dnl dnl использовать механизм определения номера AS по IP адресу dnl NO - не использовать механизм определения номера AS по IP адресу dnl YES - использовать механизм определения номера AS по IP адресу dnl define(`confIP2ASN', `NO')dnl dnl dnl при использовании фильтрации писем по номеру AS хоста отправителя dnl (переменная confCHECK_ACCESS_RELAY_ASN), комбинации номера AS хоста dnl отправителя и адресов отправителя и получателя (переменная dnl confCHECK_ACCESS_COMPAT_RELAY_ASN), комбинации SMTP логина и номера AS dnl хоста отправителя (переменная confSMTP_AUTH_RELAY_ASN) значение dnl confIP2ASN автоматически устанавливается равным YES dnl dnl механизм определения номера AS по IP адресу dnl DNS_CYMRU - определение номера AS по DNS зонам origin.asn.cymru.com и origin6.asn.cymru.com dnl DNS_SPAMEATINGMONKEY - определение номера AS по DNS зоне origin.asn.spameatingmonkey.net (только IPv4) dnl WHOIS_RADB - определение номера AS по данным whois.radb.net dnl WHOIS_CYMRU - определение номера AS по данным whois.cymru.com dnl WHOIS_RIPE - определение номера AS по данным whois.ripe.net (только Европа) dnl define(`confIP2ASN_BACKEND', `DNS_CYMRU DNS_SPAMEATINGMONKEY WHOIS_RADB WHOIS_CYMRU WHOIS_RIPE')dnl dnl в качестве значения confIP2ASN_BACKEND можно указывать несколько механизмов dnl ifelse(SECTION, `ACL_CHECK_CONNECT', `dnl ifelse(confCHECK_ACCESS_RELAY_ASN, `NO', `', `define(`confIP2ASN', `YES')')dnl ifelse(confCHECK_ACCESS_COMPAT_RELAY_ASN, `NO', `', `define(`confIP2ASN', `YES')')dnl ifelse(confSMTP_AUTH_RELAY_ASN, `NO', `', `define(`confIP2ASN', `YES')')dnl ifelse(confIP2ASN, `YES', `dnl warn condition = ${if eq{$acl_c_sender_host_address_asn}{}{yes}{no}} set acl_c_sender_host_address_asn = ${acl{acl_ip2asn}{$sender_host_address}} ') dnl ifelse(confIP2ASN, `YES', `') ') dnl ifelse(SECTION, `ACL_CHECK_CONNECT', `') ifelse(SECTION, `ACLS_ADDITIONAL', `dnl acl_ip2asn: # acl_arg1 - IP адрес warn set acl_m_ip2asn_result = UNKNOWN accept condition = ${if match_ip{$acl_arg1}{<; 127.0.0.1/8`'ifelse_strstr(confIPv6, `YES', ` ; ::1') ; +private_networks}{yes}{no}} message = $acl_m_ip2asn_result ifelse_strstr(confIP2ASN_BACKEND, `DNS_CYMRU', ` warn condition = ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}} condition = ${if isip4{$acl_arg1}{yes}{no}} set acl_m_ip2asn_result = ${sg{${sg{${extract{1}{|}{${lookup dnsdb{>\n; defer_never,txt=${reverse_ip:$acl_arg1}.origin.asn.cymru.com}}}}}{\N^\s*\N}{AS}}}{\N\s+$\N}{}} set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{AS}{UNKNOWN}{$acl_m_ip2asn_result}} ifelse_strstr(confIPv6, `YES', `dnl warn condition = ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}} condition = ${if isip6{$acl_arg1}{yes}{no}} set acl_m_ip2asn_result = ${sg{${sg{${extract{1}{|}{${lookup dnsdb{>\n; defer_never,txt=${reverse_ip:$acl_arg1}.origin6.asn.cymru.com}}}}}{\N\s+$\N}{}}}{\N^\s*\N}{AS}} set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{AS}{UNKNOWN}{$acl_m_ip2asn_result}} ') dnl ifelse_strstr(confIPv6, `YES', `') ') dnl ifelse_strstr(confIP2ASN_BACKEND, `DNS_CYMRU', `') ifelse_strstr(confIP2ASN_BACKEND, `DNS_SPAMEATINGMONKEY', ` warn condition = ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}} condition = ${if isip4{$acl_arg1}{yes}{no}} set acl_m_ip2asn_result = ${sg{${sg{${extract{2}{|}{${lookup dnsdb{>\n; defer_never,txt=${reverse_ip:$acl_arg1}.origin.asn.spameatingmonkey.net}}}}}{\N^\s+\N}{}}}{\N\s+$\N}{}} set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{}{UNKNOWN}{$acl_m_ip2asn_result}} ') dnl ifelse_strstr(confIP2ASN_BACKEND, `DNS_SPAMEATINGMONKEY', `') ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_RADB', ` warn condition = ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}} set acl_m_ip2asn_result = ${if match{${readsocket{inet:whois.radb.net:43}{$acl_arg1\n}{20s}{\n}{socket failure}}}{\N^(?:.*\n)*?origin:\s*(\S+)\N}{$1}{}} set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{}{UNKNOWN}{$acl_m_ip2asn_result}} set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{socket failure}{UNKNOWN}{$acl_m_ip2asn_result}} ') dnl ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_RADB', `') ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_CYMRU', ` warn condition = ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}} set acl_m_ip2asn_result = ${if match{${readsocket{inet:whois.cymru.com:43}{$acl_arg1\n}{20s:shutdown=no}{\n}{socket failure}}}{\N^(?:AS\s.*\n)(\d+)\s\N}{AS$1}{}} set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{}{UNKNOWN}{$acl_m_ip2asn_result}} set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{socket failure}{UNKNOWN}{$acl_m_ip2asn_result}} ') dnl ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_CYMRU', `') ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_RIPE', ` warn condition = ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}} set acl_m_ip2asn_result = ${if match{${readsocket{inet:whois.ripe.net:43}{$acl_arg1\n}{20s:shutdown=no}{\n}{socket failure}}}{\N^(?:.*\n)*origin:\s*(\S+)\N}{$1}{}} set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{}{UNKNOWN}{$acl_m_ip2asn_result}} set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{socket failure}{UNKNOWN}{$acl_m_ip2asn_result}} ') dnl ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_RIPE', `') accept message = $acl_m_ip2asn_result ') dnl ifelse(SECTION, `ACLS_ADDITIONAL', `')