER', `dnl warn condition = ${if eq{$local_part}{postmaster}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for postmaster address\n ')dnl ifelse_strstr(confGREYLIST_SKIP, `TO_POSTMASTER', `') ifelse_strstr(confGREYLIST_SKIP, `TO_ABUSE', `dnl warn condition = ${if eq{$local_part}{abuse}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for abuse address\n ')dnl ifelse_strstr(confGREYLIST_SKIP, `TO_ABUSE', `') ifelse_strstr(confGREYLIST_SKIP, `<>', `dnl warn condition = ${if eq{$sender_address_local_part}{}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for empty sender address\n ')dnl ifelse_strstr(confGREYLIST_SKIP, `<>', `') ifelse_strstr(confGREYLIST_SKIP, `FROM_POSTMASTER', `dnl warn condition = ${if eq{$sender_address_local_part}{postmaster}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for postmaster sender address local part\n ')dnl ifelse_strstr(confGREYLIST_SKIP, `FROM_POSTMASTER', `') warn condition = ${lookup{$sender_host_address|$sender_address|$local_part@$domain}\ lsearch{CONFDIR/skip_greylist}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist by triplet of sender host address, sender address and recipient address\n warn recipients = @@wildlsearch;CONFDIR/skip_greylist_recipients set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist by recipient address\n warn senders = @@wildlsearch;CONFDIR/skip_greylist_senders set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist sender address\n ifelse_strstr(confGREYLIST_SKIP, `SPF_PASS', ` ifdef(`confSPF2', `ifelse(confSPF2, `NO', `', ` warn acl = acl_spf_pass condition = ${if eq{$acl_m_spf_result}{pass}{yes}{no}} set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for spf passed address\n ')')dnl ifdef(`confSPF2', `ifelse(confSPF2, `NO', `dnl', `')') ')dnl ifelse_strstr(confGREYLIST_SKIP, `SPF_PASS', `') ifelse_strstr(confGREYLIST_SKIP, `TLS_PASS', `dnl warn encrypted = * set acl_m0 = skip set acl_m15 = ${acl_m15}\t\ skip greylist for encrypted message\n ')dnl ifelse_strstr(confGREYLIST_SKIP, `TLS_PASS', `') ifelse(confGREYLIST, `OPTIONAL', ` warn condition = ${if eq{$acl_m0}{no_skip}{yes}{no}} hosts = +greylist_hosts set acl_m_optional_greylist = scores=${eval:${extract{scores}{$acl_m_optional_greylist}}+confGREYLIST_BLOCKED_OPTIONAL} \ log_message="${extract{log_message}{$acl_m_optional_greylist}} relay $sender_host_address greylisted;" set acl_m15 = ${acl_m15}\t\ greylist scores=confGREYLIST_BLOCKED_OPTIONAL\t\ relay $sender_host_address in +greylist_hosts\n warn condition = ${if eq{$acl_m0}{no_skip}{yes}{no}} set acl_m0 = ${if <{${extract{scores}{$acl_m_optional_greylist}}}{confGREYLIST_BLOCKED_OPTIONAL}{skip}{no_skip}} ') dnl ifelse(confGREYLIST, `OPTIONAL', `') ###################################################################### # если использовать серый список необходимо, # ищем запись о рилее/отправителе/получателе в "сером списке" ifelse(confGREYLIST_ADDR_PRELOAD, `YES', `dnl warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} ifelse(confGREYLIST_BACKEND, `DBM', `dnl set acl_m0 = ${lookup{0.0.0.0|$sender_address|$local_part@$domain}\ dbm{confGREYLIST_DBM_CACHE}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if <{${extract{record_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m0 = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_CHECK_PRELOAD}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if <{${extract{record_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} set acl_m0 = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_DELETE_PRELOAD}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m0 = ${lookup mysql{confGREYLIST_MYSQL_CHECK_PRELOAD}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if <{${extract{record_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} set acl_m0 = ${lookup mysql{confGREYLIST_MYSQL_DELETE_PRELOAD}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') set acl_m0 = warn condition = ${if eq{$acl_m0}{}{yes}{no}} ifelse(confGREYLIST_BACKEND, `DBM', `dnl set acl_m0 = ${lookup{$sender_host_address|$sender_address|$local_part@$domain}\ dbm{confGREYLIST_DBM_CACHE}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m0 = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_SELECT}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m0 = ${lookup mysql{confGREYLIST_MYSQL_SELECT}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') ', `dnl ifelse(confGREYLIST_ADDR_PRELOAD, `YES', `') warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} ifelse(confGREYLIST_BACKEND, `DBM', `dnl set acl_m0 = ${lookup{$sender_host_address|$sender_address|$local_part@$domain}\ dbm{confGREYLIST_DBM_CACHE}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m0 = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_SELECT}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m0 = ${lookup mysql{confGREYLIST_MYSQL_SELECT}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') ')dnl ifelse(confGREYLIST_ADDR_PRELOAD, `YES', `') ifdef(`confGREYLIST_BLOCKED', `ifelse(eval(confGREYLIST_BLOCKED > 0), `1', `dnl ###################################################################### # время блокировки записи в "сером списке" больше нуля # если запись в "сером списке" не найдена, создаем ее defer condition = ${if eq{$acl_m0}{}{yes}{no}} ifelse(confGREYLIST_BACKEND, `DBM', `dnl condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${eval:$tod_epoch+confGREYLIST_BLOCKED*60} \ record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60} \ blocked_count=1 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_res = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_INSERT}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_res = ${lookup mysql{confGREYLIST_MYSQL_INSERT}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') message = confGREYLIST_MESSAGE ifelse(confGREYLIST, `OPTIONAL', ` log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain; reason:${extract{log_message}{$acl_m_optional_greylist}} ',` log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain ') # если запись в "сером списке" найдена, но истек record_expires defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if <{${extract{record_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} ifelse(confGREYLIST_BACKEND, `DBM', `dnl condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${eval:$tod_epoch+confGREYLIST_BLOCKED*60} \ record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60} \ blocked_count=1 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_res = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_UPDATE_INIT}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_res = ${lookup mysql{confGREYLIST_MYSQL_UPDATE_INIT}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') message = confGREYLIST_MESSAGE log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain # если запись в "сером списке" найдена, но не истек block_expires defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if >{${extract{block_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} ifelse(confGREYLIST_BACKEND, `DBM', `dnl condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${extract{block_expires}{$acl_m0}} \ record_expires=${extract{record_expires}{$acl_m0}} \ blocked_count=${eval:${extract{blocked_count}{$acl_m0}}+1} \ passed_count=${extract{passed_count}{$acl_m0}} \ aborted_count=${extract{aborted_count}{$acl_m0}} \ origin_type=${extract{origin_type}{$acl_m0}} \ create_time=${extract{create_time}{$acl_m0}} \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_res = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_UPDATE_BLOCK}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_res = ${lookup mysql{confGREYLIST_MYSQL_UPDATE_BLOCK}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') message = confGREYLIST_MESSAGE ifelse(confGREYLIST, `OPTIONAL', ` log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain; reason:${extract{log_message}{$acl_m_optional_greylist}} ',` log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain ') dnl ifelse(confGREYLIST, `OPTIONAL', `') # если запись в "сером списке" найдена, block_expires истек, а record_expires не истек warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} ifelse(confGREYLIST_BACKEND, `DBM', `dnl condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${extract{block_expires}{$acl_m0}} \ record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE*24*60*60} \ blocked_count=${extract{blocked_count}{$acl_m0}} \ passed_count=${eval:${extract{passed_count}{$acl_m0}}+1} \ aborted_count=${extract{aborted_count}{$acl_m0}} \ origin_type=${extract{origin_type}{$acl_m0}} \ create_time=${extract{create_time}{$acl_m0}} \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_res = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_UPDATE_PASS}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_res = ${lookup mysql{confGREYLIST_MYSQL_UPDATE_PASS}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') set acl_m15 = ${acl_m15}\t\ skip greylist: blocking time has expired but record TTL does not\n ')') dnl ifdef(`confGREYLIST_BLOCKED', `ifelse(eval(confGREYLIST_BLOCKED > 0), `1', `')') ifdef(`confGREYLIST_BLOCKED', `ifelse(eval(confGREYLIST_BLOCKED == 0), `1', `dnl ###################################################################### # время блокировки записи в "сером списке" равно нулю # (принимаем все сообщения, производится лишь обучение кеша) # если запись в "сером списке" не найдена, создаем ее warn condition = ${if eq{$acl_m0}{}{yes}{no}} ifelse(confGREYLIST_BACKEND, `DBM', `dnl condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${eval:$tod_epoch} \ record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60} \ blocked_count=1 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_res = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_LEARN_INSERT}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_res = ${lookup mysql{confGREYLIST_MYSQL_LEARN_INSERT}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') # если запись в "сером списке" найдена, но истек record_expires warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if <{${extract{record_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} ifelse(confGREYLIST_BACKEND, `DBM', `dnl condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${eval:$tod_epoch} \ record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60} \ blocked_count=1 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_res = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_LEARN_UPDATE_INIT}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_res = ${lookup mysql{confGREYLIST_MYSQL_LEARN_UPDATE_INIT}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') # если запись в "сером списке" найдена и не истек record_expires warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} ifelse(confGREYLIST_BACKEND, `DBM', `dnl condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${extract{block_expires}{$acl_m0}} \ record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE*24*60*60} \ blocked_count=${extract{blocked_count}{$acl_m0}} \ passed_count=${eval:${extract{passed_count}{$acl_m0}}+1} \ aborted_count=${extract{aborted_count}{$acl_m0}} \ origin_type=${extract{origin_type}{$acl_m0}} \ create_time=${extract{create_time}{$acl_m0}} \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_res = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_UPDATE_PASS}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_res = ${lookup mysql{confGREYLIST_MYSQL_UPDATE_PASS}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') ')') dnl ifdef(`confGREYLIST_BLOCKED', `ifelse(eval(confGREYLIST_BLOCKED == 0), `1', `')') ifdef(`confGREYLIST_BLOCKED', `ifelse(eval(confGREYLIST_BLOCKED < 0), `1', `dnl # время блокировки записи в "сером списке" меньше нуля # (первое сообщение задерживается, остальные пропускаются) # если запись в "сером списке" не найдена, создаем ее defer condition = ${if eq{$acl_m0}{}{yes}{no}} ifelse(confGREYLIST_BACKEND, `DBM', ` condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${eval:$tod_epoch} \ record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60} \ blocked_count=1 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_res = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_LEARN_INSERT}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_res = ${lookup mysql{confGREYLIST_MYSQL_LEARN_INSERT}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQLITE', `') message = confGREYLIST_MESSAGE ifelse(confGREYLIST, `OPTIONAL', ` log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain; reason:${extract{log_message}{$acl_m_optional_greylist}} ',` log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain ') dnl ifelse(confGREYLIST, `OPTIONAL', `') # если запись в "сером списке" найдена, но истек record_expires defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} condition = ${if <{${extract{record_expires}{$acl_m0}}}{$tod_epoch}{yes}{no}} ifelse(confGREYLIST_BACKEND, `DBM', ` condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${eval:$tod_epoch} \ record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE_MIN*60} \ blocked_count=1 \ passed_count=0 \ aborted_count=0 \ origin_type=AUTO \ create_time=$tod_epoch \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_res = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_LEARN_UPDATE_INIT}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_res = ${lookup mysql{confGREYLIST_MYSQL_LEARN_UPDATE_INIT}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') message = confGREYLIST_MESSAGE ifelse(confGREYLIST, `OPTIONAL', ` log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain; reason:${extract{log_message}{$acl_m_optional_greylist}} ',` log_message = message blocked by greylist: $sender_host_address; $sender_address; $local_part@$domain ') dnl ifelse(confGREYLIST, `OPTIONAL', `') # если запись в "сером списке" найдена и record_expires не истек warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m0}{}{no}{yes}} ifelse(confGREYLIST_BACKEND, `DBM', ` condition = ${if eq{\ ${perl{dbm_save}{confGREYLIST_DBM_CACHE}\ {$sender_host_address|$sender_address|$local_part@$domain}\ {\ block_expires=${extract{block_expires}{$acl_m0}} \ record_expires=${eval:$tod_epoch+confGREYLIST_RECORD_EXPIRE*24*60*60} \ blocked_count=${extract{blocked_count}{$acl_m0}} \ passed_count=${eval:${extract{passed_count}{$acl_m0}}+1} \ aborted_count=${extract{aborted_count}{$acl_m0}} \ origin_type=${extract{origin_type}{$acl_m0}} \ create_time=${extract{create_time}{$acl_m0}} \ last_update=$tod_epoch \ }}\ }{}{yes}{yes}} ') dnl ifelse(confGREYLIST_BACKEND, `DBM', `') ifelse(confGREYLIST_BACKEND, `SQLITE', `dnl set acl_m_res = ${lookup sqlite{confGREYLIST_SQLITE_CACHE confGREYLIST_SQLITE_UPDATE_PASS}} ') dnl ifelse(confGREYLIST_BACKEND, `SQLITE', `') ifelse(confGREYLIST_BACKEND, `MYSQL', `dnl set acl_m_res = ${lookup mysql{confGREYLIST_MYSQL_UPDATE_PASS}} ') dnl ifelse(confGREYLIST_BACKEND, `MYSQL', `') ')') dnl ifdef(`confGREYLIST_BLOCKED', `ifelse(eval(confGREYLIST_BLOCKED > 0), `1', `')') ')dnl ifelse(SECTION, `ACL_CHECK_RCPT', `')