# This logic gives you a list of commonly forged domains in helo to reject against
- warn set acl_m2 = ${lookup{$sender_helo_name} \
+ warn set acl_m_frg = ${lookup{$sender_helo_name} \
nwildlsearch{/etc/exim4/helo-check} \
{${if eq{$value}{}{$sender_helo_name}{$value}}}{}}
# say helo as a name in the list but we can't look them up
defer !hosts = +debianhosts
- condition = ${if eq{$acl_m2}{}{no}{yes}}
+ condition = ${if eq{$acl_m_frg}{}{no}{yes}}
condition = ${if eq{$sender_host_name}{}{yes}{no}}
condition = ${if eq{$host_lookup_failed}{1}{no}{yes}}
message = Access temporarily denied. Resolve failed PTR for $sender_host_address
# If DNS works, go ahead and reject them
- drop !hosts = +debianhosts
- condition = ${if and { {!eq{$acl_m2}{}}{!match{$sender_host_name}{${rxquote:$acl_m2}\N$\N}}}{yes}{no}}
+ drop !hosts = +debianhosts
+ condition = ${if and { {!eq{$acl_m_frg}{}}{!match{$sender_host_name}{${rxquote:$acl_m_frg}\N$\N}}}{yes}{no}}
message = HELO mismatch Forged HELO for ($sender_helo_name)
# disabled accounts don't even get local mail.
condition = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}}
message = no mail should ever come from <$sender_address>
- warn condition = ${if eq{$acl_m6}{}}
+ warn condition = ${if eq{$acl_m_lcl}{}}
acl = acl_localonly
- set acl_m6 = localonly
- set acl_m7 = ${if eq{$acl_m7}{}{$local_part@$domain}{$acl_m7, $local_part@$domain}}
+ set acl_m_lcl = localonly
+ set acl_m_lrc = ${if eq{$acl_m_lrc}{}{$local_part@$domain}{$acl_m_lrc, $local_part@$domain}}
- warn condition = ${if eq{$acl_m6}{}}
+ warn condition = ${if eq{$acl_m_lcl}{}}
!acl = acl_localonly
- set acl_m6 = normal
+ set acl_m_lcl = normal
- defer condition = ${if eq{$acl_m6}{localonly}}
+ defer condition = ${if eq{$acl_m_lcl}{localonly}}
!acl = acl_localonly
log_message = Only one profile at a time, please
- defer condition = ${if eq{$acl_m6}{normal}}
+ defer condition = ${if eq{$acl_m_lcl}{normal}}
acl = acl_localonly
log_message = Only one profile at a time, please
elsif has_variable?("postgrey") && postgrey == "true"
out = '
# next three are greylisting, inspired by http://www.bebt.de/blog/debian/archives/2006/07/30/T06_12_27/index.html
- # this adds acl_m4 if there isn\'t one (so unique per message)
+ # this adds acl_m_grey if there isn\'t one (so unique per message)
warn
!senders = :
!hosts = : +debianhosts : WHITELIST
- condition = ${if def:acl_m4 {no}{yes}}
- set acl_m4 = $pid.$tod_epoch.$sender_host_port
+ condition = ${if def:acl_m_grey {no}{yes}}
+ set acl_m_grey = $pid.$tod_epoch.$sender_host_port
# and defers the message if postgrey thinks it should be defered ...
defer
!authenticated = *
domains = +handled_domains : +rcpthosts
local_parts = GREYLIST_LOCAL_PARTS
- set acl_m3 = request=smtpd_access_policy\n\
+ set acl_m_pgr = request=smtpd_access_policy\n\
protocol_state=RCPT\n\
protocol_name=${uc:$received_protocol}\n\
- instance=${acl_m4}\n\
+ instance=${acl_m_grey}\n\
helo_name=${sender_helo_name}\n\
client_address=${substr_-3:${mask:$sender_host_address/24}}\n\
client_name=${sender_host_name}\n\
sender=${sender_address}\n\
recipient=$local_part@$domain\n\n
- set acl_m3 = ${sg{\
- ${readsocket{/var/run/postgrey/socket}{$acl_m3}\
+ set acl_m_pgr = ${sg{\
+ ${readsocket{/var/run/postgrey/socket}{$acl_m_pgr}\
{5s}{}{action=DUNNO}}\
}{action=}{}}
- message = ${sg{$acl_m3}{^\\\\w+\\\\s*}{}}
+ message = ${sg{$acl_m_pgr}{^\\\\w+\\\\s*}{}}
log_message = greylisted.
- condition = ${if eq{${uc:${substr{0}{5}{$acl_m3}}}}{DEFER}}
+ condition = ${if eq{${uc:${substr{0}{5}{$acl_m_pgr}}}}{DEFER}}
# ... or adds a header with information about how long the delay was
warn
!authenticated = *
domains = +handled_domains : +rcpthosts
local_parts = GREYLIST_LOCAL_PARTS
- condition = ${if eq{${uc:${substr_0_7:$acl_m3}}}{PREPEND}}
- message = ${sg{$acl_m3}{^\\\\w+\\\\s*}{}}
+ condition = ${if eq{${uc:${substr_0_7:$acl_m_pgr}}}{PREPEND}}
+ message = ${sg{$acl_m_pgr}{^\\\\w+\\\\s*}{}}
'
end
out
%>
acl_check_predata:
- deny condition = ${if eq{$acl_m6}{localonly}}
- message = mail for $acl_m7 is only accepted internally
+ deny condition = ${if eq{$acl_m_lcl}{localonly}}
+ message = mail for $acl_m_lrc is only accepted internally
accept