dnl dnl поддержка DKIM dnl dnl запрет проверки подписи DKIM (для exim 4.70 и выше): dnl NO - не проводить проверку DKIM подписей dnl YES - проводить проверку DKIM подписей dnl DISABLE - запретить exim'у проводить проверку DKIM подписей dnl define(`confDKIM_CHECK', `NO')dnl dnl dnl поддержка ADSP (Author Domain Signing Practices) dnl NO - не проводить проверку ADSP dnl YES - проводить проверку ADSP dnl define(`confDKIM_CHECK_ADSP', `NO')dnl dnl ifelse(SECTION, `MAIN', `dnl acl_smtp_dkim = acl_check_dkim #dkim_verify_signers = $sender_address_domain:$dkim_signers #dkim_verify_signers = ${if def:h_from:{${domain:$h_from:}}{$sender_address_domain}}:$dkim_signers dkim_verify_signers = ${if def:h_From:{${domain:${sg{$h_From:}{:}{\\\\:}}}}{$sender_address_domain}}:$dkim_signers ')dnl ifelse(SECTION, `MAIN', `') ifelse(SECTION, `ACL_CHECK_DKIM', `dnl warn set acl_m_skip = no warn hosts = +relay_from_hosts set acl_m_skip = yes warn authenticated = * set acl_m_skip = yes warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} dkim_status = fail ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=fail ($dkim_verify_reason) header.${if eq{$dkim_identity}{}{d=@$dkim_cur_signer}{i=$dkim_cur_signer}} ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `') warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} dkim_status = invalid ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=neutral ($dkim_verify_reason) header.${if eq{$dkim_identity}{}{d=@$dkim_cur_signer}{i=$dkim_cur_signer}} ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `') warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} dkim_status = pass ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=pass (good signature) header.${if eq{$dkim_identity}{}{d=@$dkim_cur_signer}{i=$dkim_cur_signer}} ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `') warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} dkim_status = none ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=none ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `') ifelse_strstr(confDKIM_CHECK_ADSP, `NO', `', ` # set the Author Domain warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} set acl_m_author_domain = ${if def:h_From:{${domain:${sg{$h_From:}{:}{\\\\:}}}}{$sender_address_domain}} # check for an ADSP record (Author Domain Signing Practices) warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} set acl_m0 = condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} set acl_m_adsp_record = ${lookup dnsdb{txt=_adsp._domainkey.$acl_m_author_domain}{$value}{\ ${lookup dnsdb{txt=_ssp._domainkey.$acl_m_author_domain}{$value}{dkim=undefined}}\ }} set acl_m_adsp_record = ${sg{${extract{dkim}{$acl_m_adsp_record}}}{\N[;/]\N}{}} warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{discardable}{yes}{no}} dkim_status = none set acl_m0 = deny :\ There is no DKIM signature in the message, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and there is no DKIM signature in the message\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}} warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{discardable}{yes}{no}} dkim_status = invalid set acl_m0 = deny :\ The DKIM signature could not be verified due to a processing error, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and the DKIM signature could not be verified due to a processing error\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}} warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{discardable}{yes}{no}} dkim_status = fail set acl_m0 = deny :\ Verification of the DKIM signature failed, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and verification of the DKIM signature failed\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}} warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{all}{yes}{no}} !dkim_status = pass set acl_m0 = warn :\ $primary_hostname; $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy\ ${if eq{$dkim_verify_status}{}{}{.\n\tDKIM verify status is $dkim_verify_status}}\ ${if eq{$dkim_verify_reason}{}{}{.\n\tDKIM verify reason: $dkim_verify_reason}}:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and verification of the DKIM signature not passed\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}} warn set acl_m1 = condition = ${if eq{$acl_m0}{}{no}{yes}} acl = acl_normalize_action "${extract{1}{:}{$acl_m0}}" set acl_m1 = ${sg{$acl_m_normalize_action_result }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${expand:${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}}} set acl_m0 = ${expand:${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}}} set acl_m_check_dkim_msg = ${if eq{$acl_m0}{}{${if eq{$acl_m2}{}{}{: $acl_m2}}}{: $acl_m0}} set acl_m0 = ${if eq{$acl_m0}{}{sender address blacklisted${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} set acl_m2 = ${if eq{$acl_m2}{}{Access denied}{$acl_m2}} # warn warn condition = ${if match{$acl_m1}{warn}{yes}{no}} add_header = X-Warn-ADSP${acl_m_check_dkim_msg} log_message = $acl_m0${if eq{${extract{pause}{$acl_m1}}}{}{}{: message delayed for ${extract{pause}{$acl_m1}}s}} # pause warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m_spam_action = ${acl_m_spam_action}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n # quarantine and !reject warn condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} add_header = X-Quarantine-ADSP${acl_m_check_dkim_msg} log_message = F=<$sender_address> quarantined RCPT <${sg{$recipients}{, }{>, <}}>: message will be quarantined${acl_m_check_dkim_msg} set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope accept condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} # quarantine and reject accept condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} log_message = F=<$sender_address> rejected RCPT <${sg{$recipients}{, }{>, <}}>: message will be quarantined and rejected${acl_m_check_dkim_msg} set acl_m_fakereject = \ F=<$sender_address> rejected RCPT <${sg{$recipients}{, }{>, <}}>: message will be quarantined and rejected${acl_m_check_dkim_msg}\ |X-Quarantine-ADSP${acl_m_check_dkim_msg}\ |$acl_m2 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope # !quarantine and reject deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{no}{yes}} log_message = F=<$sender_address> rejected RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 message = $acl_m2 defer condition = ${if match{$acl_m1}{defer}{yes}{no}} log_message = F=<$sender_address> deferred RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 message = $acl_m2 drop condition = ${if match{$acl_m1}{drop}{yes}{no}} log_message = F=<$sender_address> dropped RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 message = $acl_m2 discard condition = ${if match{$acl_m1}{discard}{yes}{no}} log_message = F=<$sender_address> discarded RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 ifelse(confGREYLIST, `OPTIONAL', `dnl warn condition = ${if eq{${extract{greylist}{$acl_m1}}}{}{no}{yes}} set acl_m_optional_greylist = \ scores=${eval:${extract{scores}{$acl_m_optional_greylist}}+${extract{greylist}{$acl_m1}}} \ log_message="${extract{log_message}{$acl_m_optional_greylist}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ greylist scores=${extract{greylist}{$acl_m1}}\t\ $acl_m0\n ') dnl ifelse(confGREYLIST, `OPTIONAL', `') ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `dnl', `dnl warn condition = ${if eq{${extract{reject}{$acl_m1}}}{}{no}{yes}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} set acl_m_optional_reject = \ scores=${eval:${extract{scores}{$acl_m_optional_reject}}+${extract{reject}{$acl_m1}}} \ log_message="${extract{log_message}{$acl_m_optional_reject}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ reject scores=${extract{reject}{$acl_m1}}\t\t\ $acl_m0\n ')') dnl ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `')') ') dnl ifelse_strstr(confDKIM_CHECK_ADSP, `NO', `', `') ')dnl ifelse(SECTION, `ACL_CHECK_DKIM', `')