From 064c17f007bd0ba916fb2cf52af4987b759fb37b Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sun, 4 Oct 2009 12:20:26 +0100 Subject: [PATCH] turn off a bit more for popcon.d.o Signed-off-by: Stephen Gran --- modules/exim/templates/eximconf.erb | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 7b47197d1..feecf8696 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -556,10 +556,18 @@ end out %> + warn acl = acl_getprofile + condition = ${if eq{$acl_m_prf}{}} + set acl_m_prf = $acl_m_rprf + + defer condition = ${if eq{$acl_m_prf}{$acl_m_rprf}{no}{yes}} + log_message = Only one profile at a time, please + # Defer after too many bad RCPT TO's. Legit MTAs will retry later. # This is a rough pass at preventing addres harvesting or other mail blasts. defer log_message = Too many bad recipients ${eval:$rcpt_fail_count} out of $rcpt_count + condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} message = Too many bad recipients, try again later !hosts = +debianhosts condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}} @@ -567,12 +575,14 @@ out # Dump spambots that are so stupid they say helo as our IP address drop !hosts = +debianhosts + condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} condition = ${if eq {$sender_helo_name}{$interface_address}{yes}{no}} message = HELO mismatch Forged HELO for ($sender_helo_name) # Also for spambots that say helo as us or one of our domains drop !hosts = +debianhosts + condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} condition = ${if match_domain{$sender_helo_name}{$primary_hostname:+handled_domains}} condition = ${if !match{$sender_host_name}{${rxquote:$sender_helo_name}\N$\N}} message = HELO mismatch Forged HELO for ($sender_helo_name) @@ -587,6 +597,7 @@ out # say helo as a name in the list but we can't look them up defer !hosts = +debianhosts + condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} condition = ${if eq{$acl_m_frg}{}{no}{yes}} condition = ${if eq{$sender_host_name}{}{yes}{no}} condition = ${if eq{$host_lookup_failed}{1}{no}{yes}} @@ -595,6 +606,7 @@ out # If DNS works, go ahead and reject them drop !hosts = +debianhosts + condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} condition = ${if and { {!eq{$acl_m_frg}{}}{!match{$sender_host_name}{${rxquote:$acl_m_frg}\N$\N}}}{yes}{no}} message = HELO mismatch Forged HELO for ($sender_helo_name) @@ -635,13 +647,6 @@ out condition = ${if match_local_part {$sender_address_local_part}{${extract{directory}{VDOMAINDATA}{${value}/neversenders}}}{1}{0}} message = no mail should ever come from <$sender_address> - warn acl = acl_getprofile - condition = ${if eq{$acl_m_prf}{}} - set acl_m_prf = $acl_m_rprf - - defer condition = ${if eq{$acl_m_prf}{$acl_m_rprf}{no}{yes}} - log_message = Only one profile at a time, please - warn condition = ${if eq{$acl_m_prf}{localonly}} set acl_m_lrc = ${if eq{$acl_m_lrc}{}{$local_part@$domain}{$acl_m_lrc, $local_part@$domain}} @@ -671,6 +676,7 @@ out !verify = sender defer !hosts = +debianhosts + condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} condition = ${if >{${eval:$acl_c_scr+0}}{0}} ratelimit = 10 / 60m / per_rcpt / $sender_host_address message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists) -- 2.20.1