dnl dnl поддержка DKIM dnl dnl запрет проверки подписи DKIM (для exim 4.70 и выше): dnl NO - не проводить проверку DKIM подписей dnl YES - проводить проверку DKIM подписей dnl DISABLE - запретить exim'у проводить проверку DKIM подписей dnl define(`confDKIM_CHECK', `NO')dnl dnl dnl поддержка ADSP (Author Domain Signing Practices): dnl NO - не проводить проверку ADSP dnl YES - проводить проверку ADSP dnl define(`confDKIM_CHECK_ADSP', `NO')dnl dnl dnl поддержка SSP (Sender Signing Practices): dnl NO - не проводить проверку SSP dnl YES - проводить проверку SSP dnl define(`confDKIM_CHECK_SSP', `NO')dnl dnl dnl смягчение проверки ADSP и SSP для писем из списков рассылки: dnl NO - не производить смягчение проверки ADSP и SSP для писем из списков рассылки dnl YES - производить смягчение проверки ADSP и SSP для писем из списков рассылки dnl define(`confDKIM_CHECK_MITIGATE_MAILLIST', `YES')dnl dnl ifelse(SECTION, `MAIN', `dnl dnl acl_smtp_dkim = acl_check_dkim dnl ###dkim_verify_signers = $sender_address_domain:$dkim_signers ##dkim_verify_signers = ${if def:h_From:{${domain:$h_From:}}{$sender_address_domain}}:$dkim_signers #dkim_verify_signers = ${if def:rh_From:{${domain:$rh_From:}}{$sender_address_domain}}:$dkim_signers dkim_verify_signers = ${if def:rh_From:{${domain:${sg{$rh_From:}{:}{\\\\:}}}}{$sender_address_domain}}:$dkim_signers dnl ')dnl ifelse(SECTION, `MAIN', `') ifelse(SECTION, `ACL_CHECK_DKIM', `dnl warn set acl_m_skip = no set acl_m0 = ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_dkim_verify_reason = ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn hosts = +relay_from_hosts set acl_m_skip = yes warn authenticated = * set acl_m_skip = yes warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} dkim_status = fail set acl_m0 = fail warn condition = ${if eq{$acl_m0}{fail}{yes}{no}} condition = ${if eq{$dkim_verify_reason}{bodyhash_mismatch}{yes}{no}} set acl_m0 = ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_dkim_verify_reason = body hash mismatch; body probably modified in transit set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=fail ($acl_m_dkim_verify_reason)\n\t\theader.${if eq{$dkim_identity}{}{d=$dkim_cur_signer}{i=$dkim_cur_signer}} header.s=$dkim_selector header.a=$dkim_algo ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn condition = ${if eq{$acl_m0}{fail}{yes}{no}} condition = ${if eq{$dkim_verify_reason}{signature_incorrect}{yes}{no}} set acl_m0 = ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_dkim_verify_reason = signature did not verify; headers probably modified in transit set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=fail ($acl_m_dkim_verify_reason)\n\t\theader.${if eq{$dkim_identity}{}{d=$dkim_cur_signer}{i=$dkim_cur_signer}} header.s=$dkim_selector header.a=$dkim_algo ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn condition = ${if eq{$acl_m0}{fail}{yes}{no}} set acl_m0 = ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_dkim_verify_reason = ${if eq{$dkim_verify_reason}{}{unspecified reason}{$dkim_verify_reason}} set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=fail ($acl_m_dkim_verify_reason)\n\t\theader.${if eq{$dkim_identity}{}{d=$dkim_cur_signer}{i=$dkim_cur_signer}} header.s=$dkim_selector header.a=$dkim_algo ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} dkim_status = invalid set acl_m0 = invalid warn condition = ${if eq{$acl_m0}{invalid}{yes}{no}} condition = ${if eq{$dkim_verify_reason}{pubkey_unavailable}{yes}{no}} set acl_m0 = ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_dkim_verify_reason = pubkey unavailable set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=tmperror ($acl_m_dkim_verify_reason) header.${if eq{$dkim_identity}{}{d=$dkim_cur_signer}{i=$dkim_cur_signer}} header.s=$dkim_selector header.a=$dkim_algo ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn condition = ${if eq{$acl_m0}{invalid}{yes}{no}} condition = ${if eq{$dkim_verify_reason}{pubkey_syntax}{yes}{no}} set acl_m0 = ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_dkim_verify_reason = pubkey syntactically invalid set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=tmperror ($acl_m_dkim_verify_reason) header.${if eq{$dkim_identity}{}{d=$dkim_cur_signer}{i=$dkim_cur_signer}} header.s=$dkim_selector header.a=$dkim_algo ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn condition = ${if eq{$acl_m0}{invalid}{yes}{no}} condition = ${if eq{$dkim_verify_reason}{}{yes}{no}} set acl_m0 = ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_dkim_verify_reason = signature tag missing or invalid set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=neutral ($acl_m_dkim_verify_reason) header.${if eq{$dkim_identity}{}{d=$dkim_cur_signer}{i=$dkim_cur_signer}} header.s=$dkim_selector header.a=$dkim_algo ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn condition = ${if eq{$acl_m0}{invalid}{yes}{no}} set acl_m0 = ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_dkim_verify_reason = $dkim_verify_reason set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=neutral ($acl_m_dkim_verify_reason) header.${if eq{$dkim_identity}{}{d=$dkim_cur_signer}{i=$dkim_cur_signer}} header.s=$dkim_selector header.a=$dkim_algo ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn \ set acl_m_test = !!!\n\ !!! \$dkim_verify_status: $dkim_verify_status\n\ !!! \$dkim_cur_signer: $dkim_cur_signer\n\ !!! \$dkim_verify_reason: $dkim_verify_reason\n\ !!! \$acl_m_dkim_verify_reason: $acl_m_dkim_verify_reason\n\ !!! \$dkim_domain: $dkim_domain\n\ !!! \$dkim_identity: $dkim_identity\n\ !!! \$dkim_selector: $dkim_selector\n\ !!! \$dkim_algo: $dkim_algo\n\ !!! \$dkim_canon_body: $dkim_canon_body\n\ !!! \$dkim_canon_headers: $dkim_canon_headers\n\ !!! \$dkim_copiedheaders: $dkim_copiedheaders\n\ !!! \$dkim_bodylength: $dkim_bodylength\n\ !!! \$dkim_created: $dkim_created\n\ !!! \$dkim_expires: $dkim_expires\n\ !!! \$dkim_headernames: $dkim_headernames\n\ !!! \$dkim_key_testing: $dkim_key_testing\n\ !!! \$dkim_key_nosubdomains: $dkim_key_nosubdomains\n\ !!! \$dkim_key_srvtype: $dkim_key_srvtype\n\ !!! \$dkim_key_granularity: $dkim_key_granularity\n\ !!! \$dkim_key_notes: $dkim_key_notes\n\ !!! \$dkim_key_length: $dkim_key_length warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} dkim_status = pass set acl_m0 = ${if eq{$dkim_algo}{rsa-sha1}{the signature is valid but hash too weak}{\ ifelse(confDKIM_CHECK_KEY_LENGTH, `NO', `dnl good signature\ ', `dnl ${if and{\ {eq {${length_3:$dkim_algo}}{rsa}}\ {<{$dkim_key_length}{1024}}\ }{the signature is valid but key too short}{good signature}}\ ') dnl ifelse(confDKIM_CHECK_KEY_LENGTH, `NO', `', `') }} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_dkim_verify_reason = $acl_m0 set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=pass ($acl_m_dkim_verify_reason) header.${if eq{$dkim_identity}{}{d=$dkim_cur_signer}{i=$dkim_cur_signer}} header.s=$dkim_selector header.a=$dkim_algo ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') condition = ${if eq{$acl_m0}{good signature}{no}{yes}} log_message = ${sg{$acl_m0}{good signature}{DKIM signature}}; dkim algorithm: $dkim_algo; key length: $dkim_key_length ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} dkim_status = none set acl_m_dkim_verify_reason = DKIM signature not found set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=none header.${if eq{$dkim_identity}{}{d=$dkim_cur_signer}{i=$dkim_cur_signer}} ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') ifelse_strstr(confDKIM_CHECK_MITIGATE_MAILLIST, `NO', `', ` warn condition = ${if eq{$acl_m_maillist}{}{yes}{no}} set acl_m_maillist = no warn condition = ${if eq{$acl_m_maillist}{no}{yes}{no}} condition = ${if match{$h_X-Mailman-Version:}{\N^2(\.\d+){2}$\N}{yes}{no}} condition = ${if eq{$h_Precedence:}{list}{yes}{no}} condition = ${if def:h_X-BeenThere:} condition = ${if def:h_List-Id:} condition = ${if def:h_List-Unsubscribe:} # condition = ${if def:h_List-Archive:} condition = ${if def:h_List-Post:} condition = ${if def:h_List-Help:} condition = ${if def:h_List-Subscribe:} condition = ${if def:h_Errors-To:} condition = ${if def:h_Sender:} set acl_m_maillist = yes warn condition = ${if eq{$acl_m_maillist}{no}{yes}{no}} condition = ${if match{$h_X-Mailman-Version:}{\N^3(\.\d+){2}$\N}{yes}{no}} condition = ${if eq{$h_Precedence:}{list}{yes}{no}} condition = ${if def:h_Message-ID-Hash:} condition = ${if def:h_X-Message-ID-Hash:} condition = ${if def:h_X-MailFrom:} condition = ${if def:h_List-Id:} # condition = ${if def:h_List-Archive:} condition = ${if def:h_List-Help:} condition = ${if def:h_List-Owner:} condition = ${if def:h_List-Post:} condition = ${if def:h_List-Subscribe:} condition = ${if def:h_List-Unsubscribe:} # condition = ${if def:h_Errors-To:} set acl_m_maillist = yes ') dnl ifelse_strstr(confDKIM_CHECK_MITIGATE_MAILLIST, `NO', `', `') ifelse_strstr(confDKIM_CHECK_ADSP, `NO', `', ` # set the Author Domain warn set acl_m_adsp_record = condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} set acl_m_author_domain = ${if def:h_From:{${domain:${sg{$rh_From:}{:}{\\\\:}}}}{$sender_address_domain}} set acl_m_skip = ${if eq{$acl_m_author_domain}{}{yes}{$acl_m_skip}} set acl_m_skip = ${if eq{$acl_m_author_domain}{$dkim_cur_signer}{$acl_m_skip}{yes}} warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if match{$acl_m_author_domain}{\N^([a-zA-Z\d-]+\.)+[a-zA-Z]+$\N}{no}{yes}} log_message = Restricted characters in the Author Domain (header From domain) $acl_m_author_domain set acl_m_author_domain = set acl_m_skip = yes warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} set acl_m_author_domain = ${acl{detaint}{$acl_m_author_domain}} # check for an ADSP record (Author Domain Signing Practices) warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} set acl_m0 = condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} set acl_m_adsp_record = ${lookup dnsdb{txt=_adsp._domainkey.$acl_m_author_domain}{$value}{\ ${lookup dnsdb{txt=_ssp._domainkey.$acl_m_author_domain}{$value}{}}\ }} condition = ${if eq{$acl_m_adsp_record}{}{no}{yes}} set acl_m_adsp_record = ${sg{$acl_m_adsp_record}{\N^((.+\n)*)v=spf[12].+\n?\N}{\$1}} set acl_m_adsp_record = ${sg{${extract{dkim}{$acl_m_adsp_record}}}{\N[;/]\N}{}} condition = ${if eq{$acl_m_adsp_record}{}{no}{yes}} set acl_m_adsp_record = ${acl{detaint}{$acl_m_adsp_record}} warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m_adsp_record}{}{no}{yes}} condition = ${if match{$acl_m_adsp_record}{\N.*[^a-zA-Z= ;/]\N}{yes}{no}} log_message = Restricted characters in the sender address ADSP policy "$acl_m_adsp_record" set acl_m_adsp_record = ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl # No DKIM Author Domain Signing Practices (ADSP) record was published warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m_adsp_record}{}{yes}{no}} set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-adsp=none header=$dkim_cur_signer policy=none ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl # This message had an Author Domain Signature that was validated warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m_adsp_record}{}{no}{yes}} dkim_status = pass set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-adsp=pass header=$dkim_cur_signer policy=$acl_m_adsp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl warn set acl_m_dkim_verify_reason = ${if eq{$acl_m_dkim_verify_reason}{pubkey unavailable}{DKIM public key unavailable}{$acl_m_dkim_verify_reason}} ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=none, ADSP policy=unknown warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{unknown}{yes}{no}} dkim_status = none set acl_m0 = warn :\ DKIM signature not found, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and DKIM signature not found\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-adsp=unknown ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_adsp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=none, ADSP policy=all warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{all}{yes}{no}} dkim_status = none set acl_m0 = deny warn :\ DKIM signature not found, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and DKIM signature not found\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-adsp=fail ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_adsp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=none, ADSP policy=discardable warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{discardable}{yes}{no}} dkim_status = none set acl_m0 = deny warn :\ DKIM signature not found, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and DKIM signature not found\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-adsp=discard ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_adsp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=fail, ADSP policy=unknown warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{unknown}{yes}{no}} dkim_status = fail set acl_m0 = warn :\ Verification of the DKIM signature failed, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and verification of the DKIM signature failed\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-adsp=unknown ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_adsp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=fail, ADSP policy=all warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{all}{yes}{no}} dkim_status = fail set acl_m0 = ifelse_strstr(confDKIM_CHECK_MITIGATE_MAILLIST, `NO', `deny', `${if eq{$acl_m_maillist}{yes}{}{deny}}') warn :\ Verification of the DKIM signature failed, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and verification of the DKIM signature failed\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}}\ ifelse_strstr(confDKIM_CHECK_MITIGATE_MAILLIST, `NO', `', `${if eq{$acl_m_maillist}{yes}{ (mitigated for mailing list)}{}}') ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-adsp=fail ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_adsp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=fail, ADSP policy=discardable warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{discardable}{yes}{no}} dkim_status = fail set acl_m0 = ifelse_strstr(confDKIM_CHECK_MITIGATE_MAILLIST, `NO', `deny', `${if eq{$acl_m_maillist}{yes}{}{deny}}') warn :\ Verification of the DKIM signature failed, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and verification of the DKIM signature failed\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}}\ ifelse_strstr(confDKIM_CHECK_MITIGATE_MAILLIST, `NO', `', `${if eq{$acl_m_maillist}{yes}{ (mitigated for mailing list)}{}}') ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-adsp=discard ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_adsp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=invalid warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{}{no}{yes}} dkim_status = invalid set acl_m0 = warn :\ The DKIM signature could not be verified due to a processing error, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and the DKIM signature could not be verified due to a processing error\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-adsp=tmperror ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_adsp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_adsp_record}{}{no}{yes}} !dkim_status = pass set acl_m0 = warn :\ $primary_hostname; $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy\ ${if eq{$dkim_verify_status}{}{}{.\n\tDKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}}}{. DKIM verify reason: $acl_m_dkim_verify_reason}}:\ $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and verification of the DKIM signature not passed\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}}}{. DKIM verify reason: $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-adsp=undefined (\ ${if eq{$dkim_verify_status}{}{}{DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}}}{. DKIM verify reason: $acl_m_dkim_verify_reason}}\ ) header=$dkim_cur_signer policy=$acl_m_adsp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn set acl_m1 = condition = ${if eq{$acl_m0}{}{no}{yes}} acl = acl_normalize_action "${extract{1}{:}{$acl_m0}}" set acl_m1 = ${sg{$acl_m_normalize_action_result }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${expand:${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}}} set acl_m0 = ${expand:${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}}} set acl_m_check_dkim_msg = ${if eq{$acl_m0}{}{${if eq{$acl_m2}{}{}{: $acl_m2}}}{: $acl_m0}} set acl_m0 = ${if eq{$acl_m0}{}{sender address blacklisted${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} set acl_m2 = ${if eq{$acl_m2}{}{Access denied}{$acl_m2}} # warn warn condition = ${if match{$acl_m1}{warn}{yes}{no}} # add_header = X-Warn-ADSP${acl_m_check_dkim_msg} acl = acl_add_header "X-Warn-ADSP${acl_m_check_dkim_msg}" log_message = $acl_m0${if eq{${extract{pause}{$acl_m1}}}{}{}{: message delayed for ${extract{pause}{$acl_m1}}s}} # pause warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m_spam_action = ${acl_m_spam_action}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n # quarantine and !reject warn condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} # add_header = X-Quarantine-ADSP${acl_m_check_dkim_msg} acl = acl_add_header "X-Quarantine-ADSP${acl_m_check_dkim_msg}" log_message = F=<$sender_address> quarantined RCPT <${sg{$recipients}{, }{>, <}}>: message will be quarantined${acl_m_check_dkim_msg} set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope accept condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} # quarantine and reject # accept \ warn \ condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} log_message = F=<$sender_address> rejected RCPT <${sg{$recipients}{, }{>, <}}>: message will be quarantined and rejected${acl_m_check_dkim_msg} set acl_m_fakereject = \ F=<$sender_address> rejected RCPT <${sg{$recipients}{, }{>, <}}>: message will be quarantined and rejected${acl_m_check_dkim_msg}\ |X-Quarantine-ADSP${acl_m_check_dkim_msg}\ |$acl_m2 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope # !quarantine and reject deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{no}{yes}} log_message = F=<$sender_address> rejected RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 message = $acl_m2 defer condition = ${if match{$acl_m1}{defer}{yes}{no}} log_message = F=<$sender_address> deferred RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 message = $acl_m2 drop condition = ${if match{$acl_m1}{drop}{yes}{no}} log_message = F=<$sender_address> dropped RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 message = $acl_m2 discard condition = ${if match{$acl_m1}{discard}{yes}{no}} log_message = F=<$sender_address> discarded RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 ifelse(confGREYLIST, `OPTIONAL', `dnl warn condition = ${if eq{${extract{greylist}{$acl_m1}}}{}{no}{yes}} set acl_m_optional_greylist = \ scores=${eval:${extract{scores}{$acl_m_optional_greylist}}+${extract{greylist}{$acl_m1}}} \ log_message="${extract{log_message}{$acl_m_optional_greylist}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ greylist scores=${extract{greylist}{$acl_m1}}\t\ $acl_m0\n ') dnl ifelse(confGREYLIST, `OPTIONAL', `') ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `dnl', `dnl warn condition = ${if eq{${extract{reject}{$acl_m1}}}{}{no}{yes}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} set acl_m_optional_reject = \ scores=${eval:${extract{scores}{$acl_m_optional_reject}}+${extract{reject}{$acl_m1}}} \ log_message="${extract{log_message}{$acl_m_optional_reject}}\n\t$acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ reject scores=${extract{reject}{$acl_m1}}\t\t\ $acl_m0\n ')') dnl ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `')') ') dnl ifelse_strstr(confDKIM_CHECK_ADSP, `NO', `', `') ifelse_strstr(confDKIM_CHECK_SSP, `NO', `', ` # set the Author Domain warn set acl_m_ssp_record = condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} set acl_m_author_domain = ${if def:h_From:{${domain:${sg{$rh_From:}{:}{\\\\:}}}}{$sender_address_domain}} set acl_m_skip = ${if eq{$acl_m_author_domain}{}{yes}{$acl_m_skip}} set acl_m_skip = ${if eq{$acl_m_author_domain}{$dkim_cur_signer}{$acl_m_skip}{yes}} warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if match{$acl_m_author_domain}{\N^([a-zA-Z\d-]+\.)+[a-zA-Z]+$\N}{no}{yes}} log_message = Restricted characters in the Author Domain (header From domain) $acl_m_author_domain set acl_m_author_domain = set acl_m_skip = yes warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} set acl_m_author_domain = ${acl{detaint}{$acl_m_author_domain}} # check for a SSP (Sender Signing Practices) warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} set acl_m0 = condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} set acl_m_ssp_record = ${lookup dnsdb{txt=_domainkey.$acl_m_author_domain}{$value}{}} condition = ${if eq{$acl_m_ssp_record}{}{no}{yes}} set acl_m_ssp_record = ${sg{$acl_m_ssp_record}{\N^((.+\n)*)v=spf[12].+\n?\N}{\$1}} set acl_m_ssp_record = ${sg{$acl_m_ssp_record}{;}{; }} set acl_m_ssp_record_o = ${sg{${extract{o}{$acl_m_ssp_record}}}{\N[; ]\N}{}} set acl_m_ssp_record_t = ${lc:${sg{${extract{t}{$acl_m_ssp_record}}}{\N[; ]\N}{}}} condition = ${if eq{$acl_m_ssp_record}{}{no}{yes}} set acl_m_ssp_record_o = ${acl{detaint}{$acl_m_ssp_record_o}} warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m_ssp_record_o}{}{no}{yes}} condition = ${if match{$acl_m_ssp_record_o}{\N^[^~\-!\.^]$\N}{yes}{no}} set acl_m_tmp = $acl_m_ssp_record log_message = Restricted characters in the sender address SSP policy "$acl_m_tmp" set acl_m_ssp_record = set acl_m_ssp_record_o = set acl_m_ssp_record_t = ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl # No DKIM Sender Signing Practices (SSP) record was published warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m_ssp_record_o}{}{yes}{no}} set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-ssp=none header=$dkim_cur_signer plicy=none ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl # This message has an Sender Signing Practices signature that was validated warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m_ssp_record_o}{}{no}{yes}} dkim_status = pass set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-ssp=pass header=$dkim_cur_signer policy=$acl_m_ssp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl warn set acl_m_dkim_verify_reason = ${if eq{$acl_m_dkim_verify_reason}{pubkey unavailable}{DKIM public key unavailable}{$acl_m_dkim_verify_reason}} ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=none, SSP policy=~ warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_ssp_record_o}{~}{yes}{no}} dkim_status = none set acl_m0 = warn :\ DKIM signature not found, but $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy:\ $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy and DKIM signature not found\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-ssp=unknown ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_ssp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=none, SSP policy=- warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_ssp_record_o}{-}{yes}{no}} dkim_status = none set acl_m0 = ${if eq{$acl_m_ssp_record_t}{y}{}{deny}} warn :\ DKIM signature not found, but $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy:\ $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy and DKIM signature not found\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-ssp=fail ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_ssp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=fail, SSP policy=~ warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_ssp_record_o}{~}{yes}{no}} dkim_status = fail set acl_m0 = warn :\ Verification of the DKIM signature failed, but $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy:\ $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy and verification of the DKIM signature failed\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-ssp=unknown ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_ssp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=fail, SSP policy=- warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_ssp_record_o}{-}{yes}{no}} dkim_status = fail set acl_m0 = ${if eq{$acl_m_ssp_record_t}{y}{}{ifelse_strstr(confDKIM_CHECK_MITIGATE_MAILLIST, `NO', `deny', `${if eq{$acl_m_maillist}{yes}{}{deny}}')}} warn :\ Verification of the DKIM signature failed, but $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy:\ $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy and verification of the DKIM signature failed\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}}\ ifelse_strstr(confDKIM_CHECK_MITIGATE_MAILLIST, `NO', `', `${if eq{$acl_m_maillist}{yes}{ (mitigated for mailing list)}{}}') ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-ssp=fail ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_ssp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') # dkim_status=invalid warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_ssp_record_o}{}{no}{yes}} dkim_status = invalid set acl_m0 = warn :\ The DKIM signature could not be verified due to a processing error, but $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy:\ $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy and the DKIM signature could not be verified due to a processing error\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{}{. DKIM verify reason\\x3A $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-ssp=tmperror ($acl_m_dkim_verify_reason) header=$dkim_cur_signer policy=$acl_m_ssp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn condition = ${if eq{$acl_m_skip}{yes}{no}{yes}} condition = ${if eq{$acl_m0}{}{yes}{no}} condition = ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}} condition = ${if eq{$acl_m_ssp_record_o}{}{no}{yes}} !dkim_status = pass set acl_m0 = warn :\ $primary_hostname; $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy\ ${if eq{$dkim_verify_status}{}{}{.\n\tDKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}}}{. DKIM verify reason: $acl_m_dkim_verify_reason}}:\ $acl_m_author_domain has a "$acl_m_ssp_record" SSP policy and verification of the DKIM signature not passed\ ${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}}}{. DKIM verify reason: $acl_m_dkim_verify_reason}} ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `dnl set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim-ssp=undefined (\ ${if eq{$dkim_verify_status}{}{}{DKIM verify status is $dkim_verify_status}}\ ${if eq{$acl_m_dkim_verify_reason}{}{${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}}}{. DKIM verify reason: $acl_m_dkim_verify_reason}}\ ) header=$dkim_cur_signer policy=$acl_m_ssp_record ') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `CUSTOM', `') warn set acl_m1 = condition = ${if eq{$acl_m0}{}{no}{yes}} acl = acl_normalize_action "${extract{1}{:}{$acl_m0}}" set acl_m1 = ${sg{$acl_m_normalize_action_result }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = ${expand:${sg{${extract{2}{:}{$acl_m0}}}{\N^\s+\N}{}}} set acl_m0 = ${expand:${sg{${extract{3}{:}{$acl_m0}}}{\N^\s+\N}{}}} set acl_m_check_dkim_msg = ${if eq{$acl_m0}{}{${if eq{$acl_m2}{}{}{: $acl_m2}}}{: $acl_m0}} set acl_m0 = ${if eq{$acl_m0}{}{sender address blacklisted${if eq{$acl_m2}{}{}{: $acl_m2}}}{$acl_m0}} set acl_m2 = ${if eq{$acl_m2}{}{Access denied}{$acl_m2}} # warn warn condition = ${if match{$acl_m1}{warn}{yes}{no}} # add_header = X-Warn-SSP${acl_m_check_dkim_msg} acl = acl_add_header "X-Warn-SSP${acl_m_check_dkim_msg}" log_message = $acl_m0${if eq{${extract{pause}{$acl_m1}}}{}{}{: message delayed for ${extract{pause}{$acl_m1}}s}} # pause warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m_spam_action = ${acl_m_spam_action}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n # quarantine and !reject warn condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} # add_header = X-Quarantine-SSP${acl_m_check_dkim_msg} acl = acl_add_header "X-Quarantine-SSP${acl_m_check_dkim_msg}" log_message = F=<$sender_address> quarantined RCPT <${sg{$recipients}{, }{>, <}}>: message will be quarantined${acl_m_check_dkim_msg} set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope accept condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} # quarantine and reject # accept \ warn \ condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} log_message = F=<$sender_address> rejected RCPT <${sg{$recipients}{, }{>, <}}>: message will be quarantined and rejected${acl_m_check_dkim_msg} set acl_m_fakereject = \ F=<$sender_address> rejected RCPT <${sg{$recipients}{, }{>, <}}>: message will be quarantined and rejected${acl_m_check_dkim_msg}\ |X-Quarantine-SSP${acl_m_check_dkim_msg}\ |$acl_m2 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope # !quarantine and reject deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{no}{yes}} log_message = F=<$sender_address> rejected RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 message = $acl_m2 defer condition = ${if match{$acl_m1}{defer}{yes}{no}} log_message = F=<$sender_address> deferred RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 message = $acl_m2 drop condition = ${if match{$acl_m1}{drop}{yes}{no}} log_message = F=<$sender_address> dropped RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 message = $acl_m2 discard condition = ${if match{$acl_m1}{discard}{yes}{no}} log_message = F=<$sender_address> discarded RCPT <${sg{$recipients}{, }{>, <}}>: $acl_m0 ifelse(confGREYLIST, `OPTIONAL', `dnl warn condition = ${if eq{${extract{greylist}{$acl_m1}}}{}{no}{yes}} set acl_m_optional_greylist = \ scores=${eval:${extract{scores}{$acl_m_optional_greylist}}+${extract{greylist}{$acl_m1}}} \ log_message="${extract{log_message}{$acl_m_optional_greylist}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ greylist scores=${extract{greylist}{$acl_m1}}\t\ $acl_m0\n ') dnl ifelse(confGREYLIST, `OPTIONAL', `') ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `dnl', `dnl warn condition = ${if eq{${extract{reject}{$acl_m1}}}{}{no}{yes}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} set acl_m_optional_reject = \ scores=${eval:${extract{scores}{$acl_m_optional_reject}}+${extract{reject}{$acl_m1}}} \ log_message="${extract{log_message}{$acl_m_optional_reject}}\n\t$acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ reject scores=${extract{reject}{$acl_m1}}\t\t\ $acl_m0\n ')') dnl ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `')') ') dnl ifelse_strstr(confDKIM_CHECK_SSP, `NO', `', `') ')dnl ifelse(SECTION, `ACL_CHECK_DKIM', `')