dnl dnl встречная проверка адреса отправителя dnl dnl NO - не проводить проверку dnl WARN - вывода в лог файл предупреждения и добавление поля X-Warn-Sender-Verify dnl QUARANTINE - принять письмо с сохранением в карантин без доставки получателям dnl REJECT - возврата клиенту кода 5xx dnl define(`confVERIFY_SENDER', `REJECT')dnl dnl dnl считать встречную проверку законченной неудачно только если 5xx получен на этапе RCPT To dnl define(`confVERIFY_SENDER_FAILED_ONLY_ON_RCPT_TO_STAGE', `YES')dnl dnl dnl исключения из встречной проверки адреса отправителя dnl NO - не делать исключений dnl AUTH - исключать аутентифицированных отправителей dnl RELAY - исключать рилеи, перечисленные в CONFDIR/skip_verify_sender_relay dnl MAIL - исключать адреса отправителей, перечисленные в CONFDIR/skip_verify_sender_mail dnl RCPT - исключать адреса получателей, перечисленные в CONFDIR/skip_verify_sender_rcpt dnl SPF_PASS - делать исключение, если проверка соответствия SPF записи выполнена успешно dnl define(`confVERIFY_SENDER_SKIP', `RELAY AUTH MAIL RCPT')dnl dnl dnl величина таймаута при проверке отправителя dnl define(`confVERIFY_SENDER_TIMEOUT', `120s')dnl dnl dnl дополнительные параметры, используемые при встречной проверке отправителя dnl define(`confVERIFY_SENDER_PARAMETERS', `')dnl dnl define(`confVERIFY_SENDER_PARAMETERS', `postmaster_mailfrom=postmaster@${qualify_domain}')dnl dnl dnl файл с перечисленными адресами/доменами получателей, для которых при verify sender надо использовать defer=ok dnl пример: dnl define(`confVERIFY_SENDER_DEFER_OK_RCPT', `CONFDIR/verify_sender_defer_ok_rcpt')dnl dnl список указывается в виде: dnl domain : addr1 : addr2 : addr3 dnl пример: dnl my.domain.com : user : info : admin dnl my.another.domain.com : !user : * dnl dnl файл с перечисленными доменами/адресами отправителей, для которых при verify sender надо использовать defer=ok dnl пример: dnl define(`confVERIFY_SENDER_DEFER_OK_MAIL', `CONFDIR/verify_sender_defer_ok_mail')dnl dnl список указывается в виде: dnl domain : addr1 : addr2 : addr3 dnl пример: dnl sender.domain.com : user : info : admin dnl dnl игнорирование временных ошибок при встречной проверке отправителя при приеме писем, отправленных из PHP функции mail dnl NO - не игноировать defer'ы при встречной проверке отправителя при приеме писем от PHP функции mail dnl YES - не игноировать defer'ы при встречной проверке отправителя при приеме писем от PHP функции mail dnl define(`confVERIFY_SENDER_DEFER_OK_PHP', `NO') dnl исключение из встречной проверки производится, если: dnl - для доменной части адреса отправителя не прописаны MX записи dnl - A запись домена отправителя совпадает с IP адресом хоста отправителя dnl - локальная часть адреса отправителя равна www, apache или nobody dnl dnl список локальных частей адресов отправителей можно дополнять, при этом необходимо использовать символ pipe в качестве разделителя dnl define(`confVERIFY_SENDER_DEFER_OK_PHP_SENDER_LOCAL_PARTS', `www|apache|nobody') dnl dnl домены получателей, для которых будет применятся игнорирование dnl временных ошибок при встречной проверке отправителя при приеме dnl писем, отправленных из PHP функции mail: dnl define(`confVERIFY_SENDER_DEFER_OK_PHP_DOMAINS', `+local_domains') dnl при использовании данной функции на транзитном рилее, принимающем всю dnl входящую почту получателей и пересылающем ее далее, целесообразно dnl дополнять значение переменной confVERIFY_SENDER_DEFER_OK_PHP_DOMAINS dnl списком рилеемых доменов: dnl define(`confVERIFY_SENDER_DEFER_OK_PHP_DOMAINS', `+local_domains : +relay_to_domains') dnl ifelse(SECTION, `MAIN', `dnl ifelse_strstr(confVERIFY_SENDER_SKIP, `RELAY', `dnl hostlist skip_verify_sender = 127.0.0.1 : CONFDIR/skip_verify_sender_relay ')dnl dnl ifdef(`confVERIFY_SENDER_DEFER_OK_RCPT', `', `define(`confVERIFY_SENDER_DEFER_OK_RCPT', `')')dnl ifdef(`confVERIFY_SENDER_DEFER_OK_MAIL', `', `define(`confVERIFY_SENDER_DEFER_OK_MAIL', `')')dnl define(`confVERIFY_SENDER_PARAMETERS_TMP',`') ifdef(`confVERIFY_SENDER_PARAMETERS', `ifelse(X`'confVERIFY_SENDER_PARAMETERS, `X', `', `define(`confVERIFY_SENDER_PARAMETERS_TMP', `,'confVERIFY_SENDER_PARAMETERS)')') ')dnl ifelse(SECTION, `MAIN', `') ifelse(SECTION, `ACL_CHECK_RCPT', `dnl # Проверка адреса отправителя warn set acl_m_verify_sender_skip = ifelse_strstr(confVERIFY_SENDER_SKIP, `RELAY', `dnl warn hosts = +skip_verify_sender set acl_m_verify_sender_skip = yes ')dnl ifelse_strstr(confVERIFY_SENDER_SKIP, `RELAY', `') ifelse_strstr(confVERIFY_SENDER_SKIP, `AUTH', `dnl warn authenticated = * set acl_m_verify_sender_skip = yes ')dnl ifelse_strstr(confVERIFY_SENDER_SKIP, `AUTH', `') ifelse_strstr(confVERIFY_SENDER_SKIP, `MAIL', `dnl warn condition = ${if eq{$acl_m_verify_sender_skip}{}{yes}{no}} senders = @@wildlsearch;CONFDIR/skip_verify_sender_mail set acl_m_verify_sender_skip = yes ')dnl ifelse_strstr(confVERIFY_SENDER_SKIP, `MAIL', `') ifelse_strstr(confVERIFY_SENDER_SKIP, `RCPT', `dnl warn condition = ${if eq{$acl_m_verify_sender_skip}{}{yes}{no}} recipients = @@wildlsearch;CONFDIR/skip_verify_sender_rcpt set acl_m_verify_sender_skip = yes ')dnl ifelse_strstr(confVERIFY_SENDER_SKIP, `RCPT', `') ifelse_strstr(confVERIFY_SENDER_SKIP, `SPF_PASS', `dnl ifdef(`confSPF2', `ifelse(confSPF2, `NO', `dnl', `dnl warn condition = ${if eq{$acl_m_verify_sender_skip}{}{yes}{no}} acl = acl_spf_pass condition = ${if eq{$acl_m_spf_result}{pass}{yes}{no}} set acl_m_verify_sender_skip = yes ')')dnl ifdef(`confSPF2', `ifelse(confSPF2, `NO', `dnl', `')') ')dnl ifelse_strstr(confVERIFY_SENDER_SKIP, `SPF_PASS', `') warn set acl_m_verify_sender_defer_ok = ifelse(len(X`'confVERIFY_SENDER_DEFER_OK_RCPT), `1', `dnl', `dnl warn condition = ${if eq{$acl_m_verify_sender_skip}{}{yes}{no}} condition = ${if eq{$acl_m_verify_sender_defer_ok}{}{yes}{no}} recipients = @@wildlsearch;confVERIFY_SENDER_DEFER_OK_RCPT set acl_m_verify_sender_defer_ok = yes ') dnl ifelse(len(X`'confVERIFY_SENDER_DEFER_OK_RCPT), `1', `') ifelse(len(X`'confVERIFY_SENDER_DEFER_OK_MAIL), `1', `dnl', `dnl warn condition = ${if eq{$acl_m_verify_sender_skip}{}{yes}{no}} condition = ${if eq{$acl_m_verify_sender_defer_ok}{}{yes}{no}} senders = @@wildlsearch;confVERIFY_SENDER_DEFER_OK_MAIL set acl_m_verify_sender_defer_ok = yes ') dnl ifelse(len(X`'confVERIFY_SENDER_DEFER_OK_MAIL), `1', `') ifelse(confVERIFY_SENDER_DEFER_OK_PHP, `NO', `', ` warn condition = ${if eq{$acl_m_verify_sender_skip}{}{yes}{no}} condition = ${if eq{$received_protocol}{local}{no}{yes}} condition = ${if isip4{$sender_host_address}{yes}{no}} condition = ${if eq{$acl_m_verify_sender_defer_ok}{}{yes}{no}} domains = confVERIFY_SENDER_DEFER_OK_PHP_DOMAINS condition = ${if match{$sender_address_local_part}{\N^(confVERIFY_SENDER_DEFER_OK_PHP_SENDER_LOCAL_PARTS)$\N}{yes}{no}} condition = ${if eq{${lookup dnsdb{mx=$sender_address_domain}}}{}{yes}{no}} set acl_m1 = ${lookup dnsdb{>: a=$sender_address_domain}} condition = ${if eq{$acl_m1}{}{no}{yes}} condition = ${if forany{$acl_m1}{eq{$item}{$sender_host_address}}{yes}{no}} set acl_m_verify_sender_defer_ok = yes ifelse_strstr(confIPv6, `YES', `dnl warn condition = ${if eq{$acl_m_verify_sender_skip}{}{yes}{no}} condition = ${if eq{$received_protocol}{local}{no}{yes}} condition = ${if isip6{$sender_host_address}{yes}{no}} condition = ${if eq{$acl_m_verify_sender_defer_ok}{}{yes}{no}} domains = confVERIFY_SENDER_DEFER_OK_PHP_DOMAINS condition = ${if match{$sender_address_local_part}{\N^(confVERIFY_SENDER_DEFER_OK_PHP_SENDER_LOCAL_PARTS)$\N}{yes}{no}} condition = ${if eq{${lookup dnsdb{mx=$sender_address_domain}}}{}{yes}{no}} set acl_m1 = ${lookup dnsdb{>: aaaa=$sender_address_domain}} condition = ${if eq{$acl_m1}{}{no}{yes}} condition = ${if forany{<; $acl_m1}{eq{\ ${sg{${sg{${sg{$item}{\N:0+\N}{:}}}{\N::+\N}{::}}}{\N^0+\N}{}}\ }{$acl_c_sender_host_address_ipv6_compact}}{yes}{no}} set acl_m_verify_sender_defer_ok = yes ') dnl ifelse_strstr(confIPv6, `YES', `') ') dnl ifelse(confVERIFY_SENDER_DEFER_OK_PHP, `NO', `', `') warn set acl_m_verify_sender_action = condition = ${if eq{$acl_m_verify_sender_skip}{}{yes}{no}} acl = acl_normalize_action "confVERIFY_SENDER" set acl_m_verify_sender_action = ${sg{$acl_m_normalize_action_result }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # warn and !quarantine and !reject warn condition = ${if eq{${extract{warn}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{no}{yes}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{no}{yes}} acl = acl_sender_verify warn condition = ${if eq{${extract{warn}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{no}{yes}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{no}{yes}} condition = ${if eq{$acl_m_verify_sender_result}{failed}{yes}{no}} add_header = X-Warn-Sender-Verify: ${if eq{$acl_m_verify_sender_skip}{}{sender address verify failed}{sender domain verify failed}} log_message = ${if eq{$acl_m_verify_sender_skip}{}{Sender address verify failed}{Sender domain verify failed}} warn condition = ${if eq{${extract{warn}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{no}{yes}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{no}{yes}} condition = ${if eq{$acl_m_verify_sender_result}{deferred}{yes}{no}} add_header = X-Warn-Sender-Verify: sender verify deffered log_message = Sender verify deffered # quarantine and !reject warn condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{no}{yes}} acl = acl_sender_verify defer condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{no}{yes}} condition = ${if eq{$acl_m_verify_sender_result}{deferred}{yes}{no}} message = Could not complete sender verify callout log_message = Could not complete sender verify callout warn condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{no}{yes}} condition = ${if eq{$acl_m_verify_sender_result}{failed}{yes}{no}} add_header = X-Quarantine-Sender-Verify: ${if eq{$acl_m_verify_sender_skip}{}{sender address verify failed}{sender domain verify failed}} log_message = message will be quarantined: ${if eq{$acl_m_verify_sender_skip}{}{sender address verify failed}{sender domain verify failed}} set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope accept condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{no}{yes}} condition = ${if eq{$acl_m_verify_sender_result}{failed}{yes}{no}} # quarantine and reject warn condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{yes}{no}} acl = acl_sender_verify defer condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{$acl_m_verify_sender_result}{deferred}{yes}{no}} message = Could not complete sender verify callout log_message = Could not complete sender verify callout accept condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{yes}{no}} condition = ${if eq{$acl_m_verify_sender_result}{failed}{yes}{no}} log_message = message will be quarantined and rejected: ${if eq{$acl_m_verify_sender_skip}{}{sender address verify failed}{sender domain verify failed}} set acl_m_fakereject = \ message will be quarantined and rejected: ${if eq{$acl_m_verify_sender_skip}{}{sender address verify failed}{sender domain verify failed}}\ |X-Quarantine-Sender-Verify: ${if eq{$acl_m_verify_sender_skip}{}{sender address verify failed}{sender domain verify failed}}\ |${if eq{$acl_m_verify_sender_skip}{}{sender address verify failed}{sender domain verify failed}} set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope # !quarantine and reject deny condition = ${if eq{${extract{quarantine}{$acl_m_verify_sender_action}}}{00}{no}{yes}} condition = ${if eq{${extract{reject}{$acl_m_verify_sender_action}}}{00}{yes}{no}} ! verify = sender${if eq{$acl_m_verify_sender_skip}{yes}{}{/callout=confVERIFY_SENDER_TIMEOUT`'confVERIFY_SENDER_PARAMETERS_TMP${if eq{$acl_m_verify_sender_defer_ok}{yes}{,defer_ok}{}}}} ifelse(confVERIFY_SENDER_FAILED_ONLY_ON_RCPT_TO_STAGE, `YES', ` condition = ${if or{\ {eq{$sender_verify_failure}{route}}\ {eq{$sender_verify_failure}{recipient}}\ }{yes}{no}} ') dnl ifelse(confVERIFY_SENDER_FAILED_ONLY_ON_RCPT_TO_STAGE, `YES', `') log_message = ${if eq{$acl_m_verify_sender_skip}{}{Sender address verify failed}{Sender domain verify failed}} ') dnl ifelse(SECTION, `ACL_CHECK_RCPT', `') ifelse(SECTION, `ACLS_ADDITIONAL', `dnl acl_sender_verify: # acl_m_verify_sender_result - результат встречной проверки отправителя accept set acl_m_verify_sender_result = deferred ! verify = sender${if eq{$acl_m_verify_sender_skip}{yes}{}{/callout=confVERIFY_SENDER_TIMEOUT`'confVERIFY_SENDER_PARAMETERS_TMP${if eq{$acl_m_verify_sender_defer_ok}{yes}{,defer_ok}{}}}} ifelse(confVERIFY_SENDER_FAILED_ONLY_ON_RCPT_TO_STAGE, `YES', ` condition = ${if or{\ {eq{$sender_verify_failure}{route}}\ {eq{$sender_verify_failure}{recipient}}\ }{yes}{no}} ') dnl ifelse(confVERIFY_SENDER_FAILED_ONLY_ON_RCPT_TO_STAGE, `YES', `') set acl_m_verify_sender_result = failed accept set acl_m_verify_sender_result = ') dnl ifelse(SECTION, `ACLS_ADDITIONAL', `')