dnl
dnl проверка адреса рилея отправителя в DNSBL
dnl
dnl параметры конструкции DNS_BL:
dnl 1. имя зоны
dnl 2. действие в случае попадания рилея отправителя в DNSBL
dnl	reject		- отвергать сообщение
dnl	deny		- синоним reject
dnl	drop		- обрыв соединения
dnl	defer		- возврат временной ошибки
dnl	warn		- выводить в лог файл предупреждение
dnl	greylist:xx	- добавление xx баллов к счетчику опционального greylisting'а
dnl	greylisting:xx	- синоним greylist:xx
dnl	reject:yy	- добавление yy баллов к счетчику опционального reject'а
dnl	deny:yy		- синоним reject:yy
dnl	delay:zz	- задержка на zz секунд перед продолжением обработки сообщения
dnl	pause:zz	- синоним delay:zz
dnl	quarantine	- принять письмо с сохранением в карантин без доставки получателям
dnl действия warn, greylist:xx, reject:yy и delay:zz можно указывать одновременно через пробел
dnl 3. действие в случае defer'а от резолвера
dnl	pass	- принять сообщение
dnl	defer	- вернуть клиенту 4xx
dnl 4. сообщение отправителю:
dnl	пустое значение - формируется умолчательное сообщение отправителю
dnl	dialup		- формируется сообщение отправителю для dial-up/dsl/cable сетей
dnl	текст		- данный текст возвращается отправителю как текст сообщения об ошибке
dnl
dnl DNS_BL(`dynablock.easynet.nl',	`warn greylist:10 reject:8',	`pass',	`dialup')
dnl DNS_BL(`dul.ru',			`deny',				`defer',
dnl	`Access denied for dial-up user. Try to send mail thru your ISP')
dnl DNS_BL(`cbl.abuseat.org',		`warn pause:30 greylist:10 reject:4',	`pass',	`')
dnl DNS_BL(`bl.spamcop.net',		`warn pause:30 greylist:10 reject:3',	`pass',	`')
dnl

ifelse(SECTION, `MAIN', `dnl
hostlist skip_dnsbl_check	= 127.0.0.1 : CONFDIR/skip_dnsbl_check
')

ifelse(SECTION, `ACL_CHECK_RCPT', `dnl

ifdef(`_DNS_BL_NO', `
define(`_AV_TMP', `eval(_DNS_BL_NO + 1)')
define(`_DNS_BL_NO', _AV_TMP)
',`
define(`_DNS_BL_NO', `0')
')

define(`_DNS_BL_NAME',		`confDNSBL'_DNS_BL_NO`_NAME')dnl
define(`_DNS_BL_ACT',		`confDNSBL'_DNS_BL_NO`_ACT')dnl
define(`_DNS_BL_DEFER',		`confDNSBL'_DNS_BL_NO`_DEFER')dnl
define(`_DNS_BL_MSG',		`confDNSBL'_DNS_BL_NO`_MSG')dnl

ifelse(_DNS_BL_NAME,`confDNSBL'_DNS_BL_NO`_NAME',`',`

ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL',`dnl
define(`_DNS_TMP', `NORMALIZE_ACTION_PERSONAL_QUARANTINE(_DNS_BL_ACT)')dnl
',`dnl
define(`_DNS_TMP', `NORMALIZE_ACTION(_DNS_BL_ACT)')dnl
')dnl
define(`_DNS_BL_ACT', _DNS_TMP)dnl

define(`_DNS_TMP2', `replace_str(_DNS_BL_ACT, `reject=', `deny=')')dnl
define(`_DNS_BL_ACT', _DNS_TMP2)dnl

ifelse(_DNS_BL_MSG, `dialup', `define(`_DNS_BL_MSG', `rejected as dial-up user because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text\ntry to send mail thru your ISP')')
ifelse(_DNS_BL_MSG, `', `define(`_DNS_BL_MSG', `rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text')')
ifelse(_DNS_BL_MSG, `without_txt', `define(`_DNS_BL_MSG', `rejected because $sender_host_address is in a black list at $dnslist_domain\nYou may contact postmaster@$qualify_domain')')

	# Проверка хоста рилея отправителя в DNSBL

	warn	set acl_m0	= no
		hosts		= !+skip_dnsbl_check
		dnslists	= ifelse(_DNS_BL_DEFER, `pass', `+exclude_unknown', `+defer_unknown') : _DNS_BL_NAME
		set acl_m0	= yes
ifelse_strstr(_DNS_BL_ACT, `warn', `dnl
		add_header	= X-Warn-DNSBL: $sender_host_address is in a black list at $dnslist_domain
') dnl ifelse_strstr(_DNS_BL_ACT, `warn', `')
ifelse_strstr(_DNS_BL_ACT, `pause=', `dnl
		delay		= EXTRACT(`pause', _DNS_BL_ACT)`'s
		set acl_m_spam_action	= ${acl_m_spam_action}\t\
				delay=EXTRACT(`pause', _DNS_BL_ACT)`'s\t\t\
				$sender_host_address is in a black list at $dnslist_domain\n
		log_message	= $sender_host_address is in a black list at $dnslist_domain; message delayed for EXTRACT(`pause', _DNS_BL_ACT)`'s
') dnl ifelse_strstr(_DNS_BL_ACT, `pause=', `')
ifelse_strstr(_DNS_BL_ACT, `greylist=', `dnl
		set acl_m_optional_greylist	= \
				scores=${eval:${extract{scores}{$acl_m_optional_greylist}}+EXTRACT(`greylist', _DNS_BL_ACT)} \
				log_message="${extract{log_message}{$acl_m_optional_greylist}} greylisted due to $sender_host_address is in a black list at $dnslist_domain;"
		set acl_m_spam_action	= ${acl_m_spam_action}\t\
				greylist scores=EXTRACT(`greylist', _DNS_BL_ACT)\t\
				$sender_host_address is in a black list at $dnslist_domain\n
') dnl ifelse_strstr(_DNS_BL_ACT, `greylist=', `')
ifelse_strstr(_DNS_BL_ACT, `deny=', `dnl
		set acl_m_optional_reject	= \
				scores=${eval:${extract{scores}{$acl_m_optional_reject}}+EXTRACT(`deny', _DNS_BL_ACT)} \
				log_message="${extract{log_message}{$acl_m_optional_reject}} rejected due to $sender_host_address is in a black list at $dnslist_domain;"
		set acl_m_spam_action	= ${acl_m_spam_action}\t\
				reject scores=EXTRACT(`deny', _DNS_BL_ACT)\t\t\
				$sender_host_address is in a black list at $dnslist_domain\n
') dnl ifelse_strstr(_DNS_BL_ACT, `reject=', `')


	warn	condition	= $acl_m0
		condition	= ${if match{$acl_m_dnsbl}{$dnslist_domain}{no}{yes}}
		set acl_m_dnsbl	= _DNS_BL_MSG\n


ifelse_strstr(_DNS_BL_ACT, `quarantine', `dnl
ifelse_strstr(_DNS_BL_ACT` ', `reject ', `dnl
dnl quarantine and reject
	accept	condition	= $acl_m0
		log_message	= message will be quarantined and rejected: $sender_host_address is in a black list at $dnslist_domain
		set acl_m_fakereject	= \
				message will be quarantined and rejected: $sender_host_address is in a black list at $dnslist_domain\
				|X-Quarantine-DNSBL: $sender_host_address is in a black list at $dnslist_domain\
				|_DNS_BL_MSG
		set acl_m_add_x_orig_rcpt = yes
		set acl_m_quarantined = $acl_m_quarantined envelope
', `dnl ifelse_strstr(_DNS_BL_ACT` ', `reject ', `')
dnl quarantine and !reject
	warn	condition	= $acl_m0
		log_message	= message will be quarantined: $sender_host_address is in a black list at $dnslist_domain
		add_header	= X-Quarantine-DNSBL: $sender_host_address is in a black list at $dnslist_domain
		set acl_m_add_x_orig_rcpt = yes
		set acl_m_quarantined = $acl_m_quarantined envelope
	accept	condition	= $acl_m0
') dnl ifelse_strstr(_DNS_BL_ACT` ', `reject ', `')
', `dnl ifelse_strstr(_DNS_BL_ACT, `quarantine', `')
ifelse_strstr(_DNS_BL_ACT` ', `reject ', `dnl
dnl !quarantine and reject
	deny	condition	= $acl_m0
		message		= _DNS_BL_MSG
		log_message	= $sender_host_address is in a black list at $dnslist_domain
') dnl ifelse_strstr(_DNS_BL_ACT` ', `reject ', `')
ifelse_strstr(_DNS_BL_ACT, `drop', `dnl
dnl drop (quarantine невозможен)
	drop	condition	= $acl_m0
		message		= _DNS_BL_MSG
		log_message	= $sender_host_address is in a black list at $dnslist_domain
') dnl ifelse_strstr(_DNS_BL_ACT, `drop', `')
ifelse_strstr(_DNS_BL_ACT, `defer', `dnl
dnl defer (quarantine невозможен)
	defer	condition	= $acl_m0
		message		= _DNS_BL_MSG
		log_message	= $sender_host_address is in a black list at $dnslist_domain
') dnl ifelse_strstr(_DNS_BL_ACT, `defer', `')
') dnl ifelse_strstr(_DNS_BL_ACT, `quarantine', `')


ifelse_strstr(_DNS_BL_ACT, `warn', `dnl
ifelse_strstr(_DNS_BL_ACT, `pause=', `', `dnl
	warn	condition	= $acl_m0
		log_message	= $sender_host_address is in a black list at $dnslist_domain
') dnl ifelse_strstr(_DNS_BL_ACT, `pause=', `', `')
') dnl ifelse_strstr(_DNS_BL_ACT, `warn', `')


FEATURE(`dnsbl')

') dnl ifelse(_DNS_BL_NAME,`confDNSBL'_DNS_BL_NO`_NAME',`',`')
') dnl ifelse(SECTION, `ACL_CHECK_RCPT', `')