dnl
dnl использовать механизм определения страны по IP адресу
dnl NO		- не использовать механизм определения страны по IP адресу
dnl YES		- использовать механизм определения страны по IP адресу
dnl define(`confIP2COUNTRY', `NO')dnl
dnl
dnl при использовании фильтрации писем по стране (континенту) хоста
dnl отправителя (переменные confCHECK_ACCESS_RELAY_COUNTRY и
dnl confCHECK_ACCESS_RELAY_CONTINENT), комбинации страны (континента)
dnl хоста отправителя и адресов отправителя и получателя (переменные
dnl confCHECK_ACCESS_COMPAT_RELAY_COUNTRY и
dnl confCHECK_ACCESS_COMPAT_RELAY_CONTINENT), комбинации SMTP логина и
dnl страны (контитента) хоста отправителя (переменные
dnl confSMTP_AUTH_RELAY_COUNTRY и confSMTP_AUTH_RELAY_CONTINENT), а также
dnl при указании в заголовках письма информации о странах, через которые
dnl прошло письмо (перемення confRELAY_COUNTRIES), значение confIP2COUNTRY
dnl автоматически устанавливается равным YES
dnl
dnl механизм определения страны по IP адресу
dnl DLFUNC		- определение страны по IP адресу с помощью dlfunc ip2country
dnl 			при включенной поддержке IPv6 используется dlfunc ip2country_v6 (бывшая geoipv6)
dnl 			для использования dlfunc необходимо:
dnl 			собрать exim с EXPAND_DLFUNC
dnl 			собрать и установить GeoIP library
dnl DLFUNC_GEOIP		- синоним DLFUNC
dnl DLFUNC_GEOIPV6	- определение страны по IP адресу с помощью dlfunc ip2country_v6 (бывшая geoipv6)
dnl 			даже при выключенной поддержке IPv6
dnl 			при этом необходимо:
dnl 			собрать exim с EXPAND_DLFUNC
dnl 			собрать и установить GeoIP library
dnl DLFUNC_GEOIP2	- определение страны по IP адресу с помощью dlfunc maxminddb
dnl 			для использования dlfunc необходимо:
dnl 			собрать exim с EXPAND_DLFUNC
dnl 			собрать и установить libmaminddb library
dnl DLFUNC_IP2LOCATION	- определение страны по IP адресу с помощью dlfunc ip2location
dnl 			для использования dlfunc необходимо:
dnl 			собрать exim с EXPAND_DLFUNC
dnl 			собрать и установить ip2location library
dnl GEOLITE2_DB		- определение страны по IP адресу по данным MySQL БД geolite2
dnl IP2LOCATION_DB	- определение страны по IP адресу по данным MySQL БД ip2location
dnl API_IPINFO		- определение страны по IP адресу по данным https://ipinfo.io/
dnl 			только для exim 4.95 и выше, т. к. нужен патч для поддержки SNI
dnl 			только для IPv4, для IPv6 данные потенциально неточные
dnl 			при получении ответа "429 Too Many Requests" нужно
dnl 			"Create an API access token by signing up to get 50k req/month"
dnl define(`confIP2COUNTRY_BACKEND', `API_IPINFO')dnl
dnl в качестве значения confIP2COUNTRY_BACKEND можно указывать несколько механизмов
dnl
dnl игнорирование ошибок в работе dlfunc (на данный момент времени используетс в dlfunc maxminddb и ip2location):
dnl NO		- не игноировать ошибки
dnl YES		- игноировать ошибки
dnl define(`confIP2COUNTRY_DEFER_OK', `YES')dnl
dnl
dnl путь к бинарному файлу maxminddb при использовании DLFUNC_GEOIP2 в confIP2COUNTRY_BACKEND:
dnl define(`confIP2COUNTRY_MAXMINDDB_FILE', `/usr/local/share/GeoIP/GeoLite2-Country.mmdb')dnl
dnl
dnl путь к бинарному файлу ip2location для IPv4 адресов при использовании DLFUNC_IP2LOCATION в confIP2COUNTRY_BACKEND:
dnl define(`confIP2COUNTRY_IP2LOCATION_BIN_IPV4', `/usr/local/share/ip2loc/IP-COUNTRY.BIN')dnl
dnl путь к бинарному файлу ip2location для IPv6 адресов при использовании DLFUNC_IP2LOCATION в confIP2COUNTRY_BACKEND:
dnl define(`confIP2COUNTRY_IP2LOCATION_BIN_IPV6', `/usr/local/share/ip2loc/IPV6-COUNTRY.BIN')dnl
dnl
dnl запросы для определения страны по IP адресу хоста отправителя в случае использования GEOLITE2_DB в качестве значения confIP2COUNTRY_BACKEND:
dnl define(`confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV4', `SELECT geolite2_country_locations.country_iso_code AS country, geolite2_country_locations.continent_code AS continent FROM geolite2.geolite2_country_ipv4, geolite2.geolite2_country_locations WHERE geolite2_country_ipv4.geoname_id = geolite2_country_locations.geoname_id AND INET_ATON("$sender_host_address") <= geolite2_country_ipv4.ip_to AND INET_ATON("$sender_host_address") >= geolite2_country_ipv4.ip_from LIMIT 1;')dnl
dnl define(`confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV6', `SELECT geolite2_country_locations.country_iso_code AS country, geolite2_country_locations.continent_code AS continent FROM geolite2.geolite2_country_ipv6, geolite2.geolite2_country_locations WHERE geolite2_country_ipv6.geoname_id = geolite2_country_locations.geoname_id AND ${reduce{<: ${ipv6denorm:$sender_host_address}}{}{${if eq{$value}{}{}{($value)*65536.0+}}${eval:0x$item+0}.0}} <= geolite2_country_ipv6.ip_to AND ${reduce{<: ${ipv6denorm:$sender_host_address}}{}{${if eq{$value}{}{}{($value)*65536.0+}}${eval:0x$item+0}.0}} >= geolite2_country_ipv6.ip_from LIMIT 1;')dnl
dnl примеры запросов для проверки IPv4 адресов по БД для IPv6 адресов
dnl define(`confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV4', `SELECT geolite2_country_locations.country_iso_code AS country, geolite2_country_locations.continent_code AS continent FROM geolite2.geolite2_country_ipv6, geolite2.geolite2_country_locations WHERE geolite2_country_ipv6.geoname_id = geolite2_country_locations.geoname_id AND 65535.0*256.0*256.0*256.0*256.0+${extract{1}{.}{$sender_host_address}}.0*256.0*256.0*256.0+${extract{2}{.}{$sender_host_address}}.0*256.0*256.0+${extract{3}{.}{$sender_host_address}}.0*256.0+${extract{4}{.}{$sender_host_address}}.0 <= geolite2_country_ipv6.ip_to AND 65535.0*256.0*256.0*256.0*256.0+${extract{1}{.}{$sender_host_address}}.0*256.0*256.0*256.0+${extract{2}{.}{$sender_host_address}}.0*256.0*256.0+${extract{3}{.}{$sender_host_address}}.0*256.0+${extract{4}{.}{$sender_host_address}}.0 >= geolite2_country_ipv6.ip_from LIMIT 1;')dnl
dnl define(`confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV4', `SELECT geolite2_country_locations.country_iso_code AS country, geolite2_country_locations.continent_code AS continent FROM geolite2.geolite2_country_ipv6, geolite2.geolite2_country_locations WHERE geolite2_country_ipv6.geoname_id = geolite2_country_locations.geoname_id AND ${reduce{<. 255.255.$sender_host_address}{}{${if eq{$value}{}{}{($value)*256.0+}}${eval:$item+0}.0}} <= geolite2_country_ipv6.ip_to AND ${reduce{<. 255.255.$sender_host_address}{}{${if eq{$value}{}{}{($value)*256.0+}}${eval:$item+0}.0}} >= geolite2_country_ipv6.ip_from LIMIT 1;')dnl
dnl ВНИМАНИЕ! на момент реализации определения сраны по IP адресу под данных MySQL БД geoip2 в БД для IPv6 AS не было данных по IPv4 AS
dnl
dnl запросы для определения страны по IP адресу хоста отправителя в случае использования IP2LOCATION_DB в качестве значения confIP2COUNTRY_BACKEND:
dnl define(`confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV4', `SELECT country_code FROM ip2location.ip2location_db1_ipv4 WHERE INET_ATON("$sender_host_address") <= ip_to LIMIT 1;')dnl
dnl define(`confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV6', `SELECT country_code FROM ip2location.ip2location_db1_ipv6 WHERE ${reduce{<: ${ipv6denorm:$sender_host_address}}{}{${if eq{$value}{}{}{($value)*65536.0+}}${eval:0x$item+0}.0}} <= ip_to LIMIT 1;')dnl
dnl примеры запросов для проверки IPv4 адресов по БД для IPv6 адресов
dnl define(`confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV4', `SELECT country_code FROM ip2location.ip2location_db1_ipv6 WHERE 65535.0*256.0*256.0*256.0*256.0+${extract{1}{.}{$sender_host_address}}.0*256.0*256.0*256.0+${extract{2}{.}{$sender_host_address}}.0*256.0*256.0+${extract{3}{.}{$sender_host_address}}.0*256.0+${extract{4}{.}{$sender_host_address}}.0 <= ip_to LIMIT 1;')dnl
dnl define(`confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV4', `SELECT country_code FROM ip2location.ip2location_db1_ipv6 WHERE ${reduce{<. 255.255.$sender_host_address}{}{${if eq{$value}{}{}{($value)*256.0+}}${eval:$item+0}.0}} <= ip_to LIMIT 1;')dnl
dnl
dnl кеширование данных о странах:
dnl NO		- не кешировать результаты
dnl REDIS	- кешировать результаты в redis
dnl MEMCACHED	- кешировать результаты в memcached
dnl SQLITE	- кешировать результаты в sqlite (ещё не реализовано)
dnl MYSQL	- кешировать результаты в mysql (ещё не реализовано)
dnl define(`confIP2COUNTRY_CACHE', `NO')dnl
dnl
dnl время жизни в кеше данных о странах
dnl define(`confIP2COUNTRY_CACHE_TTL', `eval(2*30*24*60*60)')dnl
dnl
dnl время жизни в кеше отрицательных результатов получения даных о странах и континентах
dnl define(`confIP2COUNTRY_CACHE_TTL_UNKNOWN', `eval(60*60)')dnl
dnl
dnl при MEMCACHED или REDIS в confIP2COUNTRY_CACHE
dnl
dnl префикс записей:
dnl define(`confIP2COUNTRY_CACHE_RECORD_PREFIX', `ip2country:')dnl
dnl
dnl при SQLITE в confIP2COUNTRY_CACHE
dnl
dnl define(`confIP2COUNTRY_CACHE_SQLITE_FILE', `confSPOOLDIR/db/cache.db')dnl
dnl
dnl dnl define(`confIP2COUNTRY_CACHE_SQLITE_GET', `SELECT country FROM ip2country WHERE ip="$acl_arg1" AND expires > UNIXEPOCH();')dnl
dnl dnl define(`confIP2COUNTRY_CACHE_SQLITE_SET', `REPLACE INTO ip2country (ip, country, expires) VALUES ("$acl_arg1", "$acl_m_ip2country_result", UNIXEPOCH() + ${if eq{$acl_m_ip2country_result}{UNKNOWN}{confIP2COUNTRY_CACHE_TTL_UNKNOWN}{confIP2COUNTRY_CACHE_TTL}});')dnl
dnl dnl define(`confIP2COUNTRY_CACHE_SQLITE_DELETE', `DELETE FROM ip2country WHERE expires < UNIXEPOCH();')dnl
dnl changequote(<<, >>)
dnl define(<<`confIP2COUNTRY_CACHE_SQLITE_GET>>, <<SELECT country FROM ip2country WHERE ip='$acl_arg1' AND expires > UNIXEPOCH();>>)dnl
dnl define(<<confIP2COUNTRY_CACHE_SQLITE_SET>>, <<REPLACE INTO ip2country (ip, country, expires) VALUES ('$acl_arg1', '$acl_m_ip2country_result', datetime(UNIXEPOCH() + ${if eq{$acl_m_ip2country_result}{UNKNOWN}{confIP2COUNTRY_CACHE_TTL_UNKNOWN}{confIP2COUNTRY_CACHE_TTL}}, 'unixepoch', 'localtime'));>>)dnl
dnl define(<<confIP2COUNTRY_CACHE_SQLITE_DELETE>>, <<DELETE FROM ip2country WHERE expires < UNIXEPOCH();>>)dnl
dnl changequote
dnl
dnl при MYSQL в confIP2COUNTRY_CACHE
dnl
dnl define(`confIP2COUNTRY_CACHE_MYSQL_GET', `SELECT country FROM ip2country WHERE ip="$acl_arg1" AND expires > NOW();')dnl
dnl define(`confIP2COUNTRY_CACHE_MYSQL_SET', `REPLACE INTO ip2country (ip, country, expires) VALUES ("$acl_arg1", "$acl_m_ip2country_result", DATE_ADD(NOW(), interval ${if eq{$acl_m_ip2country_result}{UNKNOWN}{confIP2COUNTRY_CACHE_TTL_UNKNOWN}{confIP2COUNTRY_CACHE_TTL}} second));')dnl
dnl define(`confIP2COUNTRY_CACHE_MYSQL_DELETE', `DELETE FROM ip2country WHERE expires < NOW();')dnl
dnl
dnl
dnl использовать механизм определения континента по IP адресу
dnl NO		- не использовать механизм определения континента по IP адресу
dnl YES		- использовать механизм определения континента по IP адресу
dnl define(`confIP2CONTINENT', `NO')dnl
dnl
dnl механизм определения континента по IP адресу
dnl DLFUNC	- определение континента по IP адресу с помощью dlfunc ip2country
dnl 		при включенной поддержке IPv6 используется dlfunc ip2country_v6 (бывшая geoipv6)
dnl 		для использования dlfunc необходимо:
dnl 		собрать exim с EXPAND_DLFUNC
dnl 		собрать и установить GeoIP library
dnl DLFUNC_GEOIP - синоним DLFUNC
dnl DLFUNC_GEOIPV6 - определение континента по IP адресу с помощью dlfunc ip2country_v6 (бывшая geoipv6)
dnl 		для использования dlfunc необходимо:
dnl 		собрать exim с EXPAND_DLFUNC
dnl 		собрать и установить GeoIP library
dnl DLFUNC_GEOIP2 - определение континента по IP адресу с помощью dlfunc maxminddb
dnl 		для использования dlfunc необходимо:
dnl 		собрать exim с EXPAND_DLFUNC
dnl 		собрать и установить libmaminddb library
dnl define(`confIP2CONTINENT_BACKEND', `DLFUNC')dnl
dnl
dnl кеширование данных о континентах:
dnl NO		- не кешировать результаты
dnl REDIS	- кешировать результаты в redis
dnl MEMCACHED	- кешировать результаты в memcached
dnl SQLITE	- кешировать результаты в sqlite (ещё не реализовано)
dnl MYSQL	- кешировать результаты в mysql (ещё не реализовано)
dnl define(`confIP2CONTINENT_CACHE', `NO')dnl
dnl
dnl время жизни в кеше данных о континентах
dnl define(`confIP2CONTINENT_CACHE_TTL', `eval(2*30*24*60*60)')dnl
dnl
dnl время жизни в кеше отрицательных результатов получения даных о континентах
dnl define(`confIP2CONTINENT_CACHE_TTL_UNKNOWN', `eval(60*60)')dnl
dnl
dnl при MEMCACHED или REDIS в confIP2CONTINENT_CACHE
dnl
dnl префикс записей:
dnl define(`confIP2CONTINENT_CACHE_RECORD_PREFIX', `ip2continent:')dnl
dnl
dnl при SQLITE в confIP2CONTINENT_CACHE
dnl
dnl define(`confIP2CONTINENT_CACHE_SQLITE_FILE', `confSPOOLDIR/db/cache.db')dnl
dnl
dnl dnl define(`confIP2CONTINENT_CACHE_SQLITE_GET', `SELECT continent FROM ip2continent WHERE ip="$acl_arg1" AND expires > UNIXEPOCH();')dnl
dnl dnl define(`confIP2CONTINENT_CACHE_SQLITE_SET', `REPLACE INTO ip2continent (ip, continent, expires) VALUES ("$acl_arg1", "$acl_m_ip2continent_result", UNIXEPOCH() + ${if eq{$acl_m_ip2continent_result}{UNKNOWN}{confIP2CONTINENT_CACHE_TTL_UNKNOWN}{confIP2CONTINENT_CACHE_TTL}});')dnl
dnl dnl define(`confIP2CONTINENT_CACHE_SQLITE_DELETE', `DELETE FROM ip2continent WHERE expires < UNIXEPOCH();')dnl
dnl changequote(<<, >>)
dnl define(<<confIP2CONTINENT_CACHE_SQLITE_GET>>, <<SELECT continent FROM ip2continent WHERE ip='$acl_arg1' AND expires > UNIXEPOCH();>>)dnl
dnl define(<<confIP2CONTINENT_CACHE_SQLITE_SET>>, <<REPLACE INTO ip2continent (ip, continent, expires) VALUES ('$acl_arg1', '$acl_m_ip2continent_result', datetime(UNIXEPOCH() + ${if eq{$acl_m_ip2continent_result}{UNKNOWN}{confIP2CONTINENT_CACHE_TTL_UNKNOWN}{confIP2CONTINENT_CACHE_TTL}}, 'unixepoch', 'localtime'));>>)dnl
dnl define(<<confIP2CONTINENT_CACHE_SQLITE_DELETE>>, <<DELETE FROM ip2continent WHERE expires < UNIXEPOCH();>>)dnl
dnl changequote
dnl
dnl при MYSQL в confIP2CONTINENT_CACHE
dnl
dnl define(`confIP2CONTINENT_CACHE_MYSQL_GET', `SELECT continent FROM ip2continent WHERE ip="$acl_arg1" AND expires > NOW();')dnl
dnl define(`confIP2CONTINENT_CACHE_MYSQL_SET', `REPLACE INTO ip2continent (ip, continent, expires) VALUES ("$acl_arg1", "$acl_m_ip2continent_result", DATE_ADD(NOW(), interval ${if eq{$acl_m_ip2continent_result}{UNKNOWN}{confIP2CONTINENT_CACHE_TTL_UNKNOWN}{confIP2CONTINENT_CACHE_TTL}} second));')dnl
dnl define(`confIP2CONTINENT_CACHE_MYSQL_DELETE', `DELETE FROM ip2continent WHERE expires < NOW();')dnl
dnl


ifelse(SECTION, `ACL_CHECK_CONNECT', `dnl

ifelse(confCHECK_ACCESS_RELAY_COUNTRY, `NO', `', `define(`confIP2COUNTRY', `YES')')dnl
ifelse(confCHECK_ACCESS_COMPAT_RELAY_COUNTRY, `NO', `', `define(`confIP2COUNTRY', `YES')')dnl
ifelse(confSMTP_AUTH_RELAY_COUNTRY, `NO', `', `define(`confIP2COUNTRY', `YES')')dnl

ifelse(confCHECK_ACCESS_RELAY_CONTINENT, `NO', `', `define(`confIP2COUNTRY', `YES')`'define(`confIP2CONTINENT', `YES')')dnl
ifelse(confCHECK_ACCESS_COMPAT_RELAY_CONTINENT, `NO', `', `define(`confIP2COUNTRY', `YES')`'define(`confIP2CONTINENT', `YES')')dnl
ifelse(confSMTP_AUTH_RELAY_CONTINENT, `NO', `', `define(`confIP2COUNTRY', `YES')`'define(`confIP2CONTINENT', `YES')')dnl

dnl старое значение приводим к новому
ifelse_strstr(confIP2COUNTRY_BACKEND` ', `DLFUNC ', `define(`confIP2COUNTRY_BACKEND', confIP2COUNTRY_BACKEND` DLFUNC_GEOIP')')dnl
ifelse_strstr(confIP2COUNTRY_BACKEND` ', `DLFUNC_GEOIP ', `define(`confIP2COUNTRY_BACKEND', confIP2COUNTRY_BACKEND` DLFUNC_GEOIP1')')dnl
ifelse_strstr(confIP2COUNTRY_BACKEND` ', `DLFUNC_GEOIPV6 ', `define(`confIP2COUNTRY_BACKEND', confIP2COUNTRY_BACKEND` DLFUNC_GEOIP1')')dnl

dnl старое значение приводим к новому
ifelse_strstr(confIP2CONTINENT_BACKEND` ', `DLFUNC ', `define(`confIP2CONTINENT_BACKEND', confIP2CONTINENT_BACKEND` DLFUNC_GEOIP')')dnl
ifelse_strstr(confIP2CONTINENT_BACKEND` ', `DLFUNC_GEOIP ', `define(`confIP2CONTINENT_BACKEND', confIP2CONTINENT_BACKEND` DLFUNC_GEOIP1')')dnl
ifelse_strstr(confIP2CONTINENT_BACKEND` ', `DLFUNC_GEOIPV6 ', `define(`confIP2CONTINENT_BACKEND', confIP2CONTINENT_BACKEND` DLFUNC_GEOIP1')')dnl

ifelse_strstr(confIP2COUNTRY_BACKEND` ', `DLFUNC_GEOIP ', `define(`confIP2CONTINENT_BACKEND', confIP2CONTINENT_BACKEND` DLFUNC_GEOIP')')
ifelse_strstr(confIP2COUNTRY_BACKEND` ', `DLFUNC_GEOIPV6', `define(`confIP2CONTINENT_BACKEND', confIP2CONTINENT_BACKEND` DLFUNC_GEOIPV6')')


ifelse(confIP2COUNTRY, `YES', `dnl
	warn	condition	= ${if eq{$acl_c_sender_host_address_country}{}{yes}{no}}
		set acl_c_sender_host_address_country = ${acl{acl_ip2country}{$sender_host_address}}
		set acl_c_sender_host_address_country = ${acl{detaint}{$acl_c_sender_host_address_country}}
	warn	condition	= ${if match{$acl_c_sender_host_address_country}{\N^([A-Z][A-Z](,[A-Z][A-Z])*|UNKNOWN|--|)$\N}{no}{yes}}
		log_message	= Restricted characters in the sender host country $acl_c_sender_host_address_country, country ignored
		set acl_c_sender_host_address_country = 
') dnl ifelse(confIP2COUNTRY, `YES', `')
ifelse(confIP2CONTINENT, `YES', `dnl
	warn	condition	= ${if eq{$acl_c_sender_host_address_continent}{}{yes}{no}}
		set acl_c_sender_host_address_continent = ${acl{acl_ip2continent}{$sender_host_address}}
		set acl_c_sender_host_address_continent = ${acl{detaint}{$acl_c_sender_host_address_continent}}
	warn	condition	= ${if match{$acl_c_sender_host_address_continent}{\N^([A-Z][A-Z]|UNKNOWN|--|)$\N}{no}{yes}}
		log_message	= Restricted characters in the sender host continent $$acl_c_sender_host_address_continent, continent ignored
		set acl_c_sender_host_address_continent = 
') dnl ifelse(confIP2CONTINENT, `YES', `')

') dnl ifelse(SECTION, `ACL_CHECK_CONNECT', `')


ifelse(SECTION, `ACLS_ADDITIONAL', `dnl

acl_hostname2country:
# acl_arg1 - hostname
	accept	condition	= ${if eq{$acl_arg1}{}{yes}{no}}
		message		=
	warn	set acl_c0	= ${lookup dnsdb{>: a=$acl_arg1}}
	accept	condition	= ${if eq{$acl_c0}{}{no}{yes}}
#		message		= ${acl{acl_ip2country}{$acl_c0}}
		message		= ${reduce{$acl_c0}{}{${if or{{eq{$value}{}}{eq{$value}{UNKNOWN}}}{${acl{acl_ip2country}{$item}}}{$value}}}}
	warn	set acl_c0	= ${lookup dnsdb{>, aaaa=$acl_arg1}}
	accept	condition	= ${if eq{$acl_c0}{}{no}{yes}}
#		message		= ${acl{acl_ip2country}{$acl_c0}}
		message		= ${reduce{<, $acl_c0}{}{${if or{{eq{$value}{}}{eq{$value}{UNKNOWN}}}{${acl{acl_ip2country}{$item}}}{$value}}}}
	accept	message		=

acl_ip2country:
# acl_arg1 - IP адрес

	accept	condition	= ${if match_ip{$acl_arg1}{<; 127.0.0.1/8`'ifelse_strstr(confIPv6, `YES', ` ; ::1') ; +private_networks}{yes}{no}}
		message		= UNKNOWN

	warn	condition	= ${if eq{${extract{country_${acl_arg1}}{$acl_c_ip2geo_result}}}{}{yes}{no}}
		set acl_c_ip2geo_result = $acl_c_ip2geo_result ${acl{acl_ip2geo}{$acl_arg1}}

	accept	condition	= ${if eq{${extract{country_${acl_arg1}}{$acl_c_ip2geo_result}}}{}{yes}{no}}
		message		= UNKNOWN

	accept	message		= ${extract{country_${acl_arg1}}{$acl_c_ip2geo_result}}

ifelse(confIP2CONTINENT, `NO', `dnl', `dnl
acl_ip2continent:
# acl_arg1 - IP адрес

	accept	condition	= ${if match_ip{$acl_arg1}{<; 127.0.0.1/8`'ifelse_strstr(confIPv6, `YES', ` ; ::1') ; +private_networks}{yes}{no}}
		message		= UNKNOWN

	warn	condition	= ${if eq{${extract{continent_${acl_arg1}}{$acl_c_ip2geo_result}}}{}{yes}{no}}
		set acl_c_ip2geo_result = $acl_c_ip2geo_result ${acl{acl_ip2geo}{$acl_arg1}}

	accept	condition	= ${if eq{${extract{continent_${acl_arg1}}{$acl_c_ip2geo_result}}}{}{yes}{no}}
		message		= UNKNOWN

	accept	message		= ${extract{continent_${acl_arg1}}{$acl_c_ip2geo_result}}
') dnl ifelse(confIP2CONTINENT, `NO', `dnl', `')

acl_ip2geo:
# acl_arg1 - IP адрес

	warn	set acl_m_ip2country_result = UNKNOWN
ifelse(confIP2CONTINENT, `NO', `dnl', `dnl
	warn	set acl_m_ip2continent_result = UNKNOWN
') dnl ifelse(confIP2CONTINENT, `NO', `dnl', `')


ifelse(confIP2COUNTRY_CACHE, `NO', `', `dnl
ifelse(confIP2COUNTRY_CACHE, `MEMCACHED', `dnl
define(`confMEMCACHED_ENABLED', `YES')dnl
	warn	set acl_m_ip2country_result = ${acl{acl_memcached_get}{confIP2COUNTRY_CACHE_RECORD_PREFIX`'$acl_arg1}}
')dnl
ifelse(confIP2COUNTRY_CACHE, `REDIS', `dnl
	warn	set acl_m_ip2country_result = ${acl{acl_redis_get}{confIP2COUNTRY_CACHE_RECORD_PREFIX`'$acl_arg1}}
')dnl
ifelse(confIP2COUNTRY_CACHE, `SQLITE', `dnl
	warn	set acl_m_ip2asn_result = ${lookup sqlite,file=confIP2COUNTRY_CACHE_SQLITE_FILE{confIP2COUNTRY_CACHE_SQLITE_GET}}
')dnl
ifelse(confIP2COUNTRY_CACHE, `MYSQL', `dnl
	warn	set acl_m_ip2asn_result = ${lookup mysql{confIP2COUNTRY_CACHE_MYSQL_GET}}
')dnl
	warn	condition	= ${if eq{$acl_m_ip2country_result}{}{yes}{no}}
		set acl_m_ip2country_result = UNKNOWN
')dnl ifelse(confIP2COUNTRY_CACHE, `NO', `', `')


ifelse(confIP2CONTINENT, `NO', `', `dnl

ifelse(confIP2CONTINENT_CACHE, `NO', `', `dnl
ifelse(confIP2CONTINENT_CACHE, `MEMCACHED', `dnl
define(`confMEMCACHED_ENABLED', `YES')dnl
	warn	set acl_m_ip2continent_result = ${acl{acl_memcached_get}{confIP2CONTINENT_CACHE_RECORD_PREFIX`'$acl_arg1}}
')dnl
ifelse(confIP2CONTINENT_CACHE, `REDIS', `dnl
	warn	set acl_m_ip2continent_result = ${acl{acl_redis_get}{confIP2CONTINENT_CACHE_RECORD_PREFIX`'$acl_arg1}}
')dnl
ifelse(confIP2CONTINENT_CACHE, `SQLITE', `dnl
	warn	set acl_m_ip2asn_result = ${lookup sqlite,file=confIP2CONTINENT_CACHE_SQLITE_FILE{confIP2CONTINENT_CACHE_SQLITE_GET}}
')dnl
ifelse(confIP2CONTINENT_CACHE, `MYSQL', `dnl
	warn	set acl_m_ip2asn_result = ${lookup mysql{confIP2CONTINENT_CACHE_MYSQL_GET}}
')dnl
	warn	condition	= ${if eq{$acl_m_ip2continent_result}{}{yes}{no}}
		set acl_m_ip2continent_result = UNKNOWN
')dnl ifelse(confIP2CONTINENT_CACHE, `NO', `', `')

') dnl ifelse(confIP2CONTINENT, `NO', `', `')


ifelse(confIP2COUNTRY_CACHE, `NO', `', `dnl
ifelse(confIP2CONTINENT, `NO', `dnl
	accept	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{no}{yes}}
		message		= country_$acl_arg1=${uc:$acl_m_ip2country_result}
',`
ifelse(confIP2CONTINENT_CACHE, `NO', `', `dnl
	accept	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{no}{yes}}
		condition	= ${if eq{$acl_m_ip2continent_result}{UNKNOWN}{no}{yes}}
		message		= country_$acl_arg1=${uc:$acl_m_ip2country_result} continent_$acl_arg1=${uc:$acl_m_ip2continent_result}
')dnl ifelse(confIP2CONTINENT_CACHE, `NO', `', `')
') dnl ifelse(confIP2CONTINENT, `NO', `', `')
')dnl ifelse(confIP2COUNTRY_CACHE, `NO', `', `')


ifelse_strstr(confIP2COUNTRY_BACKEND` ', `DLFUNC_GEOIP2 ', `dnl
ifdef(`confIP2COUNTRY_MAXMINDDB_FILE', `ifelse(len(X`'confIP2COUNTRY_MAXMINDDB_FILE), `1', `', `dnl

	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		set acl_m_maxminddb_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{maxminddb}{confIP2COUNTRY_MAXMINDDB_FILE}{$acl_arg1}{country registered_country`'ifelse(confIP2CONTINENT, `NO', `', ` continent')}{confIP2COUNTRY_DEFER_OK}}
		set acl_m_ip2country_result = ${extract{country}{$acl_m_maxminddb_result}}
		set acl_m_ip2country_result = ${if or{\
				{eq{$acl_m_ip2country_result}{}}\
				{eq{$acl_m_ip2country_result}{--}}\
				}{${extract{registered_country}{$acl_m_maxminddb_result}}}{$acl_m_ip2country_result}}
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2country_result}{}}\
				{eq{$acl_m_ip2country_result}{--}}\
				}{yes}{no}}
		set acl_m_ip2country_result = UNKNOWN

ifelse(confIP2CONTINENT, `NO', `dnl', `dnl
ifelse_strstr(confIP2CONTINENT_BACKEND` ', `DLFUNC_GEOIP2 ', `dnl
	warn	condition	= ${if eq{$acl_m_ip2continent_result}{UNKNOWN}{yes}{no}}
		set acl_m_ip2continent_result = ${extract{continent}{$acl_m_maxminddb_result}}
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2continent_result}{}}\
				{eq{$acl_m_ip2continent_result}{--}}\
				}{yes}{no}}
		set acl_m_ip2continent_result = UNKNOWN
') dnl ifelse_strstr(confIP2CONTINENT_BACKEND` ', `DLFUNC_GEOIP2 ', `')
') dnl ifelse(confIP2CONTINENT, `NO', `', `')

')') dnl ifdef(`confIP2COUNTRY_MAXMINDDB_FILE', `ifelse(len(X`'confIP2COUNTRY_MAXMINDDB_FILE), `1', `', `')')
') dnl ifelse_strstr(confIP2COUNTRY_BACKEND` ', `DLFUNC_GEOIP2 ', `', `')


ifelse_strstr(confIP2COUNTRY_BACKEND` ', `GEOLITE2_DB ', `dnl
ifdef(`confMYSQL', `ifelse(len(X`'confMYSQL), `1', `', `dnl
ifdef(`confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV4', `ifelse(confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV4, `', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_maxminddb_result = ${lookup mysql{replace_str(`confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV4', `$sender_host_address', `$acl_arg1')}{$value}{UNKNOWN}}
		set acl_m_ip2country_result = ${extract{country}{$acl_m_maxminddb_result}}
')') dnl ifdef(`confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV4', `ifelse(confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV4, `', `', `')')
ifelse(confIPv6, `YES', `dnl
ifdef(`confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV6', `ifelse(confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV6, `', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip6{$acl_arg1}{yes}{no}}
		set acl_m_maxminddb_result = ${lookup mysql{replace_str(`confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV6', `$sender_host_address', `$acl_arg1')}{$value}{UNKNOWN}}
		set acl_m_ip2country_result = ${extract{country}{$acl_m_maxminddb_result}}
')') dnl ifdef(`confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV6', `ifelse(confIP2COUNTRY_GEOLITE2_DB_QUERY_IPV6, `', `', `')')
') dnl ifelse(confIPv6, `YES', `')
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2country_result}{}}\
				{eq{$acl_m_ip2country_result}{--}}\
				}{yes}{no}}
		set acl_m_ip2country_result = UNKNOWN

ifelse(confIP2CONTINENT, `NO', `dnl', `dnl
ifelse_strstr(confIP2CONTINENT_BACKEND` ', `GEOLITE2_DB ', `dnl
	warn	condition	= ${if eq{$acl_m_ip2continent_result}{UNKNOWN}{yes}{no}}
		set acl_m_ip2continent_result = ${extract{continent}{$acl_m_maxminddb_result}}
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2continent_result}{}}\
				{eq{$acl_m_ip2continent_result}{--}}\
				}{yes}{no}}
		set acl_m_ip2continent_result = UNKNOWN
') dnl ifelse_strstr(confIP2CONTINENT_BACKEND` ', `GEOLITE2_DB ', `')
') dnl ifelse(confIP2CONTINENT, `NO', `', `')

')') dnl ifdef(`confMYSQL', `ifelse(len(X`'confMYSQL), `1', `', `')')
') dnl ifelse_strstr(confIP2COUNTRY_BACKEND` ', `GEOLITE2_DB ', `', `')


ifelse_strstr(confIP2COUNTRY_BACKEND` ', `DLFUNC_IP2LOCATION ', `dnl
ifdef(`confIP2COUNTRY_IP2LOCATION_BIN_IPV4', `ifelse(len(X`'confIP2COUNTRY_IP2LOCATION_BIN_IPV4), `1', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2country_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2location}{confIP2COUNTRY_IP2LOCATION_BIN_IPV4}{$acl_arg1}{confIP2COUNTRY_DEFER_OK}}
')') dnl ifdef(`confIP2COUNTRY_IP2LOCATION_BIN_IPV4', `ifelse(len(X`'confIP2COUNTRY_IP2LOCATION_BIN_IPV4), `1', `', `')')
ifelse(confIPv6, `YES', `dnl
ifdef(`confIP2COUNTRY_IP2LOCATION_BIN_IPV6', `ifelse(len(X`'confIP2COUNTRY_IP2LOCATION_BIN_IPV6), `1', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip6{$acl_arg1}{yes}{no}}
		set acl_m_ip2country_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2location}{confIP2COUNTRY_IP2LOCATION_BIN_IPV6}{$acl_arg1}{confIP2COUNTRY_DEFER_OK}}
')') dnl ifdef(`confIP2COUNTRY_IP2LOCATION_BIN_IPV6', `ifelse(len(X`'confIP2COUNTRY_IP2LOCATION_BIN_IPV6), `1', `', `')')
') dnl ifelse(confIPv6, `YES', `')
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2country_result}{}}\
				{eq{$acl_m_ip2country_result}{-}}\
				}{yes}{no}}
		set acl_m_ip2country_result = UNKNOWN

ifelse(confIP2CONTINENT, `NO', `dnl', `dnl
ifelse_strstr(confIP2CONTINENT_BACKEND` ', `DLFUNC_IP2LOCATION ', `dnl
	warn	set acl_m_ip2continent_result = UNKNOWN
') dnl ifelse_strstr(confIP2CONTINENT_BACKEND` ', `DLFUNC_IP2LOCATION ', `')
') dnl ifelse(confIP2CONTINENT, `NO', `', `')

') dnl ifelse_strstr(confIP2COUNTRY_BACKEND` ', `DLFUNC_IP2LOCATION ', `', `')


ifelse_strstr(confIP2COUNTRY_BACKEND` ', `IP2LOCATION_DB ', `dnl
ifdef(`confMYSQL', `ifelse(len(X`'confMYSQL), `1', `', `dnl
ifdef(`confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV4', `ifelse(confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV4, `', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2country_result = ${lookup mysql{replace_str(`confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV4', `$sender_host_address', `$acl_arg1')}{$value}{UNKNOWN}}
')') dnl ifdef(`confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV4', `ifelse(confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV4, `', `', `')')
ifelse(confIPv6, `YES', `dnl
ifdef(`confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV6', `ifelse(confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV6, `', `', `dnl
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip6{$acl_arg1}{yes}{no}}
		set acl_m_ip2country_result = ${lookup mysql{replace_str(`confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV6', `$sender_host_address', `$acl_arg1')}{$value}{UNKNOWN}}
')') dnl ifdef(`confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV6', `ifelse(confIP2COUNTRY_IP2LOCATION_DB_QUERY_IPV6, `', `', `')')
') dnl ifelse(confIPv6, `YES', `')
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2country_result}{}}\
				{eq{$acl_m_ip2country_result}{-}}\
				}{yes}{no}}
		set acl_m_ip2country_result = UNKNOWN

ifelse(confIP2CONTINENT, `NO', `dnl', `dnl
ifelse_strstr(confIP2CONTINENT_BACKEND` ', `IP2LOCATION_DB ', `dnl
	warn	set acl_m_ip2continent_result = UNKNOWN
') dnl ifelse_strstr(confIP2CONTINENT_BACKEND` ', `IP2LOCATION_DB ', `')
') dnl ifelse(confIP2CONTINENT, `NO', `', `')

')') dnl ifdef(`confMYSQL', `ifelse(len(X`'confMYSQL), `1', `', `')')
') dnl ifelse_strstr(confIP2COUNTRY_BACKEND` ', `IP2LOCATION_DB ', `', `')


ifelse_strstr(confIP2COUNTRY_BACKEND, `DLFUNC_GEOIP1', `

ifelse_strstr(confIP2COUNTRY_BACKEND, `DLFUNC_GEOIPV6', `dnl
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		set acl_m_ip2country_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2country_v6}{$acl_arg1}}
	warn	condition	= ${if eq{$acl_m_ip2country_result}{--}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2country_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2country_v6}{::ffff:$acl_arg1}}
',`dnl
ifelse_strstr(confIPv6, `YES', `dnl
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2country_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2country}{$acl_arg1}}
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip6{$acl_arg1}{yes}{no}}
		set acl_m_ip2country_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2country_v6}{$acl_arg1}}
	warn	condition	= ${if eq{$acl_m_ip2country_result}{--}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2country_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2country_v6}{::ffff:$acl_arg1}}
',`dnl
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		set acl_m_ip2country_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2country}{$acl_arg1}}
') dnl ifelse_strstr(confIPv6, `YES', `', `')
') dnl ifelse_strstr(confIP2COUNTRY_BACKEND` ', `DLFUNC_GEOIPV6', `')
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2country_result}{}}\
				{eq{$acl_m_ip2country_result}{--}}\
				}{yes}{no}}
		set acl_m_ip2country_result = UNKNOWN

ifelse(confIP2CONTINENT, `NO', `dnl', `dnl

ifelse_strstr(confIP2CONTINENT_BACKEND` ', `DLFUNC_GEOIPV6', `dnl
	warn	condition	= ${if eq{$acl_m_ip2continent_result}{UNKNOWN}{yes}{no}}
		set acl_m_ip2continent_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2continent_v6}{$acl_arg1}}
',`dnl
ifelse_strstr(confIPv6, `YES', `dnl
	warn	condition	= ${if eq{$acl_m_ip2continent_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2continent_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2continent}{$acl_arg1}}
	warn	condition	= ${if eq{$acl_m_ip2continent_result}{UNKNOWN}{yes}{no}}
		condition	= ${if isip6{$acl_arg1}{yes}{no}}
		set acl_m_ip2continent_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2continent_v6}{$acl_arg1}}
',`dnl
	warn	condition	= ${if eq{$acl_m_ip2continent_result}{UNKNOWN}{yes}{no}}
		set acl_m_ip2continent_result = ${dlfunc{confDLFUNC_PATH/confDLFUNC_FNAME}{ip2continent}{$acl_arg1}}
') dnl ifelse_strstr(confIPv6, `YES', `', `')
') dnl ifelse_strstr(confIP2CONTINENT_BACKEND` ', `DLFUNC_GEOIPV6', `')
	warn	condition	= ${if or{\
				{eq{$acl_m_ip2continent_result}{}}\
				{eq{$acl_m_ip2continent_result}{--}}\
				}{yes}{no}}
		set acl_m_ip2continent_result = UNKNOWN
') dnl ifelse(confIP2CONTINENT, `NO', `', `')

') dnl ifelse_strstr(confIP2COUNTRY_BACKEND, `DLFUNC_GEOIP1', `')


ifelse_strstr(confIP2COUNTRY_BACKEND, `API_IPINFO', `
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		set acl_m0	= ${readsocket{inet:ipinfo.io:443}{GET /$acl_arg1 HTTP/1.1\r\nHost: ipinfo.io\r\nConnection: close\r\n\r\n}{20s:tls=yes:sni=ipinfo.io}{\n}{socket failure}}

	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{}{yes}{no}}
		log_message	= Response to HTTP request https://ipinfo.io/$acl_arg1 is empty
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{socket failure}{yes}{no}}
		set acl_m0	=
		log_message	= Unable to get response to HTTP request https://ipinfo.io/$acl_arg1: socket failure
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{}{no}{yes}}
		condition	= ${if match{$acl_m0}{\N^HTTP\/1\.[01] 200\b\N}{no}{yes}}
		log_message	= Unsuccessfull status of response to HTTP request https://ipinfo.io/$acl_arg1: ${sg{$acl_m0}{\N(\r?\n.*)*$\N}{}}
	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{}{no}{yes}}
		condition	= ${if match{$acl_m0}{\N^HTTP\/1\.1 200\b\N}{no}{yes}}
		set acl_m0	=

	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{}{no}{yes}}
#		set acl_m0	= ${sg{$acl_m0}{\N^((.+)\r?\n)+?\r?\n\N}{}}
		set acl_m0	= ${acl{acl_http_response_get_body}{$acl_m0}}
		condition	= ${if eq{$acl_m0}{}{yes}{no}}
		log_message	= Response to HTTP request https://ipinfo.io/$acl_arg1 has empty body

	warn	condition	= ${if eq{$acl_m_ip2country_result}{UNKNOWN}{yes}{no}}
		condition	= ${if eq{$acl_m0}{}{no}{yes}}
		condition	= ${if isip4{$acl_arg1}{yes}{no}}
		set acl_m_ip2country_result = ${extract jsons{country}{$acl_m0}}
	warn	condition	= ${if eq{$acl_m_ip2country_result}{}{yes}{no}}
		set acl_m_ip2country_result = UNKNOWN
') dnl ifelse_strstr(confIP2COUNTRY_BACKEND, `API_IPINFO', `')


ifelse(confIP2COUNTRY_CACHE, `NO', `', `dnl
ifelse(confIP2COUNTRY_CACHE, `MEMCACHED', `dnl
define(`confMEMCACHED_ENABLED', `YES')dnl
	warn	set acl_m0	= ${acl{acl_memcached_set}{confIP2COUNTRY_CACHE_RECORD_PREFIX`'$acl_arg1}{${uc:$acl_m_ip2country_result}}{${if eq{$acl_m_ip2country_result}{UNKNOWN}{confIP2COUNTRY_CACHE_TTL_UNKNOWN}{confIP2COUNTRY_CACHE_TTL}}}}
')dnl
ifelse(confIP2COUNTRY_CACHE, `REDIS', `dnl
	warn	set acl_m0	= ${acl{acl_redis_set}{confIP2COUNTRY_CACHE_RECORD_PREFIX`'$acl_arg1}{${uc:$acl_m_ip2country_result}}{${if eq{$acl_m_ip2country_result}{UNKNOWN}{confIP2COUNTRY_CACHE_TTL_UNKNOWN}{confIP2COUNTRY_CACHE_TTL}}}}
')dnl
ifelse(confIP2COUNTRY_CACHE, `SQLITE', `dnl
	warn	set acl_m0	= ${lookup sqlite,file=confIP2COUNTRY_CACHE_SQLITE_FILE{confIP2COUNTRY_CACHE_SQLITE_SET}}
')dnl
ifelse(confIP2COUNTRY_CACHE, `MYSQL', `dnl
	warn	set acl_m0	= ${lookup mysql{confIP2COUNTRY_CACHE_MYSQL_SET}}
')dnl
')dnl ifelse(confIP2COUNTRY_CACHE, `NO', `', `')


ifelse(confIP2CONTINENT, `NO', `dnl
	accept	message		= country_$acl_arg1=${uc:$acl_m_ip2country_result}
',`
ifelse(confIP2COUNTRY_CACHE, `NO', `', `dnl
ifelse(confIP2COUNTRY_CACHE, `MEMCACHED', `dnl
define(`confMEMCACHED_ENABLED', `YES')dnl
	warn	set acl_m0	= ${acl{acl_memcached_set}{confIP2CONTINENT_CACHE_RECORD_PREFIX`'$acl_arg1}{${uc:$acl_m_ip2continent_result}}{${if eq{$acl_m_ip2continent_result}{UNKNOWN}{confIP2COUNTRY_CACHE_TTL_UNKNOWN}{confIP2COUNTRY_CACHE_TTL}}}}
')dnl
ifelse(confIP2COUNTRY_CACHE, `REDIS', `dnl
	warn	set acl_m0	= ${acl{acl_redis_set}{confIP2CONTINENT_CACHE_RECORD_PREFIX`'$acl_arg1}{${uc:$acl_m_ip2continent_result}}{${if eq{$acl_m_ip2continent_result}{UNKNOWN}{confIP2COUNTRY_CACHE_TTL_UNKNOWN}{confIP2COUNTRY_CACHE_TTL}}}}
')dnl
ifelse(confIP2CONTINENT_CACHE, `SQLITE', `dnl
	warn	set acl_m0	= ${lookup sqlite,file=confIP2CONTINENT_CACHE_SQLITE_FILE{confIP2CONTINENT_CACHE_SQLITE_SET}}
')dnl
ifelse(confIP2CONTINENT_CACHE, `MYSQL', `dnl
	warn	set acl_m0	= ${lookup mysql{confIP2CONTINENT_CACHE_MYSQL_SET}}
')dnl
')dnl ifelse(confIP2COUNTRY_CACHE, `NO', `', `')

	accept	message		= country_$acl_arg1=${uc:$acl_m_ip2country_result} continent_$acl_arg1=${uc:$acl_m_ip2continent_result}
') dnl ifelse(confIP2CONTINENT, `NO', `', `')

') dnl ifelse(SECTION, `ACLS_ADDITIONAL', `')