###################################################################### # Runtime configuration file for Exim # ###################################################################### ifdef(`confM4_DIR', `', `define(`confM4_DIR', `../m4')')dnl ifdef(`confACLS_DIR', `', `define(`confACLS_DIR', `.')')dnl ifdef(`confFEATURES_DIR', `', `define(`confFEATURES_DIR', `.')')dnl ifdef(`confDELIVERIES_DIR', `', `define(`confDELIVERIES_DIR', `.')')dnl ifdef(`confSITE_DIR', `', `define(`confSITE_DIR', `.')')dnl include(confFEATURES_DIR`/cfhead.m4')dnl include(confM4_DIR`/conf.default')dnl include(confSITE_DIR/`conf')dnl ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### define(`SECTION', `MAIN')dnl ifdef(`confCONFDIR',`',`dnl errprint(`*** ERROR: confCONFDIR variable required ')')dnl CONFDIR=confCONFDIR ifdef(`confDLFUNC_PATH', `dnl DLFUNC_PATH=confDLFUNC_PATH ifelse(confOS2, `Debian', `dnl # fake dlfunc call for linking some functions: ${dlfunc{DLFUNC_PATH/exim-dlfunc.so}{exim}{}} ') dnl ') dnl .include_if_exists confCONFDIR/site/MACROS ifdef(`confPERL', `ifelse(len(X`'confPERL), `1', `', `dnl perl_startup = do "confPERL" ')') ifdef(`confMYSQL', `ifelse(len(X`'confMYSQL), `1', `', `dnl hide mysql_servers = confMYSQL ')') ifdef(`confPGSQL', `ifelse(len(X`'confPGSQL), `1', `', `dnl hide pgsql_servers = confPGSQL ')') ifdef(`confREDIS', `ifelse(len(X`'confREDIS), `1', `', `dnl hide redis_servers = confREDIS ')') ifdef(`confLOG_SELECTOR', `ifelse(len(X`'confLOG_SELECTOR), `1', `', `dnl log_selector = confLOG_SELECTOR ')') #hostlist relay_from_hosts = localhost : CONFDIR/hosts-relayfrom hostlist relay_from_hosts = <; +ignore_defer ; +ignore_unknown ; @[] ; CONFDIR/hosts-relayfrom ifdef(`confETRN_ENABLE', `ifelse(confETRN_ENABLE, `NO', `', `dnl dnl hostlist trusted_hosts = localhost : CONFDIR/hosts-trusted ')') hostlist trusted_hosts = <; +ignore_defer ; +ignore_unknown ; @[] ; 127.0.0.1/8`'ifelse_strstr(confIPv6, `YES', ` ; ::1') ; CONFDIR/hosts-trusted ifdef(`confWHITE_LIST_RELAYS', `ifelse(confWHITE_LIST_RELAYS, `NO', `', ` hostlist relay_white_list = <; +ignore_defer ; +ignore_unknown ; CONFDIR/hosts-whitelist ')') ifdef(`confSMTP_SERIALIZE_HOSTS', `ifelse(confSMTP_SERIALIZE_HOSTS, `NO', `', `dnl hostlist serialize_hosts = <; +ignore_defer ; +ignore_unknown ; CONFDIR/hosts-serialize ')') dnl ifelse(confPRIVATE_NETWORKS_EXTENDED, `NO', ` hostlist private_networks = 127.0.0.1/8 : 10.0.0.0/8 : 172.16.0.0/12 : 192.168.0.0/16 ',` hostlist private_networks = <; +ignore_defer ; +ignore_unknown ; 127.0.0.1/8`'ifelse_strstr(confIPv6, `YES', ` ; ::1') ; CONFDIR/hosts-private ') dnl ifelse(confPRIVATE_NETWORKS_EXTENDED, `NO', `') ifelse_strstr(confIPv6, `YES', `dnl dnl ifdef(`confDNSLOOKUP6_ENABLE',`',`define(`confDNSLOOKUP6_ENABLE',`NO')')dnl dnl ifelse(confDNSLOOKUP6_ENABLE, `NO', `', `dnl ifelse(confPRIVATE_NETWORKS6_EXTENDED, `NO', ` hostlist private_networks6 = <; ::1/128 ; 2001:db8::/32 ; fc00::/7 ; fe80::/10 ; fec0::/10 ; ff00::/8 ',` hostlist private_networks6 = <; +ignore_defer ; +ignore_unknown ; ::1 ; CONFDIR/hosts6-private ') dnl ifelse(confPRIVATE_NETWORKS6_EXTENDED, `NO', `') ') dnl ifelse(confDNSLOOKUP6_ENABLE, `NO', `', `') dnl ') dnl ifelse_strstr(confIPv6, `YES', `') domainlist local_domains = confLOCAL_DOMAINS define(`confDOMAINS_ABUSE', `')dnl ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', `dnl domainlist relay_to_domains = lsearch,ret=key;CONFDIR/domains-relayto define(`confDOMAINS_ABUSE', ` : +relay_to_domains')dnl ')') dnl ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', `')') ifdef(`confQUARANTINED_SEND_TO_RELAYTO_DOMAINS', `ifelse(confQUARANTINED_SEND_TO_RELAYTO_DOMAINS, `NO', `', `dnl domainlist relay_to_domains_personal_quarantine = lsearch,ret=key;CONFDIR/domains-relayto-personal-quarantine ')') dnl ifdef(`confQUARANTINED_SEND_TO_RELAYTO_DOMAINS', `ifelse(confQUARANTINED_SEND_TO_RELAYTO_DOMAINS, `NO', `', `')') ifdef(`confMAILERTABLE', `ifelse(confMAILERTABLE, `NO', `', `dnl DELIVERY(`mailertable')dnl ')') ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `dnl #IS_NOT_QUARANTINED=${if eq{$acl_m_quarantined}{}{yes}{no}} #IS_NOT_QUARANTINED=and{{eq{$acl_m_quarantined}{}}{!match{X-Spam-Action:}{quarantined}}{!forany{${sg{$acl_m_quarantined_per_rcpt}{, }{:}}}{eq{$item}{$local_part@$domain}}}} ifdef(`confQUARANTINED_SEND_TO_RELAYTO_DOMAINS', `ifelse(confQUARANTINED_SEND_TO_RELAYTO_DOMAINS, `NO', ` IS_NOT_QUARANTINED=and{\ {eq{$acl_m_quarantined}{}}\ {!match{$h_X-Spam-Action:}{quarantined}}\ {!match{$h_X-Quarantined:}{YES}}\ {!forany{${sg{$acl_m_quarantined_per_rcpt}{, }{:}}}{eq{$item}{$local_part@$domain}}}\ } ', `dnl IS_NOT_QUARANTINED_CORE=and{\ {eq{$acl_m_quarantined}{}}\ {!match{$h_X-Spam-Action:}{quarantined}}\ {!match{$h_X-Quarantined:}{YES}}\ {!forany{${sg{$acl_m_quarantined_per_rcpt}{, }{:}}}{eq{$item}{$local_part@$domain}}}\ } IS_NOT_QUARANTINED=or{\ {and{\ {match_domain{$domain}{+relay_to_domains_personal_quarantine}}\ {eq{${lookup{$local_part@$domain}wildlsearch{CONFDIR/recipients_no_personal_quarantine}{yes}{no}}}{no}}\ }}\ {IS_NOT_QUARANTINED_CORE}\ } ')') dnl ifdef(`confQUARANTINED_SEND_TO_RELAYTO_DOMAINS', `ifelse(confQUARANTINED_SEND_TO_RELAYTO_DOMAINS, `NO', `')') ')dnl ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `') ifdef(`confGREYLIST', `ifelse(confGREYLIST, `NO', `', `dnl FEATURE(`greylist')dnl ')') ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl FEATURE(`auth')dnl ')') ifdef(`confSMTP_AUTH_CLIENT', `ifelse(confSMTP_AUTH_CLIENT, `NO', `', `dnl FEATURE(`auth_client')dnl ')') #helo_try_verify_hosts = ! +relay_from_hosts helo_accept_junk_hosts = +relay_from_hosts #sender_unqualified_hosts = +relay_from_hosts #recipient_unqualified_hosts = +relay_from_hosts ifdef(`confCHECK_RELAY_DROPPED', `ifelse(confCHECK_RELAY_DROPPED, `NO', `', `dnl ACL(`check_relay_dropped')dnl ')') define(`confCHECK_HELO_FQDN', `NO')dnl ifdef(`confCHECK_HELO_FQDN_FORGED', `ifelse(confCHECK_HELO_FQDN_FORGED, `NO', `', `define(`confCHECK_HELO_FQDN', `YES')')') ifdef(`confCHECK_HELO_FQDN_DEFER', `ifelse(confCHECK_HELO_FQDN_DEFER, `NO', `', `define(`confCHECK_HELO_FQDN', `YES')')') ifdef(`confCHECK_HELO_FQDN_NOT_RESOLVABLE',`ifelse(confCHECK_HELO_FQDN_NOT_RESOLVABLE,`NO', `', `define(`confCHECK_HELO_FQDN', `YES')')') ifdef(`confCHECK_HELO_FQDN', `ifelse(confCHECK_HELO_FQDN, `NO', `', `dnl ACL(`check_helo_fqdn')dnl ')') ifdef(`confCHECK_ACCESS_RELAY', `ifelse(confCHECK_ACCESS_RELAY, `NO', `', `dnl ACL(`check_relay')dnl ')') ifelse(confDNSBL0_NAME, `confDNSBL0_NAME', `dnl', ` FEATURE(`dnsbl')dnl ') ifdef(`confVERIFY_SENDER', `ifelse(confVERIFY_SENDER, `NO', `', `dnl FEATURE(`verify_sender')dnl ')') ifdef(`confVIRTUSERTABLE', `ifelse(confVIRTUSERTABLE, `NO', `', `dnl FEATURE(`virtusertable')dnl ')') ifdef(`confDOMAIN_LITERALS', `ifelse(confDOMAIN_LITERALS, `NO', `', `dnl FEATURE(`domain_literals')dnl ')') ifdef(`confCHECK_FAKE_INTERNAL', `ifelse(confCHECK_FAKE_INTERNAL, `NO', `', `dnl ACL(`check_fake_internal')dnl ')') lookup_open_max = 50 ifdef(`confCONFIGURE_GENERAL', `ifelse(confCONFIGURE_GENERAL, `NO', `', `dnl include(confCONFIGURE_GENERAL)dnl ')') ifdef(`confLOCAL_INTERFACES', `ifelse(len(X`'confLOCAL_INTERFACES), `1', `', `dnl # default with IPv4 support: # local_interfaces = 0.0.0.0 # default with IPv4 & IPv6 support: # local_interfaces = <; ::0 ; 0.0.0.0 local_interfaces = confLOCAL_INTERFACES ')') define(`confSMTP_BANNER_ADDITIONAL',`') ifdef(`confSMTP_BANNER_ADDITIONAL_ENABLE', `ifelse(confSMTP_BANNER_ADDITIONAL_ENABLE, `NO', `', `dnl define(`confSMTP_BANNER_ADDITIONAL_HELO',`\nStrongly recomended to use the fully-qualified domain name (FQDN) of the SMTP client\nor address literal in the EHLO/HELO command.\nOtherwise your host address will be listed in black list.') ifelse_strstr(confCHECK_HELO_OWN`'confCHECK_ACCESS_HELO, `SUBMIT',` define(`confSMTP_BANNER_ADDITIONAL', confSMTP_BANNER_ADDITIONAL_HELO) ') ')') ifdef(`confSMTP_BANNER',`',`define(`confSMTP_BANNER',`')') ifelse(len(X`'confSMTP_BANNER), `1', ` ifelse(confANONYM_BANNER_HIDE_MTA_INFO, `NO',`',` smtp_banner = $primary_hostname ESMTP ifelse_strstr(confANONYM_BANNER_HIDE_MTA_INFO, `ALL',`daemon',`ifelse_strstr(confANONYM_BANNER_HIDE_MTA_INFO, `MTA',`daemon',`Exim`'ifelse_strstr(confANONYM_BANNER_HIDE_MTA_INFO, `VERSION',` daemon',` $version_number')')`'ifelse_strstr(confANONYM_BANNER_HIDE_MTA_INFO, `DATE',`',` $tod_full')')`'confSMTP_BANNER_ADDITIONAL ') ', ` smtp_banner = confSMTP_BANNER`'confSMTP_BANNER_ADDITIONAL ') acl_smtp_connect = acl_check_connect ifdef(`confSTARTTLS', `ifelse(confSTARTTLS, `NO', `', `ifdef(`confTLS_CERTIFICATE', `ifelse(len(X`'confTLS_CERTIFICATE), `1', `', `dnl acl_smtp_starttls = acl_check_starttls ')')')')dnl ifdef(`confETRN_ENABLE', `ifelse(confETRN_ENABLE, `NO', `', `dnl acl_smtp_etrn = acl_check_etrn ')')dnl acl_smtp_helo = acl_check_helo ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl acl_smtp_auth = acl_check_auth ')')dnl acl_smtp_mail = acl_check_mail acl_smtp_rcpt = acl_check_rcpt acl_smtp_predata = acl_check_predata ifelse_strstr(confDKIM_CHECK, `YES', `dnl FEATURE(`dkim')dnl ')dnl acl_smtp_mime = acl_check_mime acl_smtp_data = acl_check_data acl_not_smtp = acl_check_not_smtp acl_smtp_quit = acl_check_quit acl_smtp_notquit = acl_check_notquit ifelse_strstr(confIPv6, `DISABLE', `dnl define(`confIPv6', `NO')dnl disable_ipv6 = true ') dnl ifelse_strstr(confIPv6, `DISABLE', `') ifdef(`confQUALIFY_DOMAIN', `dnl qualify_domain = confQUALIFY_DOMAIN ', `errprint(`*** ERROR: confQUALIFY_DOMAIN must be specified ')') # qualify_recipient = dnl received_header_text = Received: \ dnl ${if def:sender_rcvhost {from $sender_rcvhost\n\t}{\ dnl ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}\ dnl ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}\ dnl }}\ dnl by $primary_hostname \ dnl ${if def:received_protocol {with $received_protocol}} \ dnl ${if def:tls_cipher {($tls_cipher)\n\t}}\ dnl (Exim $version_number (FreeBSD))\n\ dnl \t${if def:sender_address {(envelope-from <$sender_address>)\n\t}}\ dnl id $message_exim_id\ dnl ${if def:received_for {\n\tfor $received_for}} dnl received_header_text = Received: \ dnl ${if def:sender_rcvhost {from $sender_rcvhost\n\t}{\ dnl ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}\ dnl ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}\ dnl }}\ dnl by $primary_hostname \ dnl ${if def:received_protocol {with $received_protocol }}\ dnl ${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}\ dnl (Exim $version_number (FreeBSD))\n\ dnl \t${if def:sender_address {(envelope-from <$sender_address>)\n\t}}\ dnl id $message_exim_id\ dnl ${if def:received_for {\n\tfor $received_for}} ifdef(`confRECEIVED_HEADER_TEXT', `dnl received_header_text = confRECEIVED_HEADER_TEXT ', `dnl ifdef(`confRECEIVED_HEADER_TEXT', `') ifdef(`confRECEIVED_PRIMARY_HOSTNAME', `ifelse(len(X`'confRECEIVED_HEADER_TEXT_TLS), `1', ` define(`confRECEIVED_PRIMARY_HOSTNAME', `$primary_hostname')dnl ', `')', `dnl define(`confRECEIVED_PRIMARY_HOSTNAME', `$primary_hostname')dnl ') dnl define(`confRECEIVED_HEADER_TEXT_TLS_', `${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std}}')dnl ifdef(`confRECEIVED_HEADER_TEXT_TLS', `ifelse(len(X`'confRECEIVED_HEADER_TEXT_TLS), `1', ` define(`confRECEIVED_HEADER_TEXT_TLS', confRECEIVED_HEADER_TEXT_TLS_)dnl ', `')', `dnl define(`confRECEIVED_HEADER_TEXT_TLS', confRECEIVED_HEADER_TEXT_TLS_)dnl ') dnl received_header_text = Received: \ ${if def:sender_rcvhost \ ifelse_strstr(confANONYM_RCVD_HIDE_HOST_INFO, `YES', `dnl {from ${if eq{$acl_m_anonym}{anonym}{localhost ([127.0.0.1])}{$sender_rcvhost}}\n\t}\ ', `dnl ifelse_strstr(confANONYM_RCVD_HIDE_HOST_INFO, `YES', `') {from $sender_rcvhost\n\t}\ ') dnl ifelse_strstr(confANONYM_RCVD_HIDE_HOST_INFO, `YES', `') {${if def:sender_ident {from ${quote_local_part:$sender_ident} }}\ ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\ by confRECEIVED_PRIMARY_HOSTNAME\ ${if def:received_protocol { with $received_protocol}}\ confRECEIVED_HEADER_TEXT_TLS\ \n\t\ ifelse_strstr(confANONYM_RCVD_HIDE_MTA_INFO, `ALL', `', `dnl (Exim`'ifelse_strstr(confANONYM_RCVD_HIDE_MTA_INFO, `VERSION', `', ` $version_number')`'ifelse_strstr(confANONYM_RCVD_HIDE_MTA_INFO, `OS', `', ` (ifdef(`confOS2', `ifelse(len(X`'confOS2), `1', `confOS', `confOS2')', `confOS'))'))\n\t\ ') dnl ifelse_strstr(confANONYM_RCVD_HIDE_MTA_INFO, `ALL', `', `') ${if def:sender_address {(envelope-from <$sender_address>)\n\t}}\ id $message_exim_id\ ${if def:received_for {\n\tfor $received_for}} ') dnl ifdef(`confRECEIVED_HEADER_TEXT', `') ifdef(`confMESSAGE_SIZE_LIMIT', `ifelse(len(X`'confMESSAGE_SIZE_LIMIT), `1', `', `dnl ifelse(confMESSAGE_SIZE_LIMIT, `0', `', `dnl message_size_limit = confMESSAGE_SIZE_LIMIT ')')') #return_size_limit = 10K bounce_return_size_limit = 10K ifdef(`confEXIM_USER', `',`define(`confEXIM_USER',`mailnull')') ifdef(`confEXIM_GROUP',`',`define(`confEXIM_GROUP',`mail')') exim_user = confEXIM_USER exim_group = confEXIM_GROUP # never_users = root ifdef(`confTRUSTED_USERS', `trusted_users = confTRUSTED_USERS') ifdef(`confTRUSTED_GROUPS', `trusted_groups = confTRUSTED_GROUPS') ifelse(len(X`'confSYSTEM_FILTER), `1', `', `dnl FEATURE(`system_filter')dnl ') ifelse_strstr(confCONTENT_SCANNING, `RSPAMD', `dnl FEATURE(`rspamd')dnl ')dnl ifdef(`confMESSAGE_BODY_VISIBLE',`dnl ifelse(X`'confMESSAGE_BODY_VISIBLE,`X',`define(`confMESSAGE_BODY_VISIBLE',`5000')')dnl ',`dnl define(`confMESSAGE_BODY_VISIBLE',`5000')dnl ')dnl message_body_visible = confMESSAGE_BODY_VISIBLE message_body_newlines = true define(`_ACCEPT_8BITMIME', `false')dnl ifdef(`confACCEPT_8BITMIME', `ifelse(confACCEPT_8BITMIME, `YES', `dnl define(`_ACCEPT_8BITMIME', `true')dnl ')') accept_8bitmime = _ACCEPT_8BITMIME # The settings below, which are actually the same as the defaults in the # code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP # calls. You can limit the hosts to which these calls are made, and/or change # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls # are disabled. RFC 1413 calls are cheap and can provide useful information # for tracing problem messages, but some hosts and firewalls have problems # with them. This can result in a timeout instead of an immediate refused # connection, leading to delays on starting up SMTP sessions. (The default was # reduced from 30s to 5s for release 4.61.) #rfc1413_hosts = * #rfc1413_query_timeout = 5s #rfc1413_hosts = +relay_from_hosts #rfc1413_query_timeout = 5s # turn off ident requests rfc1413_hosts = : rfc1413_query_timeout = 0s smtp_return_error_details = true host_lookup = ifdef(`confHOST_LOOKUP', confHOST_LOOKUP, `*')dnl # When Exim can neither deliver a message nor return it to sender, it "freezes" # the delivery error message (aka "bounce message"). There are also other # circumstances in which messages get frozen. They will stay on the queue for # ever unless one of the following options is set. # This option unfreezes frozen bounce messages after two days, tries # once more to deliver them, and ignores any delivery failures. ifdef(`confIGNORE_BOUNCE_ERRORS_AFTER', `ifelse(len(X`'confIGNORE_BOUNCE_ERRORS_AFTER), `1', ` ignore_bounce_errors_after = 2d ', `dnl ignore_bounce_errors_after = confIGNORE_BOUNCE_ERRORS_AFTER ')') dnl ifdef(`confIGNORE_BOUNCE_ERRORS_AFTER', `ifelse(len(X`'confIGNORE_BOUNCE_ERRORS_AFTER), `1', `')') # This option cancels (removes) frozen messages that are older than a week. ifdef(`confTIMEOUT_FROZEN_AFTER', `ifelse(len(X`'confTIMEOUT_FROZEN_AFTER), `1', ` timeout_frozen_after = 7d ', `dnl timeout_frozen_after = confTIMEOUT_FROZEN_AFTER ')') dnl dnl ifdef(`confSTARTTLS', `ifelse(confSTARTTLS, `NO', `', `dnl dnl FEATURE(`starttls')dnl dnl ')') ifdef(`confSTARTTLS', `ifelse(confSTARTTLS, `NO', `dnl tls_advertise_hosts = hostlist skip_tls_using = CONFDIR/skip_tls_using ', `dnl FEATURE(`starttls')dnl ')',`dnl tls_advertise_hosts = hostlist skip_tls_using = CONFDIR/skip_tls_using ') dnl ifdef(`confMESSAGE_ID_HEADER_ADD', `ifelse(confMESSAGE_ID_HEADER_ADD, `NO', `', `dnl FEATURE(`add_message_id')dnl ')') dnl ifdef(`confMAILMAN', `ifelse(confMAILMAN, `NO', `', `dnl FEATURE(`mailman')dnl ')') dnl ifdef(`confANTIVIRUS0_ACT', `dnl av_scanner = $acl_m0 ') dnl ifelse_strstr(confCONTENT_SCANNING, `SPAMASSASSIN', `dnl FEATURE(`spamassassin')dnl ') dnl ifelse_strstr(` 'confCONTENT_SCANNING, ` SPAMD', `dnl FEATURE(`spamd')dnl ') dnl ifelse_strstr(confCONTENT_SCANNING, `DCC', `dnl FEATURE(`dcc')dnl ') dnl ifdef(`confSRS', `ifelse(confSRS, `NO', `', `dnl FEATURE(`srs')dnl ')') dnl ifdef(`confBATV', `ifelse(confBATV, `NO', `', `dnl FEATURE(`batv')dnl ')') dnl ifdef(`confDMARC', `ifelse(confDMARC, `NO', `', `dnl FEATURE(`dmarc')dnl ')') dnl ifdef(`confAUTH_RESULTS_ADD', `ifelse(confAUTH_RESULTS_ADD, `NO', `', `dnl FEATURE(`auth_results')dnl ')') dnl ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `dnl define(`confFAKE_REJECT', `YES') dnl ') dnl ifdef(`confFAKE_REJECT',`',`define(`confFAKE_REJECT', `NO')') dnl ifdef(`confFAKE_DEFER',`',`define(`confFAKE_DEFER', `NO')') dnl ifdef(`confCHECK_FILE_EXT', `ifelse(confCHECK_FILE_EXT, `NO', `', `dnl ACL(`check_ext')dnl ')') dnl #dns_check_names_pattern = (?i)^(?>(?(1)\.|())[^\W_](?>[a-z0-9/-]*[^\W_])?)+$ dns_check_names_pattern = (?i)^(?>(?(1)\.|())[^\W](?>[a-z0-9/-]*[^\W])?)+$ #EXPAND_VALUE=${if match{$value}{\N.+(lookup |[\{\}])\N}{${expand:$value}}{$value}} EXPAND_VALUE=${if match{$value}{\N.+(lookup |[\{\}])\N}{${expand:ifdef(`confLDAP_PROTO', `ifelse(confLDAP_PROTO, `ldaps', `${sg{$value}{ldap://}{confLDAP_PROTO://}}', `$value')', `$value')}}{$value}} ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # ###################################################################### begin acl acl_check_connect: define(`SECTION', `ACL_CHECK_CONNECT')dnl warn set acl_c_pid = $pid ifdef(`confSTARTTLS', `ifelse(confSTARTTLS, `NO', `', `ifdef(`confTLS_CERTIFICATE', `ifelse(len(X`'confTLS_CERTIFICATE), `1', `', `dnl deny ! hosts = +relay_from_hosts : +trusted_hosts condition = ${if eq{$tls_in_sni}{}{no}{yes}} condition = ${if match{$tls_in_sni}{\N^(([a-zA-Z\d\-]+\.)+[a-zA-Z]{2,}|\d+\.\d+\.\d+\.\d+)$\N}{no}{yes}} message = Access denied log_message = Restricted character in \$tls_in_sni "$tls_in_sni" (acl_check_connect) # CVE-2019-15846 workaround deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}} message = Access denied log_message = Restricted character in \$tls_in_sni "$tls_in_sni" (acl_check_connect) deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}} message = Access denied log_message = Restricted character in \$tls_in_peerdn "$tls_in_peerdn" (acl_check_connect) ')')')') drop condition = ${if match{$sender_host_name}{\N.*(\\|\/|\$|\{|\})\N}{yes}{no}} message = Restricted characters in the sender host name $sender_host_name drop condition = ${if isip4{$sender_host_address}{no}{yes}} condition = ${if isip6{$sender_host_address}{no}{yes}} message = Unparsable value of the sender host address $sender_host_address warn set acl_c_sender_host_address = ${acl{detaint}{$sender_host_address}} ifdef(`confCHECK_RELAY_DROPPED', `ifelse(confCHECK_RELAY_DROPPED, `NO', `', `ifelse(confCHECK_RELAY_DROPPED_LOG_ADDITIONAL_INFO, `NO', `dnl ACL(`check_relay_dropped')dnl ')')') ifelse_strstr(confNO_ENFORCE_SYNC, `YES', `dnl warn hosts = confNO_ENFORCE_SYNC_HOSTS control = no_enforce_sync ') ifelse_strstr(confANONYM_RCVD_HIDE_HOST_INFO, `YES', `dnl warn set acl_m_anonym = hosts = +relay_from_hosts set acl_m_anonym = anonym ') warn set acl_c_sender_host_name = ifdef(`confHOST_LOOKUP', `ifelse(`X'confHOST_LOOKUP, `X', `', `dnl condition = ${if match_ip{$sender_host_address}{confHOST_LOOKUP}{yes}{no}} ')') dnl ifdef(`confHOST_LOOKUP', `ifelse(`X'confHOST_LOOKUP, `X', `', `')') set acl_c_sender_host_name = ${acl{detaint}{$sender_host_name}} define(`confRESOLVE_PTR_RECORD', `NO') ifdef(`confCHECK_RELAY_FORGED', `ifelse(confCHECK_RELAY_FORGED, `NO', `', `define(`confRESOLVE_PTR_RECORD', `YES')')') ifdef(`confCHECK_RELAY_RESOLVE', `ifelse(confCHECK_RELAY_RESOLVE, `NO', `', `define(`confRESOLVE_PTR_RECORD', `YES')')') ifdef(`confCHECK_ACCESS_RELAY', `ifelse(confCHECK_ACCESS_RELAY, `NO', `', `define(`confRESOLVE_PTR_RECORD', `YES')')') ifdef(`confCHECK_HELO_FORGED', `ifelse(confCHECK_HELO_FORGED, `NO', `', `define(`confRESOLVE_PTR_RECORD', `YES')')') ifdef(`confANTIVIRUS_0_NAME', `define(`confRESOLVE_PTR_RECORD', `YES')') ifelse(confRESOLVE_PTR_RECORD, `YES', `dnl warn set acl_c_RR = ifdef(`confHOST_LOOKUP', `dnl condition = ${if match_ip{$sender_host_address}{confHOST_LOOKUP}{yes}{no}} ') dnl ifdef(`confHOST_LOOKUP', `') ifelse_strstr(confCHECK_RELAY_RESOLVE_SKIP, `ACCESS', `dnl condition = ${lookup{$sender_host_address}iplsearch{CONFDIR/access-relay}\ {${if eq{${lc:$value}}{ok}{no}{yes}}}\ {yes}} ') dnl ifelse_strstr(confCHECK_RELAY_RESOLVE_SKIP, `ACCESS', `') condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{yes}{no}} set acl_c_RR = ${lookup dnsdb{ptr=$sender_host_address}} ') dnl ifelse(confRESOLVE_PTR_RECORD, `YES', `') FEATURE(`ip2asn')dnl FEATURE(`ip2country')dnl ifelse(confIP2ASN, `YES', `dnl warn set acl_c_geo_data = $acl_c_geo_data; AS=$acl_c_sender_host_address_asn ')dnl ifelse(confIP2COUNTRY, `YES', `dnl warn set acl_c_geo_data = $acl_c_geo_data; country=$acl_c_sender_host_address_country ')dnl ifelse(confIP2CONTINENT, `YES', `dnl warn set acl_c_geo_data = $acl_c_geo_data; continent=$acl_c_sender_host_address_continent ')dnl define(`_GEO_DATA_', `')dnl define(`_GEO_DATA_INFO_', `')dnl define(`_GEO_DATA_INFO_FIRST_ITEM', `YES')dnl ifelse(confIP2ASN, `YES', `dnl define(`_GEO_DATA_', `YES')dnl ifelse(_GEO_DATA_INFO_FIRST_ITEM, `NO', `define(`_GEO_DATA_INFO_', _GEO_DATA_INFO_`; ')')dnl define(`_GEO_DATA_INFO_', _GEO_DATA_INFO_`ASN=$acl_c_sender_host_address_asn')dnl define(`_GEO_DATA_INFO_FIRST_ITEM', `NO')dnl ')dnl ifelse(confIP2COUNTRY, `YES', `dnl define(`_GEO_DATA_', `YES')dnl ifelse(_GEO_DATA_INFO_FIRST_ITEM, `NO', `define(`_GEO_DATA_INFO_', _GEO_DATA_INFO_`; ')')dnl define(`_GEO_DATA_INFO_', _GEO_DATA_INFO_`country=$acl_c_sender_host_address_country')dnl define(`_GEO_DATA_INFO_FIRST_ITEM', `NO')dnl ')dnl ifelse(confIP2CONTINENT, `YES', `dnl define(`_GEO_DATA_', `YES')dnl ifelse(_GEO_DATA_INFO_FIRST_ITEM, `NO', `define(`_GEO_DATA_INFO_', _GEO_DATA_INFO_`; ')')dnl define(`_GEO_DATA_INFO_', _GEO_DATA_INFO_`continent=$acl_c_sender_host_address_continent')dnl define(`_GEO_DATA_INFO_FIRST_ITEM', `NO')dnl ')dnl ifelse(_GEO_DATA_, `YES', `dnl define(`_GEO_DATA_INFO_', ` ('_GEO_DATA_INFO_`)')dnl warn set acl_c_geo_data = ${sg{$acl_c_geo_data}{\N^;\s*\N}{}} ') dnl ifelse(_GEO_DATA_, `YES', `') ifdef(`confCHECK_ACCESS_RELAY_OS', `ifelse(confCHECK_ACCESS_RELAY_OS, `NO', `', `dnl ACL(`check_relay_os')dnl ')') ifdef(`confCHECK_RELAY_DROPPED', `ifelse(confCHECK_RELAY_DROPPED, `NO', `', `ifelse(confCHECK_RELAY_DROPPED_LOG_ADDITIONAL_INFO, `NO', `', `dnl ACL(`check_relay_dropped')dnl ')')') ifdef(`confRATELIMIT', `ifelse(confRATELIMIT, `NO', `', ` FEATURE(`ratelimit') ')') ifelse_strstr(confIPv6, `YES', `dnl dnl define(`_SENDER_HOST_ADDRESS_IPV6_COMPACT', `NO')dnl ifdef(`confVERIFY_SENDER', `ifelse(confVERIFY_SENDER, `NO', `', `dnl ifdef(`confVERIFY_SENDER_DEFER_OK_PHP', `ifelse(confVERIFY_SENDER_DEFER_OK_PHP, `NO', `', `define(`_SENDER_HOST_ADDRESS_IPV6_COMPACT', `YES')')') ')') dnl ifdef(`confVERIFY_SENDER', `ifelse(confVERIFY_SENDER, `NO', `', `')') ifdef(`confCHECK_HELO_FQDN_FORGED', `ifelse(confCHECK_HELO_FQDN_FORGED, `NO', `', `define(`_SENDER_HOST_ADDRESS_IPV6_COMPACT', `YES')')') ifdef(`confCHECK_HELO_FQDN_DEFER', `ifelse(confCHECK_HELO_FQDN_DEFER, `NO', `', `define(`_SENDER_HOST_ADDRESS_IPV6_COMPACT', `YES')')') ifdef(`confCHECK_HELO_FQDN_NOT_RESOLVABLE', `ifelse(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `NO', `', `define(`_SENDER_HOST_ADDRESS_IPV6_COMPACT', `YES')')') dnl ifelse(_SENDER_HOST_ADDRESS_IPV6_COMPACT, `YES', `dnl warn condition = ${if isip6{$sender_host_address}{yes}{no}} set acl_c_sender_host_address_ipv6_compact = ${ipv6norm:$sender_host_address} ') dnl ifelse(_SENDER_HOST_ADDRESS_IPV6_COMPACT, `YES', `') ') dnl ifelse_strstr(confIPv6, `YES', `') accept ifdef(`confSTARTTLS', `ifelse(confSTARTTLS, `NO', `', `ifdef(`confTLS_CERTIFICATE', `ifelse(len(X`'confTLS_CERTIFICATE), `1', `', `dnl acl_check_starttls: accept ')')')') ifdef(`confETRN_ENABLE', `ifelse(confETRN_ENABLE, `NO', `', `dnl acl_check_etrn: FEATURE(`etrn')dnl ')') acl_check_helo: define(`SECTION', `ACL_CHECK_HELO')dnl warn set acl_m_smtp_command_helo = $smtp_command ifdef(`confSTARTTLS', `ifelse(confSTARTTLS, `NO', `', `ifdef(`confTLS_CERTIFICATE', `ifelse(len(X`'confTLS_CERTIFICATE), `1', `', `dnl deny ! hosts = +relay_from_hosts : +trusted_hosts condition = ${if eq{$tls_in_sni}{}{no}{yes}} condition = ${if match{$tls_in_sni}{\N^(([a-zA-Z\d\-]+\.)+[a-zA-Z]{2,}|\d+\.\d+\.\d+\.\d+)$\N}{no}{yes}} message = Access denied log_message = Restricted character in \$tls_in_sni "$tls_in_sni" (acl_check_helo) # CVE-2019-15846 workaround deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}} message = Access denied log_message = Restricted character in \$tls_in_sni "$tls_in_sni" (acl_check_helo) deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}} message = Access denied log_message = Restricted character in \$tls_in_peerdn "$tls_in_peerdn" (acl_check_helo) ')')')') warn set acl_c_sender_helo_name = ${acl{detaint}{$sender_helo_name}} ifdef(`confCHECK_ACCESS_HELO_PRECHECK', `ifelse(confCHECK_ACCESS_HELO_PRECHECK, `NO', `', `dnl ACL(`check_helo')dnl ')') ifdef(`confSMTP_AUTH_RELAY', `ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl FEATURE(`auth_relay')dnl ')') accept ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', ` acl_check_auth: define(`SECTION', `ACL_CHECK_AUTH')dnl warn set acl_m_smtp_command_auth = $smtp_command ifelse(confFAKE_REJECT, `NO', `', `dnl deny condition = ${if eq{$acl_c_fakereject}{}{no}{yes}} message = ${extract{3}{|}{$acl_c_fakereject}} log_message = ${extract{1}{|}{$acl_c_fakereject}} ') dnl ifelse(confFAKE_REJECT, `NO', `', `') ifelse(confFAKE_DEFER, `NO', `', `dnl defer condition = ${if eq{$acl_c_fakedefer}{}{no}{yes}} message = ${extract{3}{|}{$acl_c_fakedefer}} log_message = ${extract{1}{|}{$acl_c_fakedefer}} ') dnl ifelse(confFAKE_DEFER, `NO', `', `') # количество попыток аутентификации при передаче текущего письма # RSET после AUTH не сбрасывает счётчик попыток аутентификации # т. е. это количество попыток аутентификации перед acl_check_mail/acl_check_quit/acl_checl_notquit # потенциально неудачными являются или все эти попытки аутентификации или все, кроме последней warn set acl_c_auth_attemps = ${eval:0$acl_c_auth_attemps+1} ifdef(`confRATELIMIT', `ifelse(confRATELIMIT, `NO', `', `dnl FEATURE(`ratelimit')dnl ')') FEATURE(`auth')dnl accept ')') dnl ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `')') acl_check_mail: define(`SECTION', `ACL_CHECK_MAIL')dnl ifelse(confFAKE_REJECT, `NO', `', `dnl warn condition = ${if eq{$acl_m_fakereject}{}{yes}{no}} set acl_m_fakereject = $acl_c_fakereject warn condition = ${if eq{$acl_m_add_x_orig_rcpt}{}{yes}{no}} set acl_m_add_x_orig_rcpt = $acl_c_add_x_orig_rcpt ') dnl ifelse(confFAKE_REJECT, `NO', `', `') ifelse(confFAKE_DEFER, `NO', `', `dnl warn condition = ${if eq{$acl_m_fakedefer}{}{yes}{no}} set acl_m_fakedefer = $acl_c_fakedefer warn condition = ${if eq{$acl_m_add_x_orig_rcpt}{}{yes}{no}} set acl_m_add_x_orig_rcpt = $acl_c_add_x_orig_rcpt ') dnl ifelse(confFAKE_DEFER, `NO', `', `') warn set acl_m_sender_address = ${acl{detaint}{$sender_address}} set acl_m_sender_address_domain = ${acl{detaint}{$sender_address_domain}} set acl_m_sender_address_local_part = ${acl{detaint}{$sender_address_local_part}} # CVE-2019-10149 workaround # Проверка использования недопустимых символов в почтовом ящике отправителя drop condition = ${if match{$sender_address}{\N.*(\$|\\x24|\\0?44).*run.*\N}{yes}{no}} message = Restricted characters in the sender address $sender_address sinclude(confSITE_DIR`/configure.backup_smtp_mail.m4') sinclude(confSITE_DIR`/configure.acl_smtp_mail_top.m4') ifdef(`confSMTP_AUTH_RELAY', `ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl FEATURE(`auth_relay')dnl ')') warn set acl_m_smtp_command_mail_from = ${smtp_command}${if or{\ {eq{$message_size}{-1}}\ {match{${smtp_command}}{\N(?i).+\sSIZE=\d+\N}}\ }{}{ SIZE=$message_size}} warn hosts = : set acl_m_wl_flag_msg = submitted=1 $acl_m_wl_flag_msg warn hosts = +relay_from_hosts set acl_m_wl_flag_msg = relay_from_hosts=1 $acl_m_wl_flag_msg warn authenticated = * set acl_m_wl_flag_msg = authenticated=1 $acl_m_wl_flag_msg ifdef(`confWHITE_LIST_RELAYS', `ifelse(confWHITE_LIST_RELAYS, `NO', `', ` warn hosts = +relay_white_list dnl # domains = +local_domains`'ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', ` : +relay_to_domains')') set acl_m_wl_flag_msg = white_list_relays=1 $acl_m_wl_flag_msg set acl_m_skip_verify_recipient = yes ')') ifdef(`confWHITE_LIST_SENDERS', `ifelse(confWHITE_LIST_SENDERS, `NO', `', ` warn set acl_m1 = no senders = @@wildlsearch;CONFDIR/senders-whitelist set acl_m1 = yes warn condition = ${if eq{$acl_m1}{no}{yes}{no}} condition = ${lookup{$sender_address}wildlsearch{CONFDIR/senders-whitelist}{yes}{no}} set acl_m1 = yes warn condition = $acl_m1 dnl # domains = +local_domains`'ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', ` : +relay_to_domains')') set acl_m_wl_flag_msg = white_list_senders=1 $acl_m_wl_flag_msg ')') ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl FEATURE(`auth')dnl ')') ifdef(`confRATELIMIT', `ifelse(confRATELIMIT, `NO', `', `dnl dnl перед FEATURE(`ratelimit') должен обзательно быть указан FEATURE(`auth'), т. к. в нем FEATURE(`ratelimit') используются переменные, значения которых вычисляютс в FEATURE(`auth') FEATURE(`ratelimit')dnl ')') ifdef(`confMESSAGE_SIZE_LIMIT_OUT', `ifelse(confMESSAGE_SIZE_LIMIT_OUT, `NO', `', `dnl ACL(`check_max_out_msg_size')dnl ')') accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{authenticated}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m_wl_flag_msg}}}{1}}\ }{yes}{no}} ifelse_strstr(confCONTENT_SCANNING, `SPAMASSASSIN', `dnl FEATURE(`spamassassin')dnl ') ifelse_strstr(` 'confCONTENT_SCANNING, ` SPAMD', `dnl FEATURE(`spamd')dnl ') ifdef(`confCHECK_RELAY_RESOLVE', `ifelse(confCHECK_RELAY_RESOLVE, `NO', `', `dnl ifelse_strstr(confCHECK_RELAY_RESOLVE, `MAIL', `dnl ACL(`check_relay_resolve')dnl ',` ifelse_strstr(confCHECK_RELAY_RESOLVE, `RCPT', `', `dnl define(`confCHECK_RELAY_RESOLVE', confCHECK_RELAY_RESOLVE` RCPT') ') ')')') ifdef(`confCHECK_FAKE_INTERNAL', `ifelse(confCHECK_FAKE_INTERNAL, `NO', `', `dnl ACL(`check_fake_internal')dnl ') dnl ') dnl accept acl_check_rcpt: define(`SECTION', `ACL_CHECK_RCPT')dnl # Проверка использования недопустимых символов в почтовом ящике получателя deny domains = +local_domains local_parts = ^[.] : ^.*[\$@%!/|] message = Restricted characters in the recipient address $local_part@$domain # CVE-2019-10149 workaround deny domains = +local_domains condition = ${if match{$local_part}{\N^(\.|.*[\$@%!/|]|.*\\x24|.*\\0?44)\N}{yes}{no}} message = Restricted characters in the recipient address $local_part@$domain deny domains = !+local_domains condition = ${if match{$local_part}{\N^(\.|.*[\$@%!/|]|.*\\x24|.*\\0?44)\N}{yes}{no}} message = Restricted characters in the recipient address $local_part@$domain warn set acl_m_domain = ${acl{detaint}{$domain}} set acl_m_local_part = ${acl{detaint}{$local_part}} warn set acl_m_smtp_command_rcpt_to = $smtp_command warn set acl_m_smtp_command_rcpt_tos = ${acl_m_smtp_command_rcpt_tos}${smtp_command}\n warn set acl_m9 = $acl_m_wl_flag_msg warn set acl_m9 = ${sg{$acl_m9}{\Nabuse_or_postmaster=\d*\N}{}} warn set acl_m9 = ${sg{$acl_m9}{\Nwhite_list_compat=\d*\N}{}} warn set acl_m9 = ${sg{$acl_m9}{\Nspam_hater=\d*\N}{}} ifdef(`confMESSAGE_SIZE_LIMIT_IN', `ifelse(confMESSAGE_SIZE_LIMIT_IN, `NO', `', `dnl ACL(`check_max_in_msg_size')dnl ')') ifdef(`confSTARTTLS', `ifelse(confSTARTTLS, `NO', `', `dnl FEATURE(`starttls')dnl ')') ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl FEATURE(`auth')dnl ')') ifdef(`confSMTP_AUTH_RELAY', `ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl FEATURE(`auth_relay')dnl ')') ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `dnl warn set acl_m_optional_reject = scores=0 log_message= ')') ifdef(`confGREYLIST', `ifelse(confGREYLIST, `NO', `', `dnl define(`SECTION', `ACL_CHECK_RCPT_TOP')dnl FEATURE(`greylist')dnl define(`SECTION', `ACL_CHECK_RCPT')dnl ')') dnl ifdef(`confGREYLIST', `ifelse(confGREYLIST, `NO', `', `')') dnl ifdef(`confCHECK_ACCESS_MAIL', `ifelse(confCHECK_ACCESS_MAIL, `NO', `', `dnl dnl ACL(`check_mail')dnl dnl ')') ifelse(confAWL, `NO', `', ` FEATURE(`awl')dnl ') dnl ifelse(confAWL, `NO', `', `') ifdef(`confRECIPIENTS_SPAM_FRIENDS', `ifelse(confRECIPIENTS_SPAM_FRIENDS, `NO', `dnl warn set acl_m0 = domains = +local_domains confDOMAINS_ABUSE local_parts = postmaster : abuse set acl_m0 = abuse set acl_m9 = abuse_or_postmaster=1 $acl_m9 set acl_m_wl_flag_msg = abuse_or_postmaster=1 $acl_m_wl_flag_msg ', `dnl warn set acl_m0 = domains = +local_domains confDOMAINS_ABUSE recipients = @@wildlsearch;CONFDIR/recipients_spam_friends set acl_m0 = abuse set acl_m9 = abuse_or_postmaster=1 $acl_m9 set acl_m_wl_flag_msg = abuse_or_postmaster=1 $acl_m_wl_flag_msg ')') dnl ifdef(`confRECIPIENTS_SPAM_FRIENDS', `ifelse(confRECIPIENTS_SPAM_FRIENDS, `NO', `')') ifdef(`confRECIPIENTS_SPAM_HATERS', `ifelse(confRECIPIENTS_SPAM_HATERS, `NO', `', `dnl warn condition = ${if eq{$acl_m0}{}{yes}{no}} recipients = @@wildlsearch;CONFDIR/recipients_spam_haters set acl_m9 = spam_hater=1 $acl_m9 # set acl_m_wl_flag_msg = spam_hater=1 $acl_m_wl_flag_msg ')') dnl ifdef(`confRECIPIENTS_SPAM_HATERS', `ifelse(confRECIPIENTS_SPAM_HATERS, `NO', `')') warn set acl_m_check_rcpt_and_accept = ifdef(`confBATV', `ifelse(confBATV, `NO', `', `dnl FEATURE(`batv')dnl ')') ifdef(`confCHECK_ACCESS_COMPAT', `ifelse(confCHECK_ACCESS_COMPAT, `NO', `', `dnl ACL(`check_compat')dnl ')') ifdef(`confCHECK_ACCESS_COMPAT_RELAY', `ifelse(confCHECK_ACCESS_COMPAT_RELAY, `NO', `', `dnl ACL(`check_compat_relay')dnl ')') ifdef(`confCHECK_ACCESS_RCPT', `ifelse(confCHECK_ACCESS_RCPT, `NO', `', `dnl ACL(`check_rcpt')dnl ')') # Проверка существования получателей ifdef(`confCHECK_DICT_ATTACK', `ifelse(confCHECK_DICT_ATTACK, `NO', `', `dnl ACL(`check_dict_attack')dnl ')') ifdef(`confVIRTUSERTABLE', `ifelse(confVIRTUSERTABLE, `NO', `', `dnl FEATURE(`virtusertable')dnl ')') ifdef(`confDOMAIN_LITERALS', `ifelse(confDOMAIN_LITERALS, `NO', `', `dnl FEATURE(`domain_literals')dnl ')') # Проверка существования получателей из локальных доменов deny domains = +local_domains condition = ${if eq{$acl_m_skip_verify_recipient}{yes}{no}{yes}} ! recipients = @@wildlsearch;CONFDIR/skip_verify_recipient ifelse_strstr(confVIRT_MDIR_QUOTA, `VERIFY_RCPT_MAILDIRSIZE', `dnl log_message = User ${local_part}@${domain} verify failed ', `dnl ifelse_strstr(confVIRT_MDIR_QUOTA, `VERIFY_RCPT_CUSTOM', `dnl log_message = User ${local_part}@${domain} verify failed ', `dnl log_message = User ${local_part}@${domain} is unknown message = User ${local_part}@${domain} is unknown ')dnl ifelse_strstr(confVIRT_MDIR_QUOTA, `VERIFY_RCPT_CUSTOM', `', `') ')dnl ifelse_strstr(confVIRT_MDIR_QUOTA, `VERIFY_RCPT_MAILDIRSIZE', `', `') ! verify = recipient accept condition = ${if eq{$acl_m_check_rcpt_and_accept}{yes}{yes}{no}} ifdef(`confCHECK_RCPT_INCOMING_ONLY', `ifelse(confCHECK_RCPT_INCOMING_ONLY, `NO', `', `dnl ACL(`check_rcpt_incoming_only')dnl ')') ifdef(`confMAILERTABLE', `ifelse(confMAILERTABLE, `NO', `', `dnl DELIVERY(`mailertable')dnl ')') ifelse_strstr(confCONTENT_SCANNING, `SPAMASSASSIN', `dnl FEATURE(`spamassassin')dnl ') ifelse_strstr(` 'confCONTENT_SCANNING, ` SPAMD', `dnl FEATURE(`spamd')dnl ') ifelse_strstr(confVERIFY_RECIPIENT, `RCPT', `dnl deny hosts = +relay_from_hosts ! verify = recipient/callout=use_sender,confVERIFY_RECIPIENT_TIMEOUT,defer_ok message = Unrouteable address: $acl_verify_message ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl ifelse_strstr(` 'confRATELIMIT` ', ` AUTH_RCPT_UNKNOWN ', `dnl define(`SECTION', `ACL_CHECK_RCPT_VERIFY_RECIPIENT')dnl FEATURE(`ratelimit')dnl define(`SECTION', `ACL_CHECK_RCPT')dnl ',` deny authenticated = * ! verify = recipient/callout=use_sender,confVERIFY_RECIPIENT_TIMEOUT,defer_ok message = Unrouteable address: $acl_verify_message ') dnl ifelse_strstr(` 'confRATELIMIT` ', ` AUTH_RCPT_UNKNOWN ', `') ')') dnl ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `')') ',` ifelse_strstr(confVERIFY_RECIPIENT, `DOMAIN', `dnl deny hosts = +relay_from_hosts ! verify = recipient/defer_ok message = $local_part@$domain: Unrouteable address ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl deny authenticated = * ! verify = recipient/defer_ok message = $local_part@$domain: Unrouteable address ')') dnl ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `')') ') dnl ifelse_strstr(confVERIFY_RECIPIENT, `DOMAIN', `') ') dnl ifelse_strstr(confVERIFY_RECIPIENT, `RCPT', `') ifdef(`confRATELIMIT', `ifelse(confRATELIMIT, `NO', `', `dnl FEATURE(`ratelimit')dnl ')') ifdef(`confDMARC', `ifelse(confDMARC, `NO', `', `dnl FEATURE(`dmarc')dnl ')') FEATURE(`antivirus', ` # warn condition = ${if eq{$acl_m9}{}{no}{yes}} warn condition = ${if or{\ {eq{${extract{submitted}{$acl_m9}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m9}}}{1}}\ {eq{${extract{authenticated}{$acl_m9}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m9}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m9}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m9}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m9}}}{1}}\ }{yes}{no}}') sinclude(confSITE_DIR`/configure.backup_smtp_rcpt.m4') ifdef(`confGREYLIST', `ifelse(confGREYLIST, `NO', `', `dnl define(`SECTION', `ACL_CHECK_RCPT_MIDDLE')dnl FEATURE(`greylist')dnl define(`SECTION', `ACL_CHECK_RCPT')dnl ')') dnl ifdef(`confGREYLIST', `ifelse(confGREYLIST, `NO', `', `')') ifdef(`confCHECK_RELAY_RESOLVE', `ifelse(confCHECK_RELAY_RESOLVE, `NO', `', `dnl ifelse_strstr(confCHECK_RELAY_RESOLVE, `RCPT', `dnl define(`SECTION', `ACL_CHECK_RCPT_MIDDLE')dnl ACL(`check_relay_resolve')dnl define(`SECTION', `ACL_CHECK_RCPT')dnl ')')') # accept condition = ${if eq{$acl_m9}{}{no}{yes}} accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m9}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m9}}}{1}}\ {eq{${extract{authenticated}{$acl_m9}}}{1}}\ }{yes}{no}} control = submission/sender_retain acl = acl_check_rcpt_before_accept ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', `dnl define(`SECTION', `ACL_CHECK_RCPT_TOP')dnl warn set acl_m0 = ifdef(`confRECIPIENTS_SPAM_FRIENDS', `ifelse(confRECIPIENTS_SPAM_FRIENDS, `NO', `dnl domains = +local_domains confDOMAINS_ABUSE local_parts = postmaster : abuse ', `dnl recipients = @@wildlsearch;CONFDIR/recipients_spam_friends ')') dnl ifdef(`confRECIPIENTS_SPAM_FRIENDS', `ifelse(confRECIPIENTS_SPAM_FRIENDS, `NO', `')') set acl_m0 = accept # Проверка существования abuse адресов и spam friend-ов в рилеемых доменах FEATURE(`verify_recipient')dnl define(`SECTION', `ACL_CHECK_RCPT')dnl ')') dnl ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', `')') accept domains = +local_domains`'ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', ` : +relay_to_domains')') # condition = ${if eq{$acl_m9}{}{no}{yes}} # condition = ${if eq{${sg{$acl_m9}{\N\s*spam_hater=1\s*}{}}}{}{no}{yes}} condition = ${if or{\ {eq{${extract{submitted}{$acl_m9}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m9}}}{1}}\ {eq{${extract{authenticated}{$acl_m9}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m9}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m9}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m9}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m9}}}{1}}\ }{yes}{no}} acl = acl_check_rcpt_before_accept sinclude(confSITE_DIR`/configure.acl_smtp_rcpt_top.m4') ifdef(`confCHECK_ACCESS_MAIL', `ifelse(confCHECK_ACCESS_MAIL, `NO', `', `dnl ACL(`check_mail')dnl ')') ifdef(`confCHECK_ACCESS_RELAY_OS', `ifelse(confCHECK_ACCESS_RELAY_OS, `NO', `', `dnl ACL(`check_relay_os')dnl ')') ifdef(`confCHECK_HELO_OWN', `ifelse(confCHECK_HELO_OWN, `NO', `', `dnl ACL(`check_helo_own')dnl ')') ifdef(`confCHECK_HELO_FORGED', `ifelse(confCHECK_HELO_FORGED, `NO', `', `dnl ACL(`check_helo_forged')dnl ')') ifdef(`confCHECK_ACCESS_HELO', `ifelse(confCHECK_ACCESS_HELO, `NO', `', `dnl ACL(`check_helo')dnl ')') ifdef(`confCHECK_HELO_TOP_LEVEL', `ifelse(confCHECK_HELO_TOP_LEVEL, `NO', `', `dnl ACL(`check_helo_top_level')dnl ')') ifdef(`confCHECK_HELO_FQDN', `ifelse(confCHECK_HELO_FQDN, `NO', `', `dnl ACL(`check_helo_fqdn')dnl ')') ifdef(`confVERIFY_HELO', `ifelse(confVERIFY_HELO, `NO', `', `dnl # warn on verify helo warn ! verify = helo log_message = verify HELO ($sender_helo_name) ')') ifdef(`confRECIPIENTS_SPAM_FRIENDS', `ifelse(confRECIPIENTS_SPAM_FRIENDS, `NO', `dnl FEATURE(`antivirus', ` warn domains = +local_domains confDOMAINS_ABUSE local_parts = postmaster : abuse set acl_m9 = abuse_or_postmaster=1 $acl_m9 set acl_m_wl_flag_msg = abuse_or_postmaster=1 $acl_m_wl_flag_msg') # Прием почты для abuse адресов accept domains = +local_domains confDOMAINS_ABUSE local_parts = postmaster : abuse set acl_m9 = abuse_or_postmaster=1 $acl_m9 set acl_m_wl_flag_msg = abuse_or_postmaster=1 $acl_m_wl_flag_msg set acl_m_recipients_accepted = ${if eq{$acl_m_recipients_accepted}{}{}{$acl_m_recipients_accepted, }}$local_part@$domain ', `dnl FEATURE(`antivirus', ` warn domains = +local_domains confDOMAINS_ABUSE recipients = @@wildlsearch;CONFDIR/recipients_spam_friends') # Прием почты для abuse адресов и spam friend-ов accept domains = +local_domains confDOMAINS_ABUSE recipients = @@wildlsearch;CONFDIR/recipients_spam_friends set acl_m9 = abuse_or_postmaster=1 $acl_m9 set acl_m_wl_flag_msg = abuse_or_postmaster=1 $acl_m_wl_flag_msg set acl_m_recipients_accepted = ${if eq{$acl_m_recipients_accepted}{}{}{$acl_m_recipients_accepted, }}$local_part@$domain ')') ifdef(`confCHECK_ACCESS_RELAY', `ifelse(confCHECK_ACCESS_RELAY, `NO', `', `dnl ACL(`check_relay')dnl ')') ifdef(`confMTA_MARK_ENABLE', `ifelse(confMTA_MARK_ENABLE, `NO', `', `dnl FEATURE(`mtamark')dnl ')') ifdef(`confSPF2', `ifelse(confSPF2, `NO', `', `dnl FEATURE(`spf2')dnl ')') ifdef(`confSPF', `ifelse(confSPF, `NO', `', `dnl FEATURE(`spf')dnl ')') ifdef(`confCHECK_DSN_RCPT_COUNT', `ifelse(confCHECK_DSN_RCPT_COUNT, `NO', `', `dnl ACL(`check_dsn_rcpt_count')dnl ')') ifdef(`confCHECK_ACCESS_MAIL_DOMAIN_A', `ifelse(confCHECK_ACCESS_MAIL_DOMAIN_A, `NO', `', `dnl ACL(`check_mail_domain_a')dnl ')') ifdef(`confCHECK_ACCESS_MAIL_DOMAIN_MX', `ifelse(confCHECK_ACCESS_MAIL_DOMAIN_MX, `NO', `', `dnl ACL(`check_mail_domain_mx')dnl ')') ifdef(`confCHECK_ACCESS_MAIL_DOMAIN_NS', `ifelse(confCHECK_ACCESS_MAIL_DOMAIN_NS, `NO', `', `dnl ACL(`check_mail_domain_ns')dnl ')') ifdef(`confCHECK_ACCESS_MAIL_DOMAIN_TXT', `ifelse(confCHECK_ACCESS_MAIL_DOMAIN_TXT, `NO', `', `dnl ACL(`check_mail_domain_txt')dnl ')') ifdef(`confCHECK_ACCESS_MAIL_DOMAIN_SPF', `ifelse(confCHECK_ACCESS_MAIL_DOMAIN_SPF, `NO', `', `dnl ACL(`check_mail_domain_spf')dnl ')') ifdef(`confCHECK_FAKE_INTERNAL', `ifelse(confCHECK_FAKE_INTERNAL, `NO', `', `dnl ACL(`check_fake_internal')dnl ')') ifdef(`confCHECK_FAKE_LOCAL', `ifelse(confCHECK_FAKE_LOCAL, `NO', `', `dnl ACL(`check_fake_local')dnl ')') ifdef(`confCHECK_RELAY_RESOLVE', `ifelse(confCHECK_RELAY_RESOLVE, `NO', `', `dnl ifelse_strstr(confCHECK_RELAY_RESOLVE, `RCPT', `dnl ACL(`check_relay_resolve')dnl ')')') sinclude(confSITE_DIR`/configure.acl_smtp_rcpt_middle.m4') ifdef(`confVERIFY_SENDER', `ifelse(confVERIFY_SENDER, `NO', `', `dnl FEATURE(`verify_sender')dnl ')') ifdef(`confCHECK_SMTP_COMMANDS', `ifelse(confCHECK_SMTP_COMMANDS, `NO', `', `dnl ACL(`check_smtp_commands')dnl ')') ifelse(confDNSBL0_NAME, `confDNSBL0_NAME', `', `dnl FEATURE(`dnsbl')dnl ') ifdef(`confCHECK_ESMTP_SIZE', `ifelse(confCHECK_ESMTP_SIZE, `NO', `', `dnl ACL(`check_esmtp_size')dnl ')') ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', `dnl FEATURE(`verify_recipient')dnl ')') sinclude(confSITE_DIR`/configure.acl_smtp_rcpt.m4') ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `dnl # OPTIONAL REJECT define(`_OPTIONAL_REJECT_', `UNKNOWN') dnl ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `dnl ifelse_strstr(confCONTENT_SCANNING_PERSONAL_QUARANTINE_REJECTED_MESSAGES, `YES', `dnl accept condition = ${if <{${extract{scores}{$acl_m_optional_reject}}}{confOPTIONAL_REJECT_SCORES}{no}{yes}} log_message = message will be quarantined and rejected by optional reject: reason:${sg{${extract{log_message}{$acl_m_optional_reject}}}{\n\t}{ }} set acl_m_fakereject = \ message will be quarantined and rejected by optional reject: reason:${sg{${extract{log_message}{$acl_m_optional_reject}}}{\n\t}{ }}\ |X-Quarantine-Optional-Reject: ${acl{acl_trim}{${extract{log_message}{$acl_m_optional_reject}}}}\ |${if eq{$acl_m_dnsbl}{}{Access denied due to complex of criterions.}{$acl_m_dnsbl}}\nYou may contact postmaster@$qualify_domain set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope define(`_OPTIONAL_REJECT_', `DONE') dnl ') dnl ifelse_strstr(confCONTENT_SCANNING_PERSONAL_QUARANTINE_REJECTED_MESSAGES, `YES', `') ') dnl ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `') ifdef(`_OPTIONAL_REJECT_', `ifelse(_OPTIONAL_REJECT_, `DONE', `', `dnl deny condition = ${if <{${extract{scores}{$acl_m_optional_reject}}}{confOPTIONAL_REJECT_SCORES}{no}{yes}} message = ${if eq{$acl_m_dnsbl}{}{Access denied due to complex of criterions.}{$acl_m_dnsbl}}\n\ You may contact postmaster@$qualify_domain log_message = message rejected by optional reject; reason:${extract{log_message}{$acl_m_optional_reject}} ')') dnl ifdef(`_OPTIONAL_REJECT_', `ifelse(_OPTIONAL_REJECT_, `DONE', `', `')') ')') dnl ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `')') ifdef(`confGREYLIST', `ifelse(confGREYLIST, `NO', `', `dnl FEATURE(`greylist')dnl ')') define(`SECTION', `ACL_CHECK_RCPT_BOTTOM')dnl ifelse_strstr(confCONTENT_SCANNING, `SPAMASSASSIN', `dnl FEATURE(`spamassassin')dnl ') ifelse_strstr(` 'confCONTENT_SCANNING, ` SPAMD', `dnl FEATURE(`spamd')dnl ') FEATURE(`antivirus', ` warn domains = +local_domains') # Прием почты для получателей из локальных доменов accept domains = +local_domains set acl_m_recipients_accepted = ${if eq{$acl_m_recipients_accepted}{}{}{$acl_m_recipients_accepted, }}$local_part@$domain endpass ifdef(`confDOMAIN_LITERALS', `ifelse(confDOMAIN_LITERALS, `NO', `', `dnl FEATURE(`domain_literals')dnl ')') ifdef(`confMAILERTABLE', `ifelse(confMAILERTABLE, `NO', `', `dnl DELIVERY(`mailertable')dnl ')') ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', `dnl FEATURE(`verify_recipient')dnl ')') ifdef(`confRELAY_BASED_ON_MX', `ifelse(confRELAY_BASED_ON_MX, `NO', `', `dnl FEATURE(`relay_based_on_MX')dnl ')') # Отказ в приеме остальной почты deny message = Relay not permitted. Proper authentication required acl_check_predata: define(`SECTION', `ACL_CHECK_PREDATA')dnl deny condition = ${if eq{$acl_m16}{}{no}{yes}} log_message = ${extract{1}{|}{$acl_m16}} message = ${extract{2}{|}{$acl_m16}} logwrite = original recipients: $recipients ifelse_strstr(confDKIM_CHECK, `DISABLE', ` require control = dkim_disable_verify ') sinclude(confSITE_DIR`/configure.acl_smtp_predata.m4') accept ifelse_strstr(confDKIM_CHECK, `YES', ` acl_check_dkim: define(`SECTION', `ACL_CHECK_DKIM')dnl accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{authenticated}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m_wl_flag_msg}}}{1}}\ }{yes}{no}} FEATURE(`dkim')dnl accept ') acl_check_mime: define(`SECTION', `ACL_CHECK_MIME')dnl accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{authenticated}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m_wl_flag_msg}}}{1}}\ }{yes}{no}} ifdef(`confCHECK_MIME_ERRORS', `ifelse(confCHECK_MIME_ERRORS, `NO', `', `dnl ACL(`check_mime_errors')dnl ')') dnl ifdef(`confCHECK_MIME_ERRORS', `ifelse(confCHECK_MIME_ERRORS, `NO', `', `')') ifdef(`confCHECK_FILE_EXT', `ifelse(confCHECK_FILE_EXT, `NO', `', `dnl ACL(`check_ext')dnl ')') ifdef(`confCHECK_MIME_FILENAME', `ifelse(confCHECK_MIME_FILENAME, `NO', `', `dnl ACL(`check_mime_filename')dnl ')') ifdef(`confCHECK_BOUNDARY', `ifelse(confCHECK_BOUNDARY, `NO', `', `dnl ACL(`check_boundary')dnl ')') ifdef(`confCHECK_CLSID', `ifelse(confCHECK_CLSID, `NO', `', `dnl ACL(`check_clsid')dnl ')') ifdef(`confCHECK_DOUBLE_EXT', `ifelse(confCHECK_DOUBLE_EXT, `NO', `', `dnl ACL(`check_double_ext')dnl ')') accept acl_check_data: warn set acl_m_message_headers_removed = set acl_m_message_headers_added = set acl_m_message_headers_added_at_start = set acl_m_message_id_header_domain = confMESSAGE_ID_HEADER_DOMAIN set acl_m_content_scanning_hostname = confCONTENT_SCANNING_HOSTNAME define(`SECTION', `ACL_CHECK_DATA_TOP')dnl sinclude(confSITE_DIR`/configure.acl_smtp_data_top.m4') ifdef(`confMAIL_BACKUP', `ifelse_strstr(confMAIL_BACKUP, `ROUTER', ` warn set acl_m_recipients = $recipients ')') ifdef(`confSMTP_AUTH_RELAY', `ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl FEATURE(`auth_relay')dnl ')') ifdef(`confRECIPIENTS_SPAM_HATERS', `ifelse(confRECIPIENTS_SPAM_HATERS, `NO', `', `dnl warn condition = ${if eq{${extract{spam_hater}{$acl_m_wl_flag_msg}}}{1}{yes}{no}} set acl_m_wl_flag_msg = ${sg{${sg{$acl_m_wl_flag_msg}{\Nabuse_or_postmaster=\d*\N}{}}}{\Nwhite_list_compat=\d*\N}{}} ')') dnl ifdef(`confRECIPIENTS_SPAM_HATERS', `ifelse(confRECIPIENTS_SPAM_HATERS, `NO', `')') ifdef(`confDMARC', `ifelse(confDMARC, `NO', `', `dnl FEATURE(`dmarc')dnl ')') ifelse_strstr(confARC, `VERIFY', `dnl FEATURE(`arc')dnl ') ifelse(confFAKE_REJECT, `NO', `', `dnl warn condition = ${if eq{$acl_m_fakereject}{}{yes}{no}} condition = ${if eq{$acl_m_fakereject_per_rcpt}{}{no}{yes}} condition = ${if eq{$acl_m_recipients_accepted}{}{yes}{no}} set acl_m_fakereject = $acl_m_fakereject_per_rcpt set acl_m_quarantined = $acl_m_quarantined envelope warn condition = ${if eq{$acl_m_fakereject}{}{yes}{no}} condition = ${if eq{$acl_m_fakereject_per_rcpt}{}{no}{yes}} condition = ${if eq{$acl_m_recipients_accepted}{}{no}{yes}} log_message = ${extract{1}{|}{$acl_m_fakereject_per_rcpt}} # add_header = ${sg{${sg{${extract{2}{|}{$acl_m_fakereject_per_rcpt}}}{\N^(\S+:)\s+\N}{\$1 }}}{\N;\s*(.)\N}{;\n\t\$1}} acl = acl_add_header "${sg{${sg{${extract{2}{|}{$acl_m_fakereject_per_rcpt}}}{\N^(\S+:)\s+\N}{\$1 }}}{\N;\s*(.)\N}{;\n\t\$1}}" warn condition = ${if eq{$acl_m_fakereject}{}{no}{yes}} control = fakereject/${extract{3}{|}{$acl_m_fakereject}} log_message = ${extract{1}{|}{$acl_m_fakereject}} # add_header = ${sg{${sg{${extract{2}{|}{$acl_m_fakereject}}}{\N^(\S+:)\s+\N}{\$1 }}}{\N;\s*(.)\N}{;\n\t\$1}} acl = acl_add_header "${sg{${sg{${extract{2}{|}{$acl_m_fakereject}}}{\N^(\S+:)\s+\N}{\$1 }}}{\N;\s*(.)\N}{;\n\t\$1}}" set acl_m_add_x_orig_rcpt = yes ') dnl ifelse(confFAKE_REJECT, `NO', `', `') ifelse(confFAKE_DEFER, `NO', `', `dnl warn condition = ${if eq{$acl_m_fakedefer}{}{yes}{no}} condition = ${if eq{$acl_m_fakedefer_per_rcpt}{}{no}{yes}} condition = ${if eq{$acl_m_recipients_accepted}{}{yes}{no}} set acl_m_fakedefer = $acl_m_fakedefer_per_rcpt set acl_m_quarantined = $acl_m_quarantined envelope warn condition = ${if eq{$acl_m_fakedefer}{}{yes}{no}} condition = ${if eq{$acl_m_fakedefer_per_rcpt}{}{no}{yes}} condition = ${if eq{$acl_m_recipients_accepted}{}{no}{yes}} log_message = ${extract{1}{|}{$acl_m_fakedefer_per_rcpt}} # add_header = ${sg{${sg{${extract{2}{|}{$acl_m_fakedefer_per_rcpt}}}{\N^(\S+:)\s+\N}{\$1 }}}{\N;\s*(.)\N}{;\n\t\$1}} acl = acl_add_header "${sg{${sg{${extract{2}{|}{$acl_m_fakedefer_per_rcpt}}}{\N^(\S+:)\s+\N}{\$1 }}}{\N;\s*(.)\N}{;\n\t\$1}}" warn condition = ${if eq{$acl_m_fakedefer}{}{no}{yes}} control = fakedefer/${extract{3}{|}{$acl_m_fakedefer}} log_message = ${extract{1}{|}{$acl_m_fakedefer}} # add_header = ${sg{${sg{${extract{2}{|}{$acl_m_fakedefer}}}{\N^(\S+:)\s+\N}{\$1 }}}{\N;\s*(.)\N}{;\n\t\$1}} acl = acl_add_header "${sg{${sg{${extract{2}{|}{$acl_m_fakedefer}}}{\N^(\S+:)\s+\N}{\$1 }}}{\N;\s*(.)\N}{;\n\t\$1}}" set acl_m_add_x_orig_rcpt = yes ') dnl ifelse(confFAKE_DEFER, `NO', `', `') warn condition = ${if eq{$acl_m_add_x_orig_rcpt}{yes}{yes}{no}} logwrite = original recipients: $recipients # add_header = X-Original-Recipients: $recipients acl = acl_add_header "X-Original-Recipients: $recipients" ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `dnl accept condition = ${if or{\ {match{$h_X-Spam-Action:}{quarantined}}\ {!eq{$acl_m_quarantined}{}}\ }{yes}{no}} ifdef(`confAUTH_RESULTS_ADD', `ifelse(confAUTH_RESULTS_ADD, `NO', `', `dnl acl = acl_add_auth_results data ')') dnl ifdef(`confAUTH_RESULTS_ADD', `ifelse(confAUTH_RESULTS_ADD, `NO', `', `')') ') dnl ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `') ifelse_strstr(confCONTENT_SCANNING, `SPAMASSASSIN', `dnl FEATURE(`spamassassin')dnl ') ifelse_strstr(` 'confCONTENT_SCANNING, ` SPAMD', `dnl FEATURE(`spamd')dnl ') ifelse_strstr(confCONTENT_SCANNING, `DSPAM', `dnl FEATURE(`dspam')dnl ') ifelse_strstr(confCONTENT_SCANNING, `DCC', `dnl FEATURE(`dcc')dnl ') ifelse_strstr(confCONTENT_SCANNING, `RSPAMD', `dnl FEATURE(`rspamd')dnl ') ifelse(confCONTENT_SCANNING, `NO', `', ` FEATURE(`content_scanner')dnl ') define(`SECTION', `ACL_CHECK_DATA')dnl ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl FEATURE(`auth')dnl ')') ifdef(`confMESSAGE_SIZE_LIMIT_OUT', `ifelse(confMESSAGE_SIZE_LIMIT_OUT, `NO', `', `dnl ACL(`check_max_out_msg_size')dnl ')') ifdef(`confMESSAGE_SIZE_LIMIT_IN', `ifelse(confMESSAGE_SIZE_LIMIT_IN, `NO', `', `dnl ACL(`check_max_in_msg_size')dnl ')') ifdef(`confRELAY_COUNTRIES', `ifelse(confRELAY_COUNTRIES, `NO', `', `dnl FEATURE(`relay_countries')dnl ')') ifdef(`confANTIVIRUS0_ACT', `dnl FEATURE(`antivirus') ') ifdef(`confCHECK_MESSAGE_ID', `ifelse(confCHECK_MESSAGE_ID, `NO', `', `dnl ACL(`check_message_id')dnl ')') ifdef(`confMESSAGE_ID_HEADER_ADD', `ifelse(confMESSAGE_ID_HEADER_ADD, `NO', `', `dnl FEATURE(`add_message_id')dnl ')') ifdef(`confDATE_HEADER_ADD', `ifelse(confDATE_HEADER_ADD, `NO', `', `dnl FEATURE(`add_date')dnl ')') accept condition = ${if or{\ {eq{${extract{submitted}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{relay_from_hosts}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{authenticated}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{abuse_or_postmaster}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_relays}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_senders}{$acl_m_wl_flag_msg}}}{1}}\ {eq{${extract{white_list_compat}{$acl_m_wl_flag_msg}}}{1}}\ }{yes}{no}} ifdef(`confAUTH_RESULTS_ADD', `ifelse(confAUTH_RESULTS_ADD, `NO', `', `dnl acl = acl_add_auth_results data ')') dnl ifdef(`confAUTH_RESULTS_ADD', `ifelse(confAUTH_RESULTS_ADD, `NO', `', `')') acl = acl_check_data_before_accept ifdef(`confAUTH_RESULTS_ADD', `ifelse(confAUTH_RESULTS_ADD, `NO', `', `dnl FEATURE(`auth_results')dnl ')') sinclude(confSITE_DIR`/configure.acl_smtp_data.m4') ifdef(`confCHECK_FILE_EXT', `ifelse(confCHECK_FILE_EXT, `NO', `', `dnl ACL(`check_ext')dnl ')') ifelse_strstr(confCONTENT_SCANNING, `DSPAM', `dnl FEATURE(`dspam')dnl ') ifelse_strstr(confCONTENT_SCANNING, `DCC', `dnl FEATURE(`dcc')dnl ') ifelse_strstr(confCONTENT_SCANNING, `RSPAMD', `dnl FEATURE(`rspamd')dnl ') ifelse_strstr(confCONTENT_SCANNING, `SPAMASSASSIN', `dnl FEATURE(`spamassassin')dnl ') ifelse_strstr(` 'confCONTENT_SCANNING, ` SPAMD', `dnl FEATURE(`spamd')dnl ') ifelse_strstr(confSTAT, `MYSQL', `dnl ENTERPRISE(`stat', `mysql') ') dnl ifelse_strstr(confSTAT, `MYSQL', `') warn acl = acl_check_data_before_accept accept acl_check_not_smtp: define(`SECTION', `ACL_CHECK_NOT_SMTP')dnl sinclude(confSITE_DIR`/configure.acl_not_smtp.m4') ifdef(`confAUTH_RESULTS_ADD', `ifelse(confAUTH_RESULTS_ADD, `NO', `', `dnl FEATURE(`auth_results')dnl ')') accept acl_check_quit: define(`SECTION', `ACL_CHECK_QUIT')dnl ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl FEATURE(`auth')dnl ')') ifdef(`confRATELIMIT', `ifelse(confRATELIMIT, `NO', `', `dnl dnl перед FEATURE(`ratelimit') должен обзательно быть указан FEATURE(`auth'), т. к. в нем FEATURE(`ratelimit') используются переменные, значения которых вычисляютс в FEATURE(`auth') FEATURE(`ratelimit')dnl ')') accept acl_check_notquit: define(`SECTION', `ACL_CHECK_NOTQUIT')dnl ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl FEATURE(`auth')dnl ')') ifdef(`confRATELIMIT', `ifelse(confRATELIMIT, `NO', `', `dnl dnl перед FEATURE(`ratelimit') должен обзательно быть указан FEATURE(`auth'), т. к. в нем FEATURE(`ratelimit') используются переменные, значения которых вычисляютс в FEATURE(`auth') FEATURE(`ratelimit')dnl ')') accept acl_check_rcpt_before_accept: define(`SECTION', `ACL_SMTP_RCPT_BEFORE_ACCEPT')dnl ifdef(`confRECIPIENTS_SPAM_HATERS', `ifelse(confRECIPIENTS_SPAM_HATERS, `NO', `', `dnl warn condition = ${if eq{${extract{spam_hater}{$acl_m9}}}{1}{yes}{no}} set acl_m_wl_flag_msg = spam_hater=1 $acl_m_wl_flag_msg ')') dnl ifdef(`confRECIPIENTS_SPAM_HATERS', `ifelse(confRECIPIENTS_SPAM_HATERS, `NO', `')') ifelse(confAWL, `NO', `', ` FEATURE(`awl')dnl ') dnl ifelse(confAWL, `NO', `', `') warn set acl_m_recipients_accepted = ${if eq{$acl_m_recipients_accepted}{}{}{$acl_m_recipients_accepted, }}$local_part@$domain accept acl_check_data_before_accept: define(`SECTION', `ACL_SMTP_DATA_BEFORE_ACCEPT')dnl ifelse_strstr(confSTAT, `MYSQL', `dnl ENTERPRISE(`stat', `mysql') ') dnl ifelse_strstr(confSTAT, `MYSQL', `') sinclude(confSITE_DIR`/configure.acl_smtp_data_before_accept.m4')dnl accept define(`SECTION', `ACLS_ADDITIONAL')dnl sinclude(confSITE_DIR`/configure.acl_smtp_data_before_accept.m4')dnl sinclude(confSITE_DIR`/configure.acl_additional.m4')dnl sinclude(confSITE_DIR`/configure.acl_additional.local.m4')dnl ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl FEATURE(`auth')dnl ')') ifdef(`confRELAY_COUNTRIES', `ifelse(confRELAY_COUNTRIES, `NO', `', `dnl FEATURE(`relay_countries')dnl ')') ifdef(`confIP2COUNTRY', `ifelse(confIP2COUNTRY, `NO', `', `dnl FEATURE(`ip2country')dnl ')') ifdef(`confIP2ASN', `ifelse(confIP2ASN, `NO', `', `dnl FEATURE(`ip2asn')dnl ')') ifdef(`confSPF2', `ifelse(confSPF2, `NO', `', `dnl FEATURE(`spf2')dnl ')') ifdef(`confAUTH_RESULTS_ADD', `ifelse(confAUTH_RESULTS_ADD, `NO', `', `dnl FEATURE(`auth_results')dnl ')') ifelse_strstr(confSTAT, `MYSQL', `dnl ENTERPRISE(`stat', `mysql') ') dnl ifelse_strstr(confSTAT, `MYSQL', `') ifdef(`confVERIFY_SENDER', `ifelse(confVERIFY_SENDER, `NO', `', `dnl FEATURE(`verify_sender')dnl ')') ifdef(`confACL_DNSDB', `ifelse(confACL_DNSDB, `1', ` acl_dnsdb: accept set acl_m_dnsdb_result = defer set acl_m_dnsdb_result = ${lookup dnsdb{$acl_arg1}} accept set acl_m_dnsdb_result = ')') dnl ifdef(`confACL_DNSDB', `ifelse(confACL_DNSDB, `1', `') acl_wildlsearch: # acl_arg1 - путь к файлу данных # acl_arg2 - список ключей # acl_m_wildlsearch_result - результат accept condition = ${if eq{$acl_arg2}{}{yes}{no}} warn set acl_m_key = ${extract{1}{\n}{$acl_arg2}} warn set acl_m_wildlsearch_result = ${lookup{$acl_m_key}wildlsearch{$acl_arg1}{${if eq{$value}{}{yes}{$value}}}{}} accept condition = ${if eq{$acl_m_wildlsearch_result}{}{no}{yes}} warn set acl_m_arg2 = ${sg{$acl_arg2}{\N^.*\n?\N}{}} warn acl = acl_wildlsearch $acl_arg1 "$acl_m_arg2" accept acl_iplsearch: # acl_arg1 - путь к файлу данных # acl_arg2 - список A записей, разделенных \n # acl_m_iplsearch_result - результат запроса accept condition = ${if eq{$acl_arg2}{}{yes}{no}} accept set acl_m_iplsearch_result = ${reduce{<\n $acl_arg2}{}{${if eq{$value}{}{${lookup{$item}iplsearch{$acl_arg1}{${if eq{$value}{}{yes}{$value}}}{}}}{$value}}}} acl_f_iplsearch: # acl_arg1 - путь к файлу данных # acl_arg2 - список A записей, разделенных \n # acl_m_iplsearch_result - результат запроса accept condition = ${if eq{$acl_arg2}{}{yes}{no}} message = accept message = ${reduce{<\n $acl_arg2}{}{${if eq{$value}{}{${lookup{$item}iplsearch{$acl_arg1}{${if eq{$value}{}{yes}{$value}}}{}}}{$value}}}} acl_ptrlist_iplsearch: # acl_arg1 - путь к файлу со списком сетей и хостов # acl_arg2 - список PTR записей, разделенных \n # acl_arg3 - список(и) хостов и сетей, хосты из которых исключать из запроса к $acl_arg1 (необязательный параметр) # acl_m_ptrlist_iplsearch_result - результат accept condition = ${if eq{$acl_arg2}{}{yes}{no}} warn set acl_m_a = ${lookup dnsdb{a=${extract{1}{\n}{$acl_arg2}}}} accept condition = ${if eq{$acl_m_a}{}{yes}{no}} set acl_m_ptrlist_iplsearch_result = accept condition = ${if eq{$acl_arg3}{}{no}{yes}} condition = ${reduce{<\n $acl_m_a}{no}{${if match_ip{$item}{$acl_arg3}{yes}{$value}}}} set acl_m_ptrlist_iplsearch_result = warn acl = acl_iplsearch $acl_arg1 "$acl_m_a" accept condition = ${if eq{$acl_m_iplsearch_result}{}{no}{yes}} set acl_m_ptrlist_iplsearch_result = $acl_m_iplsearch_result warn set acl_m_arg2 = ${sg{$acl_arg2}{\N^.*\n?\N}{}} warn acl = acl_ptrlist_iplsearch $acl_arg1 "$acl_m_arg2" accept ifelse_strstr(confIPv6, `YES', `dnl acl_ptrlist_iplsearch_ipv6: # acl_arg1 - путь к файлу со списком сетей и хостов # acl_arg2 - список PTR записей, разделенных \n # acl_m_ptrlist_iplsearch_result - результат accept condition = ${if eq{$acl_arg2}{}{yes}{no}} warn acl = acl_iplsearch $acl_arg1 "${lookup dnsdb{aaaa=${extract{1}{\n}{$acl_arg2}}}}" accept condition = ${if eq{$acl_m_iplsearch_result}{}{no}{yes}} set acl_m_ptrlist_iplsearch_result = $acl_m_iplsearch_result warn set acl_m_arg2 = ${sg{$acl_arg2}{\N^.*\n?\N}{}} warn acl = acl_ptrlist_iplsearch_ipv6 $acl_arg1 "$acl_m_arg2" accept ') dnl ifelse_strstr(confIPv6, `YES', `') ifelse(confFAKE_REJECT, `NO', `', `dnl acl_update_fakereject: # acl_arg1 - message to log # acl_arg2 - header # acl_arg3 - message to smtp client accept condition = ${if eq{$acl_m_fakereject}{}{yes}{no}} set acl_m_fakereject = $acl_arg1|$acl_arg2|$acl_arg3 accept set acl_m_fakereject = ${extract{1}{|}{$acl_m_fakereject}}; $acl_arg1|${extract{2}{|}{$acl_m_fakereject}}\n$acl_arg2|${extract{3}{|}{$acl_m_fakereject}}; $acl_arg3 acl_update_fakereject_per_rcpt: # acl_arg1 - message to log # acl_arg2 - header # acl_arg3 - message to smtp client accept condition = ${if eq{$acl_m_fakereject_per_rcpt}{}{yes}{no}} set acl_m_fakereject_per_rcpt = $acl_arg1|$acl_arg2|$acl_arg3 accept set acl_m_fakereject_per_rcpt = ${extract{1}{|}{$acl_m_fakereject_per_rcpt}}; $acl_arg1|${extract{2}{|}{$acl_m_fakereject_per_rcpt}}\n$acl_arg2|${extract{3}{|}{$acl_m_fakereject_per_rcpt}}; $acl_arg3 ') dnl ifelse(confFAKE_REJECT, `NO', `', `') ifelse(confFAKE_DEFER, `NO', `', `dnl acl_update_fakedefer: # acl_arg1 - message to log # acl_arg2 - header # acl_arg3 - message to smtp client accept condition = ${if eq{$acl_m_fakedefer}{}{yes}{no}} set acl_m_fakedefer = $acl_arg1|$acl_arg2|$acl_arg3 accept set acl_m_fakedefer = ${extract{1}{|}{$acl_m_fakedefer}}; $acl_arg1|${extract{2}{|}{$acl_m_fakedefer}}\n$acl_arg2|${extract{3}{|}{$acl_m_fakedefer}}; $acl_arg3 acl_update_fakedefer_per_rcpt: # acl_arg1 - message to log # acl_arg2 - header # acl_arg3 - message to smtp client accept condition = ${if eq{$acl_m_fakedefer_per_rcpt}{}{yes}{no}} set acl_m_fakedefer_per_rcpt = $acl_arg1|$acl_arg2|$acl_arg3 accept set acl_m_fakedefer_per_rcpt = ${extract{1}{|}{$acl_m_fakedefer_per_rcpt}}; $acl_arg1|${extract{2}{|}{$acl_m_fakedefer_per_rcpt}}\n$acl_arg2|${extract{3}{|}{$acl_m_fakedefer_per_rcpt}}; $acl_arg3 ') dnl ifelse(confFAKE_DEFER, `NO', `', `') acl_normalize_action: # acl_arg1 - ненормализованное действие фильтра # acl_arg2 - текущий acl (опционально) # acl_m_normalize_action_result - результат warn set acl_m_normalize_action_result = ${sg{${sg{${sg{${sg{${sg{${sg{${sg{\ ${lc:$acl_arg1}\ }{\N^\s+\N}{}}\ }{\N\s+$\N}{}}\ }{:}{=}}\ }{warn}{warn=yes}}\ }{deny}{reject}}\ }{delay}{pause}}\ }{greylisting}{greylist}} ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `dnl ifelse_strstr(confCONTENT_SCANNING_PERSONAL_QUARANTINE_REJECTED_MESSAGES, `YES', `dnl warn set acl_m_tmp = hosts = +relay_from_hosts set acl_m_tmp = trusted warn condition = ${if eq{$acl_arg2}{acl_check_connect}{no}{yes}} condition = ${if eq{$acl_arg2}{acl_check_helo}{no}{yes}} authenticated = * set acl_m_tmp = trusted warn condition = ${if eq{$acl_m_tmp}{}{yes}{no}} condition = ${if or{\ {eq{$domain}{}}\ {match_domain{$domain}{+local_domains ifdef(`confCONTENT_SCANNING_QUARANTINE_RELAYED_REJECTED_MESSAGES', `ifelse(confCONTENT_SCANNING_QUARANTINE_RELAYED_REJECTED_MESSAGES, `YES', `ifdef(`confSECONDARY_RELAY', `ifelse(confSECONDARY_RELAY, `NO', `', `: +relay_to_domains')')', `')')}}\ }{yes}{no}} condition = ${if eq{${extract{reject}{${sg{$acl_m_normalize_action_result }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}}}}}{00}{yes}{no}} condition = ${if eq{${extract{noquarantine}{${sg{$acl_m_normalize_action_result }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}}}}}{00}{no}{yes}} set acl_m_normalize_action_result = $acl_m_normalize_action_result quarantine ') dnl ifelse_strstr(confCONTENT_SCANNING_PERSONAL_QUARANTINE_REJECTED_MESSAGES, `YES', `') ') dnl ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `') accept acl_domain_bestMX: # acl_arg1 - домен warn condition = ${if eq{${extract{$acl_arg1}{$acl_c_domains_bestMX}}}{}{yes}{no}} set acl_c_domains_bestMX = $acl_c_domains_bestMX $acl_arg1=${sg{${sg{\ ${extract{2}{ }{\ ${reduce{<\n ${lookup dnsdb{mx=$acl_arg1}}}{}{${if eq{$value}{}{$item}{${if <{${extract{1}{ }{$item}}}{${extract{1}{ }{$value}}}{$item}{$value}}}}}}\ }}\ }{\N\.$\N}{}}}{\N\.\n\N}{\n}} accept message = ${extract{$acl_arg1}{$acl_c_domains_bestMX}} acl_http_response_get_headers: # acl_arg1 - HTTP response accept message = ${sg{$acl_arg1}{\N^((?:(?:.+)\r?\n)+?)\r?\n((?:.*\r?\n)*.*)$\N}{\$1}} acl_http_response_get_body: # acl_arg1 - HTTP response # acl_arg2 - HTTP response headers # если acl_arg2 будет иметь пустое значение, то заголовки будут вычислены из acl_arg1 warn set acl_m_headers = ${if eq{$acl_arg2}{}{${acl{acl_http_response_get_headers}{$acl_arg1}}}{$acl_arg2}} set acl_m_body = ${sg{$acl_arg1}{\N^((?:(?:.+)\r?\n)+?)\r?\n((?:.*\r?\n)*.*)$\N}{\$2}} accept condition = ${if match{$acl_m_headers}{\N(?i)^(.+\r?\n)*Transfer-Encoding:\s*chunked\r?\n\N}{yes}{no}} message = ${acl{acl_http_response_chunked_assemble}{$acl_m_body}} accept message = $acl_m_body # сборка chunk'ов HTTP ответа при Transfer-Encoding: chunked acl_http_response_chunked_assemble: # acl_arg1 - chunked HTTP response warn set acl_m0 = ${if match{$acl_arg1}{\N^([\da-fA-F]+)\r?\n((.*\r?\n)+.*)$\N}{$1}{}} set acl_m2 = ${if match{$acl_arg1}{\N^([\da-fA-F]+)\r?\n((.*\r?\n)+.*)$\N}{$2}{$acl_arg1}} accept condition = ${if eq{$acl_m0}{}{yes}{no}} message = $acl_arg1 accept condition = ${if eq{$acl_m0}{0}{yes}{no}} message = warn set acl_m0 = ${eval:0x$acl_m0} set acl_m1 = ${substr{0}{$acl_m0}{$acl_m2}} set acl_m2 = ${substr{$acl_m0}{$acl_m2}} warn set acl_m2 = ${sg{$acl_m2}{\N^\r?\n\N}{}} accept message = $acl_m1${acl{acl_http_response_chunked_assemble}{$acl_m2}} # заменить в acl_check_mime и acl_check_data # add_header = Header-Name: Header Value # на # acl = acl_add_header "Header-Name: Header Value" # заменить в acl_check_mime и acl_check_data # add_header = :at_start:Header-Name: Header Value # на # acl = acl_add_header "Header-Name: Header Value" yes acl_add_header: # $acl_arg1 - название и значение добавляемого заголовка с \n в конце # $acl_arg2 - добавление заголовка в начало списка заголовков (опциональный boolean параметр) warn condition = ${if or{\ {eq{$acl_arg2}{}}\ {!bool{$acl_arg2}}\ }{yes}{no}} add_header = $acl_arg1 set acl_m_message_headers_added = $acl_m_message_headers_added$acl_arg1\n warn condition = ${if and{\ {!eq{$acl_arg2}{}}\ {bool{$acl_arg2}}\ }{yes}{no}} add_header = :at_start:$acl_arg1 set acl_m_message_headers_added_at_start = $acl_arg1\n$acl_m_message_headers_added_at_start accept # заменить в acl_check_mime и acl_check_data # remove_header = Header-Name # на # acl = acl_remove_header Header-Name acl_remove_header: # $acl_arg1 - название удаляемого заголовка accept remove_header = $acl_arg1 set acl_m_message_headers_removed = $acl_m_message_headers_removed${if eq{$acl_m_message_headers_removed}{}{}{:}}$acl_arg1 # тогда можно вместо $message_headers_raw использовать ${acl{acl_get_message_headers_raw}}, в котором будут все заголовки с учётом удалённых и добавленных в текущем ACL acl_get_message_headers_raw: accept set acl_m_message_headers_removed = ${sg{$acl_m_message_headers_removed}{\N^:\N}{}} message = \ $acl_m_message_headers_added_at_start\ ${reduce{$acl_m_message_headers_removed}{$message_headers_raw}{${sg{$value}{\N((?:.*\n)*)(?i)\N$item\N:[^\n]*\n(?:\s[^\n]*\n)*\N}{\$1}}}}\ $acl_m_message_headers_added acl_addr_text: # acl_arg1 - header (for example From) # accept set acl_m0 = ${address:$acl_arg1} accept set acl_m0 = ${address:${sg{$acl_arg1}{:}{\\\\:}}} condition = ${if eq{$acl_m0}{}{no}{yes}} set acl_m1 = ${sg{$acl_arg1}{\N\s*>\s*$\N}{}} set acl_m1 = ${substr{0}{${eval:${strlen:$acl_m1}-${strlen:$acl_m0}}}{$acl_m1}} set acl_m1 = ${sg{$acl_m1}{\N\s*<\s*$\N}{}} message = $acl_m1 # accept message = ${if match{$acl_arg1}\ # {\N^\s*(.*)\s*<[^<>]+@[^<>]>\s*$\N}\ # {$1}\ # {\ # ${if match{$acl_arg1}{\N^\s*(.*)\s\S+?\s*$\N}{$1}{}}\ # }\ # } accept message = acl_trim: # acl_arg1 - string accept message = ${sg{${sg{$acl_arg1}{\N^\s+\N}{}}}{\N\s+$\N}{}} acl_ltrim: # acl_arg1 - string accept message = ${sg{$acl_arg1}{\N^\s+\N}{}} acl_rtrim: # acl_arg1 - string accept message = ${sg{$acl_arg1}{\N\s+$\N}{}} acl_format_float: # acl_arg1 - string # acl_arg2 - length # acl_arg3 - precision warn set acl_m_format_float = $acl_arg1${if match{$acl_arg1}{\N\.\N}{}{.}}${acl{acl_replicate}{0}{$acl_arg2}} accept message = ${acl{acl_padding_left}{${sg{$acl_m_format_float}{\N\..*$\N}{}}.${length{$acl_arg3}{${sg{$acl_m_format_float}{\N^.*\.\N}{}}}}}{${if eq{$acl_arg2}{}{0}{$acl_arg2}}}} acl_padding_left: # acl_arg1 - string # acl_arg2 - length accept message = ${if >{$acl_arg2}{${strlen:$acl_arg1}}{${acl{acl_replicate}{ }{${eval:$acl_arg2 - ${strlen:$acl_arg1}}}}}{}}$acl_arg1 acl_padding_right: # acl_arg1 - string # acl_arg2 - length accept message = $acl_arg1${if >{$acl_arg2}{${strlen:$acl_arg1}}{${acl{acl_replicate}{ }{${eval:$acl_arg2 - ${strlen:$acl_arg1}}}}}{}} acl_replicate: # acl_arg1 - character # acl_arg2 - length accept message = ${if >{$acl_arg2}{0}{${acl_arg1}${acl{acl_replicate}{${acl_arg1}}{${eval:$acl_arg2-1}}}}{}} acl_strip_quotes: # acl_arg1 - string with double quotes accept message = ${if match{$acl_arg1}{\N^"(.*)"$\N}{$1}{$acl_arg1}} acl_fold_header: # acl_arg1 - header value # acl_arg2 - cols (optional) # acl_arg3 - prefix (optional) warn set acl_m_DEBUG = ########## acl_arg1: "$acl_arg1" ########## warn set acl_m_DEBUG = ########## acl_arg2: "$acl_arg2" ########## warn set acl_m_DEBUG = ########## acl_arg3: "$acl_arg3" ########## warn set acl_m_DEBUG = ########## ограничение на длину строки заголовка ########## warn set acl_m_fold_cols = ${if eq{$acl_arg2}{}{72}{$acl_arg2}} warn set acl_m_DEBUG = ########## ограничение на длину строки заголовка с учётом длины префикса ########## warn set acl_m_fold_cols2 = ${eval:$acl_m_fold_cols-${if eq{$acl_arg3}{\t}{8}{${strlen:$acl_arg3}}}} warn set acl_m_DEBUG = ########## если длина оставшейся части заголовка вместе с префиксом меньше ограничения на длину строки заголовка ########## accept condition = ${if <={${strlen:$acl_arg1}}{$acl_m_fold_cols2}{yes}{no}} message = $acl_arg3$acl_arg1 warn set acl_m_DEBUG = ########## подстрока, соответствующая лимиту на длину строки заголовка ########## warn set acl_m_fold_str = ${substr{0}{$acl_m_fold_cols2}{$acl_arg1}} warn set acl_m_DEBUG = ########## длина части подстроки, заканчивающейся символом конца строки ########## accept set acl_m_fold_len1 = ${if match{$acl_m_fold_str}{\N^([^\n]+?\n)\N}{${strlen:$1}}{0}} condition = ${if >{$acl_m_fold_len1}{0}{yes}{no}} set acl_m1 = ${substr{0}{$acl_m_fold_len1}{$acl_arg1}} set acl_m2 = ${acl{acl_ltrim}{${substr{$acl_m_fold_len1}{${eval:${strlen:$acl_arg1}-$acl_m_fold_len1}}{$acl_arg1}}}} message = $acl_arg3$acl_m1${acl{acl_fold_header}{$acl_m2}{$acl_m_fold_cols}{${if eq{$acl_arg3}{}{\t}{$acl_arg3}}}} warn set acl_m_DEBUG = ########## если сразу вслед за подстрокой следует пробельный символ ########## accept condition = ${if match{${substr{$acl_m_fold_cols2}{1}{$acl_arg1}}}{\N^\s$\N}{yes}{no}} set acl_m2 = ${acl{acl_ltrim}{${substr{$acl_m_fold_cols2}{${eval:${strlen:$acl_arg1}-$acl_m_fold_cols2}}{$acl_arg1}}}} message = $acl_arg3$acl_m_fold_str\n${acl{acl_fold_header}{${acl{acl_ltrim}{$acl_m2}}}{$acl_m_fold_cols}{${if eq{$acl_arg3}{}{\t}{$acl_arg3}}}} warn set acl_m_DEBUG = ########## длина подстроки, заканчивающейся разделителем слов включительно ########## warn set acl_m_fold_len1 = ${if match{$acl_m_fold_str}{\N^(.*)([,;])(.*?)$\N}{${strlen:$1$2}}{0}} warn set acl_m_DEBUG = ########## длина подстроки, заканчивающейся пробельным символов не включительно ########## warn set acl_m_fold_len2 = ${if match{$acl_m_fold_str}{\N^(.*)(\s+)(.*?)$\N}{${strlen:$1}}{0}} warn set acl_m_DEBUG = ########## если в конце подтроки есть пробел и он правее последнего разделителя слов ########## accept condition = ${if >{$acl_m_fold_len2}{0}{yes}{no}} condition = ${if >={$acl_m_fold_len2}{$acl_m_fold_len1}{yes}{no}} set acl_m1 = ${substr{0}{$acl_m_fold_len2}{$acl_arg1}} set acl_m2 = ${acl{acl_ltrim}{${substr{$acl_m_fold_len2}{${eval:${strlen:$acl_arg1}-$acl_m_fold_len2}}{$acl_arg1}}}} message = $acl_arg3$acl_m1\n${acl{acl_fold_header}{$acl_m2}{$acl_m_fold_cols}{${if eq{$acl_arg3}{}{\t}{$acl_arg3}}}} warn set acl_m_DEBUG = ########## если в конце подстроки есть разделитель слов и он правее последнего пробела ########## accept condition = ${if >{$acl_m_fold_len1}{0}{yes}{no}} condition = ${if >={$acl_m_fold_len1}{$acl_m_fold_len2}{yes}{no}} set acl_m1 = ${substr{0}{$acl_m_fold_len1}{$acl_arg1}} set acl_m2 = ${acl{acl_ltrim}{${substr{$acl_m_fold_len1}{${eval:${strlen:$acl_arg1}-$acl_m_fold_len1}}{$acl_arg1}}}} message = $acl_arg3$acl_m1\n${acl{acl_fold_header}{$acl_m2}{$acl_m_fold_cols}{${if eq{$acl_arg3}{}{\t}{$acl_arg3}}}} warn set acl_m_DEBUG = ########## оставшаяся часть строки, которая больше лимита на длину строки заголовка ########## warn set acl_m_fold_str2 = ${substr{$acl_m_fold_cols2}{${eval:${strlen:$acl_arg1}-$acl_m_fold_cols2}}{$acl_arg1}} warn set acl_m_DEBUG = ######### ищем подстроку, заканчивающуюся на пробельный символ или разделитель слов ######### accept set acl_m_fold_len1 = ${if match{$acl_m_fold_str2}{\N^([^\s,;]*[,;]|[^\s,;]+)\s?\N}{${strlen:$1}}{0}} condition = ${if >{$acl_m_fold_len1}{0}{yes}{no}} set acl_m_fold_len1 = ${eval:$acl_m_fold_len1+$acl_m_fold_cols2} set acl_m1 = ${substr{0}{$acl_m_fold_len1}{$acl_arg1}} set acl_m2 = ${acl{acl_ltrim}{${substr{$acl_m_fold_len1}{${eval:${strlen:$acl_arg1}-$acl_m_fold_len1}}{$acl_arg1}}}} message = $acl_arg3$acl_m1\n${acl{acl_fold_header}{$acl_m2}{$acl_m_fold_cols}{${if eq{$acl_arg3}{}{\t}{$acl_arg3}}}} warn set acl_m_DEBUG = ######### заканчиваем обработку и возвращаем всю строку ######### accept message = $acl_arg3$acl_arg1 detaint: # acl_arg1 - string to detaint ifdef(`confDETAINT', `ifelse(confDETAINT, `NO', `dnl accept message = $acl_arg1 ')')dnl ifdef(`confDETAINT', `ifelse(confDETAINT, `DLFUNC', `dnl accept message = ${acl{detaint}{$acl_arg1}} ')')dnl ifdef(`confDETAINT', `ifelse(confDETAINT, `LOOKUP', `dnl accept message = ${lookup{$acl_arg1}lsearch*,ret=key{CONFDIR/detaint}} ')')dnl acl_whois_domain: # acl_arg1 - domain accept condition = ${if eq{$acl_arg1}{}{yes}{no}} message = warn set acl_m_result = ifdef(`confCACHE_WHOIS', `ifelse(confCACHE_WHOIS, `NO', `', `dnl ifelse(confCACHE_WHOIS, `MEMCACHED', `dnl define(`confMEMCACHED_ENABLED', `YES')dnl warn set acl_m_result = ${acl{acl_memcached_get}{confCACHE_WHOIS_RECORD_PREFIX`'$acl_arg1}} ')dnl ifelse(confCACHE_WHOIS, `REDIS', `dnl warn set acl_m_result = ${acl{acl_redis_get}{confCACHE_WHOIS_RECORD_PREFIX`'$acl_arg1}} ')dnl accept condition = ${if eq{$acl_m_result}{}{no}{yes}} message = $acl_m_result ')')dnl ifdef(`confCACHE_WHOIS', `ifelse(confCACHE_WHOIS, `NO', `', `')') warn set acl_m_whois_domain_tld = ${sg{$acl_arg1}{\N^.+\.\N}{}} accept condition = ${if match{$acl_m_whois_domain_tld}{\N^[a-z]{2,}$\N}{no}{yes}} set acl_m_sender_address_domain_whois_result = log_message = Restricted characters in the TLD of domain $acl_arg1 message = accept set acl_m_whois_server = ${if match_domain{$acl_m_whois_domain_tld}{\ aaa:aarp:abb:abbott:abogado:ac:academy:accenture:accountant:accountants:aco:active:actor:ads:adult:ae:aeg:aero:af:afl:ag:agency:aig:airforce:airtel:al:allfinanz:alsace:am:amica:amsterdam:android:apartments:app:apple:aquarelle:ar:aramco:archi:army:arte:as:asia:associates:at:attorney:auction:audi:audio:author:auto:autos:aw:axa:azure:band:bank:bar:barcelona:barclaycard:barclays:bargains:bauhaus:bayern:bbc:bbva:bcn:beats:beer:bentley:berlin:best:bet:bh:bharti:bi:bible:bid:bike:bing:bingo:bio:biz:bj:black:blackfriday:bloomberg:blue:bms:bmw:bnl:bnpparibas:bo:boats:boehringer:bom:bond:boo:book:boots:bostik:bot:boutique:br:bradesco:bridgestone:broadway:broker:brother:brussels:budapest:bugatti:build:builders:business:buy:buzz:bzh:cab:cafe:cal:call:camera:camp:cancerresearch:canon:capetown:capital:car:caravan:cards:care:career:careers:cars:cartier:casa:cash:casino:cat:catering:cba:cbn:cc:cd:ceb:center:ceo:cern:cfa:cfd:ch:chanel:channel:chat:cheap:chloe:christmas:chrome:church:ci:cipriani:circle:cisco:citic:city:cityeats:ck:cl:claims:cleaning:click:clinic:clothing:cloud:club:clubmed:co:coach:codes:coffee:college:cologne:commbank:community:company:computer:comsec:condos:construction:consulting:contractors:cooking:cool:coop:corsica:country:coupons:courses:cr:credit:creditcard:creditunion:cricket:crown:crs:cruises:csc:cuisinella:cx:cymru:cyou:cz:dabur:dad:dance:date:dating:datsun:day:dclk:de:deals:degree:delivery:dell:delta:democrat:dental:dentist:desi:design:dev:diamonds:diet:digital:direct:directory:discount:dk:dm:dnp:do:docs:dog:doha:domains:doosan:download:drive:durban:dvag:dz:earth:eat:ec:education:email:emerck:energy:engineer:engineering:enterprises:epson:equipment:erni:es:esq:estate:eu:eurovision:eus:events:everbank:exchange:expert:exposed:express:fage:fail:fairwinds:faith:family:fan:fans:farm:fashion:fast:feedback:ferrero:film:final:finance:financial:firestone:firmdale:fish:fishing:fit:fitness:fk:flights:florist:flowers:flsmidth:fly:fm:fo:foo:football:forex:forsale:forum:foundation:fr:frl:frogans:fund:furniture:futbol:fyi:gal:gallery:game:garden:gbiz:gd:gdn:gea:gent:genting:gf:ggee:gh:gi:gift:gifts:gives:giving:gl:glass:gle:global:globo:gmail:gmo:gmx:gold:goldpoint:golf:goo:goog:google:gop:got:gov:gp:grainger:graphics:gratis:green:gripe:group:gs:gucci:guge:guide:guitars:guru:hamburg:hangout:haus:healthcare:help:here:hermes:hiphop:hitachi:hiv:hn:hockey:holdings:holiday:homedepot:homes:honda:horse:host:hosting:hoteles:hotmail:house:how:hr:hsbc:ht:hu:hyundai:ibm:icbc:ice:icu:ie:ifm:iinet:im:immo:immobilien:in:industries:infiniti:ing:ink:institute:insurance:insure:international:investments:io:ipiranga:ir:irish:is:ist:istanbul:it:itau:iwc:jaguar:java:jcb:jetzt:jewelry:jlc:jll:jobs:joburg:jot:joy:jprs:juegos:kaufen:kddi:kg:ki:kia:kim:kinder:kitchen:kiwi:koeln:komatsu:krd:kred:kyoto:kz:la:lacaixa:lamborghini:lancaster:land:landrover:lasalle:lat:latrobe:law:lawyer:lc:lds:lease:leclerc:legal:lexus:lgbt:li:liaison:lidl:life:lifestyle:lighting:like:limited:limo:linde:link:live:lixil:lk:loan:loans:lol:london:lotte:lotto:love:ltd:ltda:lupin:luxe:luxury:lv:ly:madrid:maif:maison:man:management:mango:market:marketing:markets:marriott:mba:md:me:med:media:meet:melbourne:meme:memorial:men:menu:meo:mg:miami:microsoft:mini:mma:mn:moda:moe:moi:mom:monash:money:montblanc:mormon:mortgage:moscow:motorcycles:mov:movie:movistar:ms:mt:mtn:mtpc:mtr:mu:mutuelle:mx:mz:nadex:nagoya:name:navy:nec:netbank:network:neustar:new:news:nexus:nf:ng:ngo:nhk:ni:nico:ninja:nissan:nokia:norton:nowruz:nra:nrw:ntt:nu:nyc:obi:office:okinawa:omega:one:ong:onl:online:ooo:oracle:orange:organic:osaka:otsuka:ovh:page:panerai:paris:pars:partners:parts:party:pet:ph:pharmacy:philips:photo:photography:photos:physio:piaget:pics:pictet:pictures:pin:ping:pink:pizza:place:play:playstation:plumbing:plus:pm:pohl:poker:porn:pr:praxi:press:prod:productions:prof:properties:property:protection:ps:pt:pub:pw:qpon:quebec:racing:re:read:realtor:realty:recipes:red:redstone:redumbrella:rehab:reise:reisen:reit:ren:rent:rentals:repair:report:republican:rest:restaurant:review:reviews:rich:ricoh:rio:rip:ro:rocher:rocks:rodeo:room:rsvp:ru:ruhr:run:rwe:ryukyu:saarland:safe:sakura:sale:salon:samsung:sandvik:sandvikcoromant:sanofi:sap:sapo:sarl:saxo:sb:sbs:sca:scb:schmidt:scholarships:school:schule:schwarz:science:scor:scot:se:seat:security:seek:sener:services:seven:sew:sex:sexy:sfr:sg:sh:sharp:shia:shiksha:shoes:show:shriram:singles:site:sk:ski:sky:skype:sl:sm:smile:sn:sncf:so:soccer:social:software:sohu:solar:solutions:sony:soy:space:spiegel:spreadbetting:srl:st:stada:starhub:statoil:stc:stcgroup:stockholm:studio:study:style:su:sucks:supplies:supply:support:surf:surgery:suzuki:swatch:swiss:sydney:symantec:systems:tab:taipei:tatamotors:tatar:tattoo:tax:taxi:tc:tci:team:tech:technology:tel:telefonica:temasek:tennis:tf:tg:thd:theater:theatre:tickets:tienda:tips:tires:tirol:tk:tl:tm:to:today:tokyo:tools:top:toray:toshiba:tours:town:toyota:toys:tr:trade:trading:training:travel:travelers:trust:trv:tui:tv:ua:ubs:uk:university:uno:uol:us:uy:vacations:vana:vc:ve:vegas:ventures:verisign:versicherung:vet:vg:vi:viajes:video:villas:vin:vip:virgin:vision:vista:vistaprint:viva:vlaanderen:vn:vodka:vote:voting:voto:voyage:wales:walter:wang:watch:webcam:website:wed:wedding:weir:wf:whoswho:wien:wiki:williamhill:win:windows:wine:wme:work:works:world:ws:wtc:wtf:xbox:xerox:xin:xn--3ds443g:xn--4gbrim:xn--6frz82g:xn--6qq986b3xl:xn--80adxhks:xn--80asehdb:xn--80aswg:xn--c1avg:xn--czr694b:xn--fiq228c5hs:xn--i1b6b1a6a2e:xn--ngbc5azd:xn--nqv7f:xn--q9jyb4c:xperia:xxx:xyz:yachts:yamaxun:yandex:yodobashi:yoga:yokohama:youtube:yt:zara:zero:zip:zm:zone:zuerich\ }{whois.nic.$acl_m_whois_domain_tld}{$acl_m_whois_domain_tld.whois-servers.net}} set acl_m_whois_server = ${if eq{$acl_m_whois_server}{whois.nic.ua}{whois.com.ua}{$acl_m_whois_server}} ifdef(`confDETAINT', `ifelse(confDETAINT, `NO', `', `dnl set acl_m_whois_server = ${acl{detaint}{$acl_m_whois_server}} ')')dnl set acl_m_result = ${readsocket{inet:$acl_m_whois_server:43}{$acl_arg1\n}{confWHOI_DOMAIN_TIMEOUT`'ifelse(confREADSOCKET_SHUTDOWN_NO, `DISABLE', `', `:shutdown=no')}{\n}{socket failure}} condition = ${if eq{$acl_m_result}{socket failure}{yes}{no}} log_message = whois $acl_arg1 request to $acl_m_whois_server:43: socket failure message = warn condition = ${if eq{$acl_m_result}{}{no}{yes}} ifdef(`confCACHE_WHOIS', `ifelse(confCACHE_WHOIS, `NO', `', `dnl ifelse(confCACHE_WHOIS, `MEMCACHED', `dnl condition = ${if eq{\ ${acl{acl_memcached_set}\ {confCACHE_WHOIS_RECORD_PREFIX`'$acl_arg1}\ {$acl_m_result}\ {${eval:confCACHE_WHOIS_TTL*60}}\ }\ }{ok}{no}{yes}} log_message = Could not store WHOIS record to memcahed ')dnl ifelse(confCACHE_WHOIS, `REDIS', `dnl set acl_m_redis_status = ${acl{acl_redis_set}\ {confCACHE_WHOIS_RECORD_PREFIX`'$acl_arg1}\ {$acl_m_result}\ {${eval:confCACHE_WHOIS_TTL*60}}\ } condition = ${if eq{$acl_m_redis_status}{ok}{no}{yes}} log_message = Could not store WHOIS record to redis: $acl_m_redis_status ')dnl ')')dnl ifdef(`confCACHE_WHOIS', `ifelse(confCACHE_WHOIS, `NO', `', `')') accept condition = ${if eq{$acl_m_result}{}{yes}{no}} log_message = whois $acl_arg1 request empty result message = accept set acl_m_whois_server_tmp = ${if match{$acl_m_result}{\N\n\s*Whois Server:\s*(\S+)\s*\r?\n\N}{$1}{}} condition = ${if eq{$acl_m_whois_server_tmp}{}{yes}{no}} message = $acl_m_result accept \ ifdef(`confDETAINT', `ifelse(confDETAINT, `NO', `', `dnl set acl_m_whois_server = ${acl{detaint}{$acl_m_whois_server}} ')')dnl set acl_m_result_tmp = ${readsocket{inet:$acl_m_whois_server_tmp:43}{$acl_arg1\n}{confWHOI_DOMAIN_TIMEOUT`'ifelse(confREADSOCKET_SHUTDOWN_NO, `DISABLE', `', `:shutdown=no')}{\n}{socket failure}} condition = ${if eq{$acl_m_result_tmp}{socket failure}{yes}{no}} log_message = whois $acl_arg1 request to $acl_m_whois_server_tmp:43: socket failure message = accept message = $acl_m_result$acl_m_result_tmp ifdef(`confGREYLIST', `ifelse(confGREYLIST, `NO', `', `dnl FEATURE(`greylist')dnl ')') ifdef(`confGREYLIST', `ifelse(confGREYLIST, `NO', `', `dnl FEATURE(`auth_client')dnl ')') ifdef(`confANTIVIRUS0_ACT', `dnl FEATURE(`antivirus') ') ifelse_strstr(confCONTENT_SCANNING, `SPAMASSASSIN', `dnl FEATURE(`spamassassin')dnl ') ifelse_strstr(` 'confCONTENT_SCANNING, ` SPAMD', `dnl FEATURE(`spamd')dnl ') ifelse_strstr(confCONTENT_SCANNING, `DSPAM', `dnl FEATURE(`dspam')dnl ') ifelse_strstr(confCONTENT_SCANNING, `DCC', `dnl FEATURE(`dcc')dnl ') ifelse_strstr(confCONTENT_SCANNING, `RSPAMD', `dnl FEATURE(`rspamd')dnl ') ifdef(`confMTA_STS', `ifelse(confMTA_STS, `NO', `', `dnl FEATURE(`mta-sts')dnl ')') FEATURE(`mysql_safe_queries')dnl FEATURE(`memcached')dnl FEATURE(`redis')dnl ifdef(`confSMTP_AUTH_RELAY', `ifelse(confSMTP_AUTH_RELAY, `NO', `', `dnl FEATURE(`auth_relay')dnl ')') acl_detaint: # acl_arg1 - string to detaint accept message = ${lookup{$acl_arg1}lsearch*,ret=key{CONFDIR/detaint}} acl_expand: # acl_arg1 - string to expand accept message = ${expand:$acl_arg1} ifdef(`confCUSTOM_ACLS', confCUSTOM_ACLS) ###################################################################### # ROUTERS CONFIGURATION # # Specifies how addresses are handled # ###################################################################### # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # # An address is passed to each router in turn until it is accepted. # ###################################################################### begin routers define(`SECTION', `ROUTERS')dnl define(`confREMOTE_SMTP6_TRANSPORT', `dnl ifdef(`confSRS', `ifelse(confSRS, `NO', `dnl ifdef(`confBATV', `ifelse(confBATV, `NO', `dnl remote_smtp6`'dnl ', `dnl ${if and{\ {match_domain{$sender_address_domain}{+local_domains}}\ {match_address{$sender_address}{ifdef(`confBATV_SENDERS_EXCLUDED', `!+batv_senders_excluded : ')+batv_senders}}\ }{remote_smtp6_batv}{remote_smtp6}}`'dnl ')') dnl ifdef(`confBATV', `ifelse(confBATV, `NO', `')') ', `dnl ${if eq\ {$local_part@$domain}\ {$original_local_part@$original_domain}\ {remote_smtp6}\ {remote_smtp6_srs}\ }`'dnl ')') dnl ifdef(`confSRS', `ifelse(confSRS, `NO', `')') ') dnl define(`confREMOTE_SMTP6_TRANSPORT', `') define(`confREMOTE_SMTP_TRANSPORT', `dnl ifdef(`confSRS', `ifelse(confSRS, `NO', `dnl ifdef(`confBATV', `ifelse(confBATV, `NO', `dnl remote_smtp`'dnl ', `dnl ${if and{\ {match_domain{$sender_address_domain}{+local_domains}}\ {match_address{$sender_address}{ifdef(`confBATV_SENDERS_EXCLUDED', `!+batv_senders_excluded : ')+batv_senders}}\ }{remote_smtp_batv}{remote_smtp}}`'dnl ')') dnl ifdef(`confBATV', `ifelse(confBATV, `NO', `')') ', `dnl ${if eq\ {$local_part@$domain}\ {$original_local_part@$original_domain}\ {remote_smtp}\ {remote_smtp_srs}\ }`'dnl ')') dnl ifdef(`confSRS', `ifelse(confSRS, `NO', `')') ') dnl define(`confREMOTE_SMTP_TRANSPORT', `') sinclude(confSITE_DIR`/configure.backup_outgoing_custom_router')dnl ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `dnl ifdef(`confQUARANTINED_SEND_TO_RELAYTO_DOMAINS', `ifelse(confQUARANTINED_SEND_TO_RELAYTO_DOMAINS, `NO', `', `dnl ifdef(`confQUARANTINED_REDIRECT', `ifelse(confQUARANTINED_REDIRECT, `NO', `', `dnl quarantined_send_to_relayto_domains: driver = redirect domains = +relay_to_domains_personal_quarantine # condition = ${if eq{$acl_m_quarantined}{}{no}{yes}} condition = ${if IS_NOT_QUARANTINED_CORE{no}{yes}} data = ${lookup{$local_part@$domain}wildlsearch{CONFDIR/recipients_personal_quarantine_redirect}{\ ${if match{$value}{\N.+(lookup |[\{\}])\N}{${expand:$value}}{$value}}\ }{}} no_verify ')') dnl ifdef(`confQUARANTINED_REDIRECT', `ifelse(confQUARANTINED_REDIRECT, `NO', `', `')') ')') dnl ifdef(`confQUARANTINED_SEND_TO_RELAYTO_DOMAINS', `ifelse(confQUARANTINED_SEND_TO_RELAYTO_DOMAINS, `NO', `', `')') ')dnl ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `') ifdef(`confVIRTUSERTABLE', `ifelse(confVIRTUSERTABLE, `NO', `', `dnl FEATURE(`virtusertable')dnl ')') sinclude(confSITE_DIR`/configure.mailertable_custom_router')dnl ifdef(`confMAILERTABLE', `ifelse(confMAILERTABLE, `NO', `', `dnl DELIVERY(`mailertable')dnl ifdef(`confUUCP', `ifelse(confUUCP, `NO', `', `dnl DELIVERY(`uucp')dnl ')') ')') dnl ifdef(`confMAILERTABLE', `ifelse(confMAILERTABLE, `NO', `', `')') ifdef(`confSMART_HOST', `ifelse(confSMART_HOST, `NO', `', `dnl FEATURE(`smarthost')dnl ')') ifdef(`confFALL_BACK_MX_DELAYED', `ifelse(confFALL_BACK_MX_DELAYED, `NO', `', `dnl FEATURE(`fallback_mx')dnl ')') ifdef(`confDOMAIN_LITERALS', `ifelse(confDOMAIN_LITERALS, `NO', `', `dnl FEATURE(`domain_literals')dnl ')') DELIVERY(`backup_outgoing')dnl ifdef(`confRELAY_BASED_ON_MX', `ifelse(confRELAY_BASED_ON_MX, `NO', `', `dnl FEATURE(`relay_based_on_MX')dnl ')') ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', ` dnslookup_skip_quarantined: driver = accept transport = fake_transport domains = confDNSLOOKUP_DOMAINS # condition = ${if eq{$acl_m_quarantined}{}{no}{yes}} condition = ${if IS_NOT_QUARANTINED{no}{yes}} no_more ')dnl ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL', `') ifdef(`confMTA_STS', `ifelse(confMTA_STS, `NO', `', `dnl FEATURE(`mta-sts')dnl ')') FEATURE(`smtp')dnl ifdef(`confSRS', `ifelse(confSRS, `NO', `', `dnl FEATURE(`srs')dnl ')') ifdef(`confBATV', `ifelse(confBATV, `NO', `', `dnl FEATURE(`batv')dnl ')') ifelse_strstr(confDELIVERY_TO, `MDIR_VIRTUAL', `dnl DELIVERY(`maildir_virtual')dnl ') ifelse_strstr(confDELIVERY_TO, `MDIR_USER', `dnl DELIVERY(`maildir_user')dnl ') ifelse_strstr(confDELIVERY_TO, `MBOX', `dnl DELIVERY(`mailbox')dnl ') ifdef(`confLUSER', `ifelse(confLUSER, `NO', `', `dnl FEATURE(`luser')dnl ')') ifdef(`confMAILMAN', `ifelse(confMAILMAN, `NO', `', `dnl FEATURE(`mailman')dnl ')') ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # ORDER DOES NOT MATTER # # Only one appropriate transport is called for each delivery. # ###################################################################### begin transports define(`SECTION', `TRANSPORTS')dnl fake_transport: driver = appendfile file = /dev/null sinclude(confSITE_DIR`/configure.custom_transport')dnl FEATURE(`smtp')dnl ifdef(`confMTA_STS', `ifelse(confMTA_STS, `NO', `', `dnl FEATURE(`mta-sts')dnl ')') ifdef(`confSRS', `ifelse(confSRS, `NO', `', `dnl FEATURE(`srs')dnl ')') ifdef(`confBATV', `ifelse(confBATV, `NO', `', `dnl FEATURE(`batv')dnl ')') ifdef(`confMAILERTABLE', `ifelse(confMAILERTABLE, `NO', `', `dnl DELIVERY(`mailertable')dnl ifdef(`confUUCP', `ifelse(confUUCP, `NO', `', `dnl DELIVERY(`uucp')dnl ')') ')') dnl ifdef(`confMAILERTABLE', `ifelse(confMAILERTABLE, `NO', `', `')') ifelse_strstr(confDELIVERY_TO, `PROCMAIL', `dnl DELIVERY(`procmail')dnl ') ifelse_strstr(confDELIVERY_TO, `MDIR_VIRTUAL', `dnl DELIVERY(`maildir_virtual')dnl ') ifelse_strstr(confDELIVERY_TO, `MDIR_USER', `dnl DELIVERY(`maildir_user')dnl ') ifelse_strstr(confDELIVERY_TO, `MBOX', `dnl DELIVERY(`mailbox')dnl ') ifdef(`confMAILMAN', `ifelse(confMAILMAN, `NO', `', `dnl FEATURE(`mailman')dnl ')') filter_pipe: driver = pipe # user = mailnull # group = mail return_fail_output address_pipe: driver = pipe # return_output message_prefix = return_fail_output address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add address_directory: driver = appendfile delivery_date_add envelope_to_add return_path_add maildir_format = true # create_directory = true # directory_mode = 750 # mode = 0640 address_reply: driver = autoreply ###################################################################### # RETRY CONFIGURATION # ###################################################################### begin retry define(`SECTION', `RETRY')dnl include(confSITE_DIR`/configure.retry_rules')dnl ###################################################################### # REWRITE CONFIGURATION # ###################################################################### begin rewrite define(`SECTION', `REWRITE')dnl include(confSITE_DIR`/configure.rewrite_rules')dnl ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### begin authenticators define(`SECTION', `AUTHENTICATORS')dnl ifdef(`confSMTP_AUTH', `ifelse(confSMTP_AUTH, `NO', `', `dnl FEATURE(`auth')dnl ')') ifdef(`confSMTP_AUTH_CLIENT', `ifelse(confSMTP_AUTH_CLIENT, `NO', `', `dnl FEATURE(`auth_client')dnl ')') # The End