dnl
dnl использовать механизм определения номера AS по IP адресу
dnl NO		- не использовать механизм определения номера AS по IP адресу
dnl YES		- использовать механизм определения номера AS по IP адресу
dnl define(`confIP2ASN', `NO')dnl
dnl
dnl при использовании фильтрации писем по номеру AS хоста отправителя
dnl (переменная confCHECK_ACCESS_RELAY_ASN), комбинации номера AS хоста
dnl отправителя и адресов отправителя и получателя (переменная
dnl confCHECK_ACCESS_COMPAT_RELAY_ASN), комбинации SMTP логина и номера AS
dnl хоста отправителя (переменная confSMTP_AUTH_RELAY_ASN) значение
dnl confIP2ASN автоматически устанавливается равным YES
dnl
dnl механизм определения номера AS по IP адресу
dnl DLFUNC_GEOIP2	- определение страны по IP адресу с помощью dlfunc maxminddb
dnl 			для использования dlfunc необходимо:
dnl 			собрать exim с EXPAND_DLFUNC
dnl 			собрать и установить libmaminddb library
dnl GEOLITE2_DB		- определение номера AS по IP адресу по данным MySQL БД geolite2
dnl WHOIS_RADB		- определение номера AS по данным whois.radb.net
dnl WHOIS_RIPE		- определение номера AS по данным whois.ripe.net (только Европа)
dnl DNS_CYMRU		- определение номера AS по DNS зонам origin.asn.cymru.com и origin6.asn.cymru.com
dnl DNS_SPAMEATINGMONKEY - определение номера AS по DNS зоне origin.asn.spameatingmonkey.net (только IPv4)
dnl WHOIS_CYMRU		- определение номера AS по данным whois.cymru.com
dnl API_IPINFO		- определение номера AS по данным https://ipinfo.io/
dnl 			только для exim 4.95 и выше, т. к. нужен патч для поддержки SNI
dnl 			при получении ответа "429 Too Many Requests" нужно
dnl 			"Create an API access token by signing up to get 50k req/month"
dnl IP2LOCATION_DB	- определение номера AS по IP адресу по данным MySQL БД ip2location
dnl define(`confIP2ASN_BACKEND', `WHOIS_RADB WHOIS_RIPE DNS_CYMRU DNS_SPAMEATINGMONKEY WHOIS_CYMRU')dnl
dnl в качестве значения confIP2ASN_BACKEND можно указывать несколько механизмов
dnl
dnl игнорирование ошибок в работе dlfunc (на данный момент времени используется в dlfunc maxminddb):
dnl NO		- не игноировать ошибки
dnl YES		- игноировать ошибки
dnl define(`confIP2ASN_DEFER_OK', `YES')dnl
dnl
dnl путь к бинарному файлу maxminddb при использовании DLFUNC_GEOIP2 в confIP2ASN_BACKEND:
dnl define(`confIP2ASN_MAXMINDDB_FILE', `/usr/local/share/GeoIP/GeoLite2-ASN.mmdb')dnl
dnl
dnl запросы для определения номера AS по IP адресу хоста отправителя в случае использования GEOLITE2_DB в качестве значения confIP2COUNTRY_BACKEND:
dnl define(`confIP2ASN_GEOLITE2_DB_QUERY_IPV4', `SELECT asn FROM geolite2.geolite2_asn_ipv4 WHERE INET_ATON("$sender_host_address") <= ip_to AND INET_ATON("$sender_host_address") >= ip_from LIMIT 1;')dnl
dnl define(`confIP2ASN_GEOLITE2_DB_QUERY_IPV6', `SELECT asn FROM geolite2.geolite2_asn_ipv6 WHERE ${reduce{<: ${ipv6denorm:$sender_host_address}}{}{${if eq{$value}{}{}{($value)*65536.0+}}${eval:0x$item+0}.0}} <= ip_to AND ${reduce{<: ${ipv6denorm:$sender_host_address}}{}{${if eq{$value}{}{}{($value)*65536.0+}}${eval:0x$item+0}.0}} >= ip_from LIMIT 1;')dnl
dnl примеры запросов для проверки IPv4 адресов по БД для IPv6 адресов
dnl define(`confIP2ASN_GEOLITE2_DB_QUERY_IPV4', `SELECT asn FROM geolite2.geolite2_asn_ipv6 WHERE 65535.0*256.0*256.0*256.0*256.0+${extract{1}{.}{$sender_host_address}}.0*256.0*256.0*256.0+${extract{2}{.}{$sender_host_address}}.0*256.0*256.0+${extract{3}{.}{$sender_host_address}}.0*256.0+${extract{4}{.}{$sender_host_address}}.0 <= ip_to AND 65535.0*256.0*256.0*256.0*256.0+${extract{1}{.}{$sender_host_address}}.0*256.0*256.0*256.0+${extract{2}{.}{$sender_host_address}}.0*256.0*256.0+${extract{3}{.}{$sender_host_address}}.0*256.0+${extract{4}{.}{$sender_host_address}}.0 >= ip_from LIMIT 1;')dnl
dnl define(`confIP2ASN_GEOLITE2_DB_QUERY_IPV4', `SELECT asn FROM geolite2.geolite2_asn_ipv6 WHERE ${reduce{<. 255.255.$sender_host_address}{}{${if eq{$value}{}{}{($value)*256.0+}}${eval:$item+0}.0}} <= ip_to AND ${reduce{<. 255.255.$sender_host_address}{}{${if eq{$value}{}{}{($value)*256.0+}}${eval:$item+0}.0}} >= ip_from LIMIT 1;')dnl
dnl ВНИМАНИЕ! на момент реализации определения номера AS по IP адресу под данных MySQL БД geoip2 в БД для IPv6 AS не было данных по IPv4 AS
dnl
dnl запросы для определения номера AS по IP адресу хоста отправителя в случае использования IP2LOCATION_DB в качестве значения confIP2COUNTRY_BACKEND:
dnl define(`confIP2ASN_IP2LOCATION_DB_QUERY_IPV4', `SELECT asn FROM ip2location.ip2location_asn_ipv4 WHERE INET_ATON("$sender_host_address") <= ip_to LIMIT 1;')dnl
dnl define(`confIP2ASN_IP2LOCATION_DB_QUERY_IPV6', `SELECT asn FROM ip2location.ip2location_asn_ipv6 WHERE ${reduce{<: ${ipv6denorm:$sender_host_address}}{}{${if eq{$value}{}{}{($value)*65536.0+}}${eval:0x$item+0}.0}} <= ip_to LIMIT 1;')dnl
dnl примеры запросов для проверки IPv4 адресов по БД для IPv6 адресов
dnl define(`confIP2ASN_IP2LOCATION_DB_QUERY_IPV4', `SELECT asn FROM ip2location.ip2location_asn_ipv6 WHERE 65535.0*256.0*256.0*256.0*256.0+${extract{1}{.}{$sender_host_address}}.0*256.0*256.0*256.0+${extract{2}{.}{$sender_host_address}}.0*256.0*256.0+${extract{3}{.}{$sender_host_address}}.0*256.0+${extract{4}{.}{$sender_host_address}}.0 <= ip_to LIMIT 1;')dnl
dnl define(`confIP2ASN_IP2LOCATION_DB_QUERY_IPV4', `SELECT asn FROM ip2location.ip2location_asn_ipv6 WHERE ${reduce{<. 255.255.$sender_host_address}{}{${if eq{$value}{}{}{($value)*256.0+}}${eval:$item+0}.0}} <= ip_to LIMIT 1;')dnl
dnl ВНИМАНИЕ! на момент реализации определения номера AS по IP адресу по данным MySQL БД ip2location в БД для IPv6 AS не было данных по IPv4 AS
dnl
dnl кеширование данных о номерах AS:
dnl NO		- не кешировать результаты
dnl REDIS	- кешировать результаты в redis
dnl MEMCACHED	- кешировать результаты в memcached
dnl SQLITE	- кешировать результаты в sqlite (ещё не реализовано)
dnl MYSQL	- кешировать результаты в mysql (ещё не реализовано)
dnl define(`confIP2ASN_CACHE', `NO')dnl
dnl
dnl время жизни в кеше данных о номерах AS
dnl define(`confIP2ASN_CACHE_TTL', `eval(2*30*24*60*60)')dnl
dnl
dnl время жизни в кеше отрицательных результатов получения номеров AS
dnl define(`confIP2ASN_CACHE_TTL_UNKNOWN', `eval(60*60)')dnl
dnl
dnl при MEMCACHED или REDIS в confIP2ASN_CACHE
dnl
dnl префикс записей:
dnl define(`confIP2ASN_CACHE_RECORD_PREFIX', `ip2asn:')dnl
dnl
dnl при SQLITE в confIP2ASN_CACHE
dnl
dnl define(`confIP2ASN_CACHE_SQLITE_FILE', `confSPOOLDIR/db/cache.db')dnl
dnl
dnl dnl define(`confIP2ASN_CACHE_SQLITE_GET', `SELECT asn FROM ip2asn WHERE ip="$acl_arg1" AND expires > UNIXEPOCH();')dnl
dnl dnl define(`confIP2ASN_CACHE_SQLITE_SET', `REPLACE INTO ip2asn (ip, asn, expires) VALUES ("$acl_arg1", "$acl_m_ip2asn_result", UNIXEPOCH() + ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{confIP2ASN_CACHE_TTL_UNKNOWN}{confIP2ASN_CACHE_TTL}});')dnl
dnl dnl define(`confIP2ASN_CACHE_SQLITE_DELETE', `DELETE FROM ip2asn WHERE expires < UNIXEPOCH();')dnl
dnl changequote(<<, >>)
dnl define(<<confIP2ASN_CACHE_SQLITE_GET>>, <<SELECT asn FROM ip2asn WHERE ip="$acl_arg1" AND expires > UNIXEPOCH();>>)dnl
dnl define(<<confIP2ASN_CACHE_SQLITE_SET>>, <<REPLACE INTO ip2asn (ip, asn, expires) VALUES ('$acl_arg1', '$acl_m_ip2asn_result', datetime(UNIXEPOCH() + ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{confIP2ASN_CACHE_TTL_UNKNOWN}{confIP2ASN_CACHE_TTL}}, 'unixepoch', 'localtime'));>>)dnl
dnl define(<<confIP2ASN_CACHE_SQLITE_DELETE>>, <<DELETE FROM ip2asn WHERE expires < UNIXEPOCH();>>)dnl
dnl changequote
dnl
dnl при MYSQL в confIP2ASN_CACHE
dnl
dnl define(`confIP2ASN_CACHE_MYSQL_GET', `SELECT asn FROM ip2asn WHERE ip="$acl_arg1" AND expires > NOW();')dnl
dnl define(`confIP2ASN_CACHE_MYSQL_SET', `REPLACE INTO ip2asn (ip, asn, expires) VALUES ("$acl_arg1", "$acl_m_ip2asn_result", DATE_ADD(NOW(), interval ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{confIP2ASN_CACHE_TTL_UNKNOWN}{confIP2ASN_CACHE_TTL}} second));')dnl
dnl define(`confIP2ASN_CACHE_MYSQL_DELETE', `DELETE FROM ip2asn WHERE expires < NOW();')dnl
dnl


ifelse(SECTION, `ACL_CHECK_CONNECT', `dnl

ifelse(confCHECK_ACCESS_RELAY_ASN, `NO', `', `define(`confIP2ASN', `YES')')dnl
ifelse(confCHECK_ACCESS_COMPAT_RELAY_ASN, `NO', `', `define(`confIP2ASN', `YES')')dnl
ifelse(confSMTP_AUTH_RELAY_ASN, `NO', `', `define(`confIP2ASN', `YES')')dnl

ifelse(confIP2ASN, `YES', `dnl
	warn	condition	= ${if eq{$acl_c_sender_host_address_asn}{}{yes}{no}}
#		set acl_c_sender_host_address_asn = ${acl{acl_ip2asn}{$sender_host_address}}
		set acl_c_sender_host_address_asn = ${acl{detaint}{${acl{acl_ip2asn}{$sender_host_address}}}}
	warn	condition	= ${if match{$acl_c_sender_host_address_asn}{\N.*(\\|\/|\$|\{|\})\N}{yes}{no}}
		log_message	= Restricted characters in the sender host ASN $acl_c_sender_host_address_asn, ASN ignored
		set acl_c_sender_host_address_asn =
') dnl ifelse(confIP2ASN, `YES', `')

') dnl ifelse(SECTION, `ACL_CHECK_CONNECT', `')


ifelse(SECTION, `ACLS_ADDITIONAL', `dnl

acl_ip2asn:
# acl_arg1 - IP адрес

	warn	set acl_m_ip2asn_result = UNKNOWN

	accept	condition	= ${if match_ip{$acl_arg1}{<; 127.0.0.1/8`'ifelse_strstr(confIPv6, `YES', ` ; ::1') ; +private_networks}{yes}{no}}
		message		= $acl_m_ip2asn_result


ifelse(confIP2ASN_CACHE, `NO', `', `dnl
ifelse(confIP2ASN_CACHE, `MEMCACHED', `dnl
define(`confMEMCACHED_ENABLED', `YES')dnl
	warn	set acl_m_ip2asn_result = ${acl{acl_memcached_get}{confIP2ASN_CACHE_RECORD_PREFIX`'$acl_arg1}}
')dnl
ifelse(confIP2ASN_CACHE, `REDIS', `dnl
	warn	set acl_m_ip2asn_result = ${acl{acl_redis_get}{confIP2ASN_CACHE_RECORD_PREFIX`'$acl_arg1}}
')dnl
ifelse(confIP2ASN_CACHE, `SQLITE', `dnl
	warn	set acl_m_ip2asn_result = ${lookup sqlite,file=confIP2ASN_CACHE_SQLITE_FILE{confIP2ASN_CACHE_SQLITE_GET}}
')dnl
ifelse(confIP2ASN_CACHE, `MYSQL', `dnl
	warn	set acl_m_ip2asn_result = ${lookup mysql{confIP2ASN_CACHE_MYSQL_GET}}
')dnl
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{}{yes}{no}}
		set acl_m_ip2asn_result = UNKNOWN
	accept	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{no}{yes}}
		message		= $acl_m_ip2asn_result
')dnl ifelse(confIP2ASN_CACHE, `NO', `', `')


ifelse_strstr(confIP2ASN_BACKEND` ', `DLFUNC_GEOIP2 ', `dnl
ifdef(`confIP2ASN_MAXMINDDB_FILE', `ifelse(len(X`'confIP2ASN_MAXMINDDB_FILE), `1', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		set acl_m_maxminddb_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{maxminddb}{confIP2ASN_MAXMINDDB_FILE}{$acl_arg1}{asn}{confIP2ASN_DEFER_OK}}
		set acl_m_ip2asn_result = ${extract{asn}{$acl_m_maxminddb_result}}
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2asn_result}{}}\
				{eq{$acl_m_ip2asn_result}{--}}\
				}{yes}{no}}
		set acl_m_ip2asn_result = UNKNOWN
')') dnl ifdef(`confIP2ASN_MAXMINDDB_FILE', `ifelse(len(X`'confIP2ASN_MAXMINDDB_FILE), `1', `', `')')
') dnl ifelse_strstr(confIP2ASN_BACKEND` ', `DLFUNC_GEOIP2 ', `', `')


ifelse_strstr(confIP2ASN_BACKEND` ', `GEOLITE2_DB ', `dnl
ifdef(`confMYSQL', `ifelse(len(X`'confMYSQL), `1', `', `dnl
ifdef(`confIP2ASN_GEOLITE2_DB_QUERY_IPV4', `ifelse(len(X`'confIP2ASN_GEOLITE2_DB_QUERY_IPV4), `1', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2asn_result = ${lookup mysql{replace_str(confIP2ASN_GEOLITE2_DB_QUERY_IPV4, `$sender_host_address', `$acl_arg1')}{$value}{UNKNOWN}}
')') dnl ifdef(`confIP2ASN_GEOLITE2_DB_QUERY_IPV4', `ifelse(len(X`'confIP2ASN_GEOLITE2_DB_QUERY_IPV4), `1', `', `')')
ifelse(confIPv6, `YES', `dnl
ifdef(`confIP2ASN_GEOLITE2_DB_QUERY_IPV6', `ifelse(len(X`'confIP2ASN_GEOLITE2_DB_QUERY_IPV6), `1', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip6{$acl_arg1}{yes}{no}}
		set acl_m_ip2asn_result = ${lookup mysql{replace_str(confIP2ASN_GEOLITE2_DB_QUERY_IPV6, `$sender_host_address', `$acl_arg1')}{$value}{UNKNOWN}}
')') dnl ifdef(`confIP2ASN_GEOLITE2_DB_QUERY_IPV6', `ifelse(len(X`'confIP2ASN_GEOLITE2_DB_QUERY_IPV6), `1', `', `')')
') dnl
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2asn_result}{}}\
				{eq{$acl_m_ip2asn_result}{-}}\
				}{yes}{no}}
		set acl_m_ip2asn_result = UNKNOWN
')') dnl ifdef(`confMYSQL', `ifelse(len(X`'confMYSQL), `1', `', `')')
') dnl ifelse_strstr(confIP2ASN_BACKEND` ', `GEOLITE2_DB ', `', `')


ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_RADB', `
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		set acl_m_ip2asn_result = ${if match{${readsocket{inet:whois.radb.net:43}{$acl_arg1\n}{20s}{\n}{socket failure}}}{\N^(?:.*\n)*?origin:\s*(\S+)\N}{$1}{}}
		set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{}{UNKNOWN}{$acl_m_ip2asn_result}}
		set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{socket failure}{UNKNOWN}{$acl_m_ip2asn_result}}
') dnl ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_RADB', `')


ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_RIPE', `
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		set acl_m_ip2asn_result = ${if match{${readsocket{inet:whois.ripe.net:43}{$acl_arg1\n}{20s`'ifelse(confREADSOCKET_SHUTDOWN_NO, `DISABLE', `', `:shutdown=no')}{\n}{socket failure}}}{\N^(?:.*\n)*origin:\s*(\S+)\N}{$1}{}}
		set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{}{UNKNOWN}{$acl_m_ip2asn_result}}
		set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{socket failure}{UNKNOWN}{$acl_m_ip2asn_result}}
') dnl ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_RIPE', `')


ifelse_strstr(confIP2ASN_BACKEND, `DNS_CYMRU', `
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2asn_result = ${sg{${sg{${extract{1}{|}{${lookup dnsdb{>\n; defer_never,txt=${reverse_ip:$acl_arg1}.origin.asn.cymru.com}}}}}{\N^\s*\N}{AS}}}{\N\s+$\N}{}}
		set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{AS}{UNKNOWN}{$acl_m_ip2asn_result}}
ifelse_strstr(confIPv6, `YES', `dnl
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip6{$acl_arg1}{yes}{no}}
		set acl_m_ip2asn_result = ${sg{${sg{${extract{1}{|}{${lookup dnsdb{>\n; defer_never,txt=${reverse_ip:$acl_arg1}.origin6.asn.cymru.com}}}}}{\N\s+$\N}{}}}{\N^\s*\N}{AS}}
		set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{AS}{UNKNOWN}{$acl_m_ip2asn_result}}
') dnl ifelse_strstr(confIPv6, `YES', `')
') dnl ifelse_strstr(confIP2ASN_BACKEND, `DNS_CYMRU', `')


ifelse_strstr(confIP2ASN_BACKEND, `DNS_SPAMEATINGMONKEY', `
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2asn_result = ${sg{${sg{${extract{2}{|}{${lookup dnsdb{>\n; defer_never,txt=${reverse_ip:$acl_arg1}.origin.asn.spameatingmonkey.net}}}}}{\N^\s+\N}{}}}{\N\s+$\N}{}}
		set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{}{UNKNOWN}{$acl_m_ip2asn_result}}
') dnl ifelse_strstr(confIP2ASN_BACKEND, `DNS_SPAMEATINGMONKEY', `')


ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_CYMRU', `
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		set acl_m_ip2asn_result = ${if match{${readsocket{inet:whois.cymru.com:43}{$acl_arg1\n}{20s`'ifelse(confREADSOCKET_SHUTDOWN_NO, `DISABLE', `', `:shutdown=no')}{\n}{socket failure}}}{\N^(?:AS\s.*\n)(\d+)\s\N}{AS$1}{}}
		set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{}{UNKNOWN}{$acl_m_ip2asn_result}}
		set acl_m_ip2asn_result = ${if eq{$acl_m_ip2asn_result}{socket failure}{UNKNOWN}{$acl_m_ip2asn_result}}
') dnl ifelse_strstr(confIP2ASN_BACKEND, `WHOIS_CYMRU', `')


ifelse_strstr(confIP2ASN_BACKEND, `API_IPINFO', `

	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		set acl_m0	= ${readsocket{inet:ipinfo.io:443}{GET /$acl_arg1 HTTP/1.1\r\nHost: ipinfo.io\r\nConnection: close\r\n\r\n}{20s:tls=yes:sni=ipinfo.io}{\n}{socket failure}}

	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{}{yes}{no}}
		log_message	= Response to HTTP request https://ipinfo.io/$acl_arg1 is empty
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{socket failure}{yes}{no}}
		set acl_m0	=
		log_message	= Unable to get response to HTTP request https://ipinfo.io/$acl_arg1: socket failure
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{}{no}{yes}}
		condition	= ${if match{$acl_m0}{\N^HTTP\/1\.[01] 200\b\N}{no}{yes}}
		log_message	= Unsuccessfull status of response to HTTP request https://ipinfo.io/$acl_arg1: ${sg{$acl_m0}{\N(\r?\n.*)*$\N}{}}
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{}{no}{yes}}
		condition	= ${if match{$acl_m0}{\N^HTTP\/1\.1 200\b\N}{no}{yes}}
		set acl_m0	=

	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{}{no}{yes}}
#		set acl_m0	= ${sg{$acl_m0}{\N^((.+)\r?\n)+?\r?\n\N}{}}
		set acl_m0	= ${acl{acl_http_response_get_body}{$acl_m0}}
		condition	= ${if eq{$acl_m0}{}{yes}{no}}
		log_message	= Response to HTTP request https://ipinfo.io/$acl_arg1 has empty body

	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{}{no}{yes}}
# ВНИМАНИЕ!!!
# ${extract jsons{ не работает, если в значениях предыдущих атрибутов JSON присутствовала запятая
#		set acl_m0	= ${extract jsons{org}{$acl_m0}}
#		set acl_m_ip2asn_result = ${if match{$acl_m0}{\N^(AS\d+)\N}{$1}{$acl_m_ip2asn_result}}
# workaround
ifdef(`confPERL', `ifelse(len(X`'confPERL), `1', `', `dnl
		set acl_m0	= ${perl{extract_jsons}{org}{$acl_m0}}
		set acl_m_ip2asn_result = ${if match{$acl_m0}{\N^(AS\d+)\N}{$1}{$acl_m_ip2asn_result}}
')',`dnl
		set acl_m_ip2asn_result = ${if match{$acl_m0}{\N^(?:.*\r?\n)*.*"org": "(AS\d+)\N}{$1}{$acl_m_ip2asn_result}}
')dnl ifdef(`confPERL', `ifelse(len(X`'confPERL), `1', `', `')')
# /workaround

') dnl ifelse_strstr(confIP2ASN_BACKEND, `API_IPINFO', `')


ifelse_strstr(confIP2ASN_BACKEND` ', `IP2LOCATION_DB ', `dnl
ifdef(`confMYSQL', `ifelse(len(X`'confMYSQL), `1', `', `dnl
ifdef(`confIP2ASN_IP2LOCATION_DB_QUERY_IPV4', `ifelse(len(X`'confIP2ASN_IP2LOCATION_DB_QUERY_IPV4), `1', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2asn_result = ${lookup mysql{replace_str(confIP2ASN_IP2LOCATION_DB_QUERY_IPV4, `$sender_host_address', `$acl_arg1')}{$value}{UNKNOWN}}
')') dnl ifdef(`confIP2ASN_IP2LOCATION_DB_QUERY_IPV4', `ifelse(len(X`'confIP2ASN_IP2LOCATION_DB_QUERY_IPV4), `1', `', `')')
ifelse(confIPv6, `YES', `dnl
ifdef(`confIP2ASN_IP2LOCATION_DB_QUERY_IPV6', `ifelse(len(X`'confIP2ASN_IP2LOCATION_DB_QUERY_IPV6), `1', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2asn_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip6{$acl_arg1}{yes}{no}}
		set acl_m_ip2asn_result = ${lookup mysql{replace_str(confIP2ASN_IP2LOCATION_DB_QUERY_IPV6, `$sender_host_address', `$acl_arg1')}{$value}{UNKNOWN}}
')') dnl ifdef(`confIP2ASN_IP2LOCATION_DB_QUERY_IPV6', `ifelse(len(X`'confIP2ASN_IP2LOCATION_DB_QUERY_IPV6), `1', `', `')')
') dnl
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2asn_result}{}}\
				{eq{$acl_m_ip2asn_result}{-}}\
				}{yes}{no}}
		set acl_m_ip2asn_result = UNKNOWN
')') dnl ifdef(`confMYSQL', `ifelse(len(X`'confMYSQL), `1', `', `')')
') dnl ifelse_strstr(confIP2ASN_BACKEND` ', `IP2LOCATION_DB ', `', `')


ifelse(confIP2ASN_CACHE, `NO', `', `dnl
ifelse(confIP2ASN_CACHE, `MEMCACHED', `dnl
define(`confMEMCACHED_ENABLED', `YES')dnl
	warn	set acl_m0	= ${acl{acl_memcached_set}{confIP2ASN_CACHE_RECORD_PREFIX`'$acl_arg1}{$acl_m_ip2asn_result}{${if eq{$acl_m_ip2asn_result}{UNKNOWN}{confIP2ASN_CACHE_TTL_UNKNOWN}{confIP2ASN_CACHE_TTL}}}}
')dnl
ifelse(confIP2ASN_CACHE, `REDIS', `dnl
	warn	set acl_m0	= ${acl{acl_redis_set}{confIP2ASN_CACHE_RECORD_PREFIX`'$acl_arg1}{$acl_m_ip2asn_result}{${if eq{$acl_m_ip2asn_result}{UNKNOWN}{confIP2ASN_CACHE_TTL_UNKNOWN}{confIP2ASN_CACHE_TTL}}}}
')dnl
ifelse(confIP2ASN_CACHE, `SQLITE', `dnl
	warn	set acl_m0	= ${lookup sqlite,file=confIP2ASN_CACHE_SQLITE_FILE{confIP2ASN_CACHE_SQLITE_SET}}
')dnl
ifelse(confIP2ASN_CACHE, `MYSQL', `dnl
	warn	set acl_m0	= ${lookup mysql{confIP2ASN_CACHE_MYSQL_SET}}
')dnl
')dnl ifelse(confIP2ASN_CACHE, `NO', `', `')


	accept	message		= $acl_m_ip2asn_result
') dnl ifelse(SECTION, `ACLS_ADDITIONAL', `')