ifelse(SECTION, `ACL_CHECK_CONNECT', `dnl

	warn	set acl_m_normalize_action_result =
		set acl_m_rate_host_auth_when_not_advertised = ${sg{${lookup{$sender_host_address}iplsearch{CONFDIR/ratelimit-host-auth-when-not-advertised}{$value}{}}}{\N^\s+\N}{}}
		condition	= ${if eq{$acl_m_rate_host_auth_when_not_advertised}{}{yes}{no}}
		condition	= ${if eq{$sender_host_name}{}{no}{yes}}
		set acl_m_rate_host_auth_when_not_advertised = ${sg{${lookup{$sender_host_name}wildlsearch{CONFDIR/ratelimit-host-auth-when-not-advertised}{$value}{}}}{\N^\s+\N}{}}
	warn	condition	= ${if eq{$acl_m_rate_host_auth_when_not_advertised}{}{no}{yes}}
		set acl_m_rate_host_auth_when_not_advertised = ${if match{$acl_m_rate_host_auth_when_not_advertised}{\N(?i)^\s*(no|skip)\N}{}{$acl_m_rate_host_auth_when_not_advertised}}
		condition	= ${if eq{$acl_m_rate_host_auth_when_not_advertised}{}{no}{yes}}
		set acl_m_rate_host_auth_when_not_advertised = ${sg{$acl_m_rate_host_auth_when_not_advertised}{eval:}{eval╕}}
		set acl_m_limit = ${extract{1}{,}{${extract{1}{:}{$acl_m_rate_host_auth_when_not_advertised}}}}
		set acl_m_limit = ${sg{$acl_m_limit}{eval╕}{eval:}}
		set acl_m_limit = ${if match{$acl_m_limit}{\N.+(lookup |[\{\}])\N}{${expand:$acl_m_limit}}{$acl_m_limit}}
#		ratelimit	= $acl_m_limit / per_cmd / count=0 / readonly / auth_when_not_advertised-${if isip6{$sender_host_address}{${ipv6denorm:$sender_host_address}/64}{$sender_host_address}}
		ratelimit	= $acl_m_limit / per_cmd / count=0 / readonly / auth_when_not_advertised-${if isip6{$sender_host_address}{${sg{${ipv6denorm:$sender_host_address}}{\N(:\d+){4}$\N}{:0000:0000:0000:0000}}/64}{$sender_host_address}}
		set acl_m_action = ${extract{2}{:}{$acl_m_rate_host_auth_when_not_advertised}}
		set acl_m_action = ${sg{$acl_m_action}{eval╕}{eval:}}
		set acl_m_action = ${if match{$acl_m_action}{\N.+(lookup |[\{\}])\N}{${expand:$acl_m_action}}{$acl_m_action}}
		acl		= acl_normalize_action "$acl_m_action" acl_check_connection
		set acl_m_normalize_action_result = ${if match{$acl_m_normalize_action_result}{\N^\s*$\N}{drop}{$acl_m_normalize_action_result}}
		set acl_m_normalize_action_result = ${sg{$acl_m_normalize_action_result }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}}
		set acl_m_log_message	= Previous AUTH command used when not advertised rate $sender_rate exceeded limit $sender_rate_limit messages per $sender_rate_period${if eq{$acl_c_geo_data}{}{}{ ($acl_c_geo_data)}}
		set acl_m_smtp_message	= ${extract{3}{:}{$acl_m_rate_host_auth_when_not_advertised}}
		set acl_m_smtp_message	= Too many authentication attempts.${if eq{$acl_m_smtp_message}{}{Try again later}{$acl_m_smtp_message}}
		set acl_m_smtp_message	= ${if match{$acl_m_smtp_message}{\N(^\$|[^\\]\$)\N}{${expand:$acl_m_smtp_message}}{$acl_m_smtp_message}}
		set acl_c_auth_attemps = 0
ifelse_strstr(` 'confRATELIMIT` ', ` DEBUG ', `dnl
	warn	condition	= ${if eq{$acl_m_rate_host_auth_when_not_advertised}{}{no}{yes}}
		condition	= ${if >{${sg{$sender_rate}{\N\.\d+$\N}{}}}{0}{yes}{no}}
		log_message	= DEBUG: Previous AUTH command used when not advertised sender host ${if eq{$sender_host_name}{}{}{$sender_host_name }}[$sender_host_address]${if eq{$acl_c_geo_data}{}{}{ ($acl_c_geo_data)}} rate $sender_rate / $sender_rate_limit / $sender_rate_period
') dnl ifelse_strstr(` 'confRATELIMIT` ', ` DEBUG ', `')

FEATURE(`ratelimit_actions')dnl

',`

ifelse(SECTION, `ACL_CHECK_AUTH', `dnl
	# на этапе acl_check_noquit может быть потеряно значение $tls_cipher, поэтому нужно заранее определить, анонсировалась ли клиенту SMTP аутентификация, и сохранить результат проверки
	warn	set acl_c_host_is_auth_advertised =
		hosts		= +auth_advertise_hosts
		set acl_c_host_is_auth_advertised = yes
',`

ifelse(SECTION, `ACL_CHECK_MAIL', `dnl
	# на этапе acl_check_noquit может быть потеряно значение $tls_cipher, поэтому нужно заранее определить, анонсировалась ли клиенту SMTP аутентификация, и сохранить результат проверки
	warn	set acl_c_host_is_auth_advertised =
		hosts		= +auth_advertise_hosts
		set acl_c_host_is_auth_advertised = yes
',`

	warn	set acl_m_normalize_action_result =
		set acl_m_rate_host_auth_when_not_advertised =
#		hosts		= ! +auth_advertise_hosts
		condition	= ${if eq{$acl_c_host_is_auth_advertised}{yes}{no}{yes}}
		condition	= ${if match{$smtp_command_history}{\N.*(EHLO|HELO)(,.+?)*,AUTH\N}{yes}{no}}
		condition	= ${if match{$smtp_command_history}{\N.*EHLO(,.+?)*,STARTTLS(,.+?)*,AUTH\N}{no}{yes}}

		set acl_m_rate_host_auth_when_not_advertised = ${sg{${lookup{$sender_host_address}iplsearch{CONFDIR/ratelimit-host-auth-when-not-advertised}{$value}{}}}{\N^\s+\N}{}}
		condition	= ${if eq{$acl_m_rate_host_auth_when_not_advertised}{}{yes}{no}}
		condition	= ${if eq{$sender_host_name}{}{no}{yes}}
		set acl_m_rate_host_auth_when_not_advertised = ${sg{${lookup{$sender_host_name}wildlsearch{CONFDIR/ratelimit-host-auth-when-not-advertised}{$value}{}}}{\N^\s+\N}{}}
	warn	condition	= ${if eq{$acl_m_rate_host_auth_when_not_advertised}{}{no}{yes}}
		set acl_m_rate_host_auth_when_not_advertised = ${if match{$acl_m_rate_host_auth_when_not_advertised}{\N(?i)^\s*(no|skip)\N}{}{$acl_m_rate_host_auth_when_not_advertised}}
		condition	= ${if eq{$acl_m_rate_host_auth_when_not_advertised}{}{no}{yes}}
		set acl_m_rate_host_auth_when_not_advertised = ${sg{$acl_m_rate_host_auth_when_not_advertised}{eval:}{eval╕}}
		set acl_m_limit = ${extract{1}{,}{${extract{1}{:}{$acl_m_rate_host_auth_when_not_advertised}}}}
		set acl_m_limit = ${sg{$acl_m_limit}{eval╕}{eval:}}
		set acl_m_limit = ${if match{$acl_m_limit}{\N.+(lookup |[\{\}])\N}{${expand:$acl_m_limit}}{$acl_m_limit}}
#		ratelimit	= $acl_m_limit / per_cmd / strict / auth_when_not_advertised-${if isip6{$sender_host_address}{${ipv6denorm:$sender_host_address}/64}{$sender_host_address}}
		ratelimit	= $acl_m_limit / per_cmd / strict / auth_when_not_advertised-${if isip6{$sender_host_address}{${sg{${ipv6denorm:$sender_host_address}}{\N(:\d+){4}$\N}{:0000:0000:0000:0000}}/64}{$sender_host_address}}
		set acl_m_action = ${extract{2}{:}{$acl_m_rate_host_auth_when_not_advertised}}
		set acl_m_action = ${sg{$acl_m_action}{eval╕}{eval:}}
		set acl_m_action = ${if match{$acl_m_action}{\N.+(lookup |[\{\}])\N}{${expand:$acl_m_action}}{$acl_m_action}}
		acl		= acl_normalize_action "$acl_m_action"
		set acl_m_normalize_action_result = ${if match{$acl_m_normalize_action_result}{\N^\s*$\N}{defer}{$acl_m_normalize_action_result}}
		set acl_m_normalize_action_result = ${sg{$acl_m_normalize_action_result }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}}
		set acl_m_log_message	= AUTH command used when not advertised rate $sender_rate exceeded limit $sender_rate_limit messages per $sender_rate_period${if eq{$acl_c_geo_data}{}{}{ ($acl_c_geo_data)}}
		set acl_m_smtp_message	= ${extract{3}{:}{$acl_m_rate_host_auth_when_not_advertised}}
		set acl_m_smtp_message	= Too many authentication attempts.${if eq{$acl_m_smtp_message}{}{Try again later}{$acl_m_smtp_message}}
		set acl_m_smtp_message	= ${if match{$acl_m_smtp_message}{\N(^\$|[^\\]\$)\N}{${expand:$acl_m_smtp_message}}{$acl_m_smtp_message}}
		set acl_c_auth_attemps = 0
ifelse_strstr(` 'confRATELIMIT` ', ` DEBUG ', `dnl
	warn	condition	= ${if eq{$acl_m_rate_host_auth_when_not_advertised}{}{no}{yes}}
		log_message	= DEBUG: AUTH command used when not advertised sender host ${if eq{$sender_host_name}{}{}{$sender_host_name }}[$sender_host_address]${if eq{$acl_c_geo_data}{}{}{ ($acl_c_geo_data)}} rate $sender_rate / $sender_rate_limit / $sender_rate_period; SMTP command history: $smtp_command_history
') dnl ifelse_strstr(` 'confRATELIMIT` ', ` DEBUG ', `')

') dnl ifelse(SECTION, `ACL_CHECK_MAIL', `')
') dnl ifelse(SECTION, `ACL_CHECK_AUTH', `')
') dnl ifelse(SECTION, `ACL_CHECK_CONNECT', `')