dnl #################### HELO #################### ifelse(SECTION, `ACL_CHECK_HELO', `dnl warn set acl_c_auth_relay_result = ') dnl ifelse(SECTION, `ACL_CHECK_HELO', `') dnl #################### /HELO #################### dnl #################### MAIL #################### ifelse(SECTION, `ACL_CHECK_MAIL', `dnl ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl # warn set acl_c_auth_relay_log_message = ${expand:$acl_c_auth_relay_log_message} # set acl_c_auth_relay_message = ${expand:$acl_c_auth_relay_message} # warn warn condition = ${if match{$acl_c_auth_relay_result}{warn}{yes}{no}} add_header = X-Warn-Auth-Relay: $acl_c_auth_relay_log_message # log_message = $acl_c_auth_relay_log_message${if eq{${extract{pause}{$acl_c_auth_relay_result}}}{}{}{: message delayed for ${extract{pause}{$acl_c_auth_relay_result}}s}} # # pause # warn condition = ${if eq{${extract{pause}{$acl_c_auth_relay_result}}}{}{no}{yes}} # delay = ${extract{pause}{$acl_c_auth_relay_result}}s # set acl_m_spam_action = ${acl_m_spam_action}\t\ # delay=${extract{pause}{$acl_c_auth_relay_result}}s\t\t\ # $acl_c_auth_relay_log_message\n # quarantine and !reject accept condition = ${if eq{${extract{quarantine}{$acl_c_auth_relay_result}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_c_auth_relay_result}}}{00}{no}{yes}} add_header = X-Quarantine-Auth-Relay: $acl_c_auth_relay_log_message log_message = message will be quarantined: $acl_c_auth_relay_log_message set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope # quarantine and reject accept condition = ${if eq{${extract{quarantine}{$acl_c_auth_relay_result}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_c_auth_relay_result}}}{00}{yes}{no}} log_message = message will be quarantined: $acl_c_auth_relay_log_message acl = acl_update_fakereject_per_rcpt \ "message will be quarantined: $acl_c_auth_relay_log_message" \ "X-Quarantine-Auth-Relay: $acl_c_auth_relay_log_message" \ "$acl_c_auth_relay_message" set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope # !quarantine and reject deny condition = ${if eq{${extract{reject}{$acl_c_auth_relay_result}}}{00}{yes}{no}} condition = ${if eq{${extract{quarantine}{$acl_c_auth_relay_result}}}{00}{no}{yes}} message = $acl_c_auth_relay_message log_message = $acl_c_auth_relay_log_message # defer defer condition = ${if match{$acl_c_auth_relay_result}{defer}{yes}{no}} message = $acl_c_auth_relay_message log_message = $acl_c_auth_relay_log_message # drop drop condition = ${if match{$acl_c_auth_relay_result}{drop}{yes}{no}} message = $acl_c_auth_relay_message log_message = $acl_c_auth_relay_log_message # discard discard condition = ${if match{$acl_c_auth_relay_result}{discard}{yes}{no}} message = $acl_c_auth_relay_message log_message = $acl_c_auth_relay_log_message ifelse(confGREYLIST, `OPTIONAL', `dnl warn condition = ${if eq{${extract{greylist}{$acl_c_auth_relay_result}}}{}{no}{yes}} set acl_m_optional_greylist = \ scores=${eval:${extract{scores}{$acl_m_optional_greylist}}+${extract{greylist}{$acl_c_auth_relay_result}}} \ log_message="${extract{log_message}{$acl_m_optional_greylist}} $acl_c_auth_relay_log_message;" set acl_m_spam_action = ${acl_m_spam_action}\t\ greylist scores=${extract{greylist}{$acl_c_auth_relay_result}}\t\ $acl_c_auth_relay_log_message\n ') dnl ifelse(confGREYLIST, `OPTIONAL', `') ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `dnl', `dnl warn condition = ${if eq{${extract{reject}{$acl_c_auth_relay_result}}}{}{no}{yes}} condition = ${if eq{${extract{reject}{$acl_c_auth_relay_result}}}{00}{no}{yes}} set acl_m_optional_reject = \ scores=${eval:${extract{scores}{$acl_m_optional_reject}}+${extract{reject}{$acl_c_auth_relay_result}}} \ log_message="${extract{log_message}{$acl_m_optional_reject}}\n\t$acl_c_auth_relay_log_message;" set acl_m_spam_action = ${acl_m_spam_action}\t\ reject scores=${extract{reject}{$acl_c_auth_relay_result}}\t\t\ $acl_c_auth_relay_log_message\n ')') dnl ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `')') ') dnl ifelse(confSMTP_AUTH_RELAY, `NO', `', `') ') dnl ifelse(SECTION, `ACL_CHECK_MAIL', `') dnl #################### /MAIL #################### dnl #################### RCPT #################### ifelse(SECTION, `ACL_CHECK_RCPT', `dnl ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl warn ! domains = +local_domains`'ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', ` : +relay_to_domains')') # remove_header = X-Warn-Auth-Relay acl = acl_remove_header X-Warn-Auth-Relay set acl_m_remove_header_x_warn_auth_relay = yes ') dnl ifelse(confSMTP_AUTH_RELAY, `NO', `', `') ') dnl ifelse(SECTION, `ACL_CHECK_RCPT', `') dnl #################### /RCPT #################### dnl #################### DATA #################### ifelse(SECTION, `ACL_CHECK_DATA_TOP', `dnl ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl warn condition = ${if eq{$acl_m_remove_header_x_warn_auth_relay}{yes}{yes}{no}} # remove_header = X-Warn-Auth-Relay acl = acl_remove_header X-Warn-Auth-Relay set acl_m_remove_header_x_warn_auth_relay = yes ') dnl ifelse(confSMTP_AUTH_RELAY, `NO', `', `') ') dnl ifelse(SECTION, `ACL_CHECK_DATA_TOP', `') dnl #################### /DATA #################### dnl #################### ACLS_ADDITIONAL #################### ifelse(SECTION, `ACLS_ADDITIONAL', `dnl ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl define(`confSMTP_AUTH_RELAY_BACKEND', `TEXT') acl_auth_relay: # $acl_arg1 - SMTP login warn set acl_m0 = set acl_c_auth_relay_result = set acl_c_auth_relay_message = set acl_c_auth_relay_log_message = accept condition = ${if match{$acl_arg1}{\N.*(\\x24|\\0?44|\/|\$|\{|\})\N}{yes}{no}} set acl_c_auth_relay_result = drop log_message = Restricted characters in the sender authenticated id $acl_arg1 set acl_c_auth_relay_message = Restricted characters in the sender authenticated id $acl_arg1 message = skip_auth warn set acl_c_auth_relay_auth_id = ${acl{detaint}{$acl_arg1}} ifelse_strstr(confSMTP_AUTH_RELAY_BACKEND, `TEXT', ` ifelse(confSMTP_AUTH_RELAY_COMPLEX, `NO', `', `dnl warn condition = ${if eq{$acl_m0}{}{yes}{no}} set acl_m0 = ${lookup{\ $acl_c_auth_relay_auth_id<@>$sender_host_address<@>$sender_host_name<@>AS$acl_c_sender_host_address_asn<@>$acl_c_sender_host_address_country<@>$acl_c_sender_host_address_continent\ }wildlsearch{CONFDIR/access-auth-relay}{$value}{}} ') dnl ifelse(confSMTP_AUTH_RELAY_COMPLEX, `NO', `', `') warn condition = ${if eq{$acl_m0}{}{yes}{no}} set acl_m0 = ${lookup{$acl_c_auth_relay_auth_id<@>$sender_host_address}wildlsearch{CONFDIR/access-auth-relay}{$value}{\ ${if eq{$sender_host_name}{}{}{\ ${lookup{$acl_c_auth_relay_auth_id<@>$sender_host_name}wildlsearch{CONFDIR/access-auth-relay}{$value}{}}\ }}\ }} ifelse(confSMTP_AUTH_RELAY_ASN, `NO', `', `dnl condition = ${if eq{$acl_m0}{}{yes}{no}} set acl_m0 = ${if and{\ {!eq{$acl_c_sender_host_address_asn}{}}\ {!eq{$acl_c_sender_host_address_asn}{UNKNOWN}}\ }{\ ${lookup{$acl_c_auth_relay_auth_id<@>AS$acl_c_sender_host_address_asn}wildlsearch{CONFDIR/access-auth-relay}{$value}{}}\ }} ') dnl ifelse(confSMTP_AUTH_RELAY_ASN, `NO', `', `') ifelse(confSMTP_AUTH_RELAY_COUNTRY, `NO', `', `dnl condition = ${if eq{$acl_m0}{}{yes}{no}} set acl_m0 = ${if and{\ {!eq{$acl_c_sender_host_address_country}{}}\ # {!eq{$acl_c_sender_host_address_country}{UNKNOWN}}\ }{\ ${lookup{$acl_c_auth_relay_auth_id<@>$acl_c_sender_host_address_country}wildlsearch{CONFDIR/access-auth-relay}{$value}{}}\ }} ') dnl ifelse(confSMTP_AUTH_RELAY_COUNTRY, `NO', `', `') ifelse(confSMTP_AUTH_RELAY_CONTINENT, `NO', `', `dnl condition = ${if eq{$acl_m0}{}{yes}{no}} set acl_m0 = ${if and{\ {!eq{$acl_c_sender_host_address_continent}{}}\ # {!eq{$acl_c_sender_host_address_continent}{UNKNOWN}}\ }{\ ${lookup{$acl_c_auth_relay_auth_id<@>CONTINENT_${acl_c_sender_host_address_continent}}wildlsearch{CONFDIR/access-auth-relay}{$value}{}}\ }} ') dnl ifelse(confSMTP_AUTH_RELAY_CONTINENT, `NO', `', `') ') dnl ifelse_strstr(confSMTP_AUTH_RELAY_BACKEND, `TEXT', `') warn condition = ${if eq{$acl_m0}{}{no}{yes}} set acl_m0 = ${if match{$acl_m0}{\N^\$\{\N}{${expand:$acl_m0}}{$acl_m0}} set acl_m0 = ${sg{$acl_m0}{eval:}{eval╕}} set acl_m0 = ${acl{detaint}{$acl_m0}} acl = acl_normalize_action "${expand:${sg{${extract{1}{:}{$acl_m0}}}{eval╕}{eval:}}}" set acl_c_auth_relay_result = ${sg{$acl_m_normalize_action_result }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_c_auth_relay_message # log_message = $acl_c_auth_relay_log_message set acl_c_auth_relay_message = ${acl{acl_trim}{${extract{2}{:}{$acl_m0}}}} set acl_c_auth_relay_message = ${sg{$acl_c_auth_relay_message}{eval╕}{eval:}} set acl_c_auth_relay_message = ${if eq{$acl_c_auth_relay_message}{}{SMTP authentication is restricted}{$acl_c_auth_relay_message}} set acl_c_auth_relay_log_message = ${acl{acl_trim}{${extract{3}{:}{$acl_m0}}}} set acl_c_auth_relay_log_message = ${sg{$acl_c_auth_relay_log_message}{eval╕}{eval:}} set acl_c_auth_relay_log_message = ${if eq{$acl_c_auth_relay_log_message}{}{SMTP authentication as $acl_c_auth_relay_auth_id from host ${if eq{$acl_c_sender_host_name}{}{}{$acl_c_sender_host_name }}[$sender_host_address] \ `'ifelse(confSMTP_AUTH_RELAY_COUNTRY, `NO', `', `(country: $acl_c_sender_host_address_country`'ifelse(confSMTP_AUTH_RELAY_CNTINENT, `NO', `', `; continent: $acl_c_sender_host_address_continent'))') \ is restricted${if eq{$acl_c_auth_relay_message}{}{}{: $acl_c_auth_relay_message}}}{$acl_c_auth_relay_log_message}} warn set acl_c_auth_relay_log_message = ${expand:${sg{$acl_c_auth_relay_log_message}{\N\$authenticated_id\N}{$acl_c_auth_relay_auth_id}}} set acl_c_auth_relay_message = ${expand:${sg{$acl_c_auth_relay_message}{\N\$authenticated_id\N}{$acl_c_auth_relay_auth_id}}} ifdef(`confENTERPRISE_USER', `dnl warn condition = ${if match{$acl_c_auth_relay_result}{submit_mysql}{yes}{no}} ENTERPRISE(`mysql', `submit', `auth_relay', `blacklisted', `$sender_address|$local_part@$domain', `0') warn condition = ${if match{$acl_c_auth_relay_result}{submit_sqlite}{yes}{no}} ENTERPRISE(`sqlite', `submit', `auth_relay', `blacklisted', `$sender_address|$local_part@$domain', `0') warn condition = ${if match{$acl_c_auth_relay_result}{submit_rbl}{yes}{no}} dnl ENTERPRISE(`rbl', `update', `mx.org.ua', `auth_relay.rbl.mx.org.ua', `blacklisted', `$sender_address|$local_part@$domain') ENTERPRISE(`rbl', `submit', `auth_relay', `blacklisted', `$sender_address|$local_part@$domain') ')dnl # warn warn condition = ${if match{$acl_c_auth_relay_result}{warn}{yes}{no}} ######## add_header = X-Warn-Auth-Relay: $acl_c_auth_relay_log_message log_message = $acl_c_auth_relay_log_message${if eq{${extract{pause}{$acl_c_auth_relay_result}}}{}{}{: message delayed for ${extract{pause}{$acl_c_auth_relay_result}}s}} # pause warn condition = ${if eq{${extract{pause}{$acl_c_auth_relay_result}}}{}{no}{yes}} delay = ${extract{pause}{$acl_c_auth_relay_result}}s set acl_m_spam_action = ${acl_m_spam_action}\t\ delay=${extract{pause}{$acl_c_auth_relay_result}}s\t\t\ $acl_c_auth_relay_log_message\n # quarantine and !reject accept condition = ${if eq{${extract{quarantine}{$acl_c_auth_relay_result}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_c_auth_relay_result}}}{00}{no}{yes}} log_message = SMTP autentication skipped because of it is restricted message = skip_auth # quarantine and reject accept condition = ${if eq{${extract{quarantine}{$acl_c_auth_relay_result}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_c_auth_relay_result}}}{00}{yes}{no}} log_message = SMTP autentication skipped because of it is restricted message = skip_auth # !quarantine and reject accept condition = ${if eq{${extract{reject}{$acl_c_auth_relay_result}}}{00}{yes}{no}} condition = ${if eq{${extract{quarantine}{$acl_c_auth_relay_result}}}{00}{no}{yes}} log_message = SMTP autentication skipped because of it is restricted message = skip_auth # defer accept condition = ${if match{$acl_c_auth_relay_result}{defer}{yes}{no}} log_message = SMTP autentication skipped because of it is restricted message = skip_auth # drop accept condition = ${if match{$acl_c_auth_relay_result}{drop}{yes}{no}} log_message = SMTP autentication skipped because of it is restricted message = skip_auth # discard accept condition = ${if match{$acl_c_auth_relay_result}{discard}{yes}{no}} log_message = SMTP autentication skipped because of it is restricted message = skip_auth accept ') dnl ifelse(confSMTP_AUTH_RELAY, `NO', `', `') ') dnl ifelse(SECTION, `ACLS_ADDITIONAL', `') dnl #################### /ACLS_ADDITIONAL ####################