dnl dnl проверка FQDN хоста отправителя в HELO по следующему алгоритму: dnl dnl 1. поизводится получение A записи аргумента команды HELO dnl 2. полученная A запись сравнивается с A записью рилея dnl 3. если A записи равны, проверка оканчивается успешно dnl 4. если A записи не равны, сравниваются доменные части HELO и PTR записи рилея dnl 5. если они не равны, сообщение считается не прошедшим проверку dnl 6. если доменные части HELO и PTR записи рилея равны, то сравниваются номера dnl сетей класса C полученной ранее A записи HELO и A записи рилея dnl 7. если номера сетей равны (A запись HELO и A запись рилея находятся в одной dnl сети класса C), то проверка оканчивается успешно dnl 8. в противном случае сообщение считается не прошедшим проверку dnl NO - не проводить проверку dnl REJECT - возврата клиенту кода 5xx dnl DROP - возврат клиенту кода 5xx и обрыв соединения dnl DEFER - возврата клиенту кода 451 dnl WARN - вывода в лог файл предупреждения dnl QUARANTINE - принять письмо с сохранением в карантин без доставки получателям dnl PAUSE:XX - пауза XX секунд dnl GREYLIST:XX - добавить XX баллов к счетчику опционального greylisting'а dnl REJECT:XX - добавить XX баллов к счетчику опционального reject'а dnl define(`confCHECK_HELO_FQDN_FORGED', `NO')dnl dnl define(`confCHECK_HELO_FQDN_DEFER', `NO')dnl dnl define(`confCHECK_HELO_FQDN_NOT_RESOLVABLE', `NO')dnl dnl в confCHECK_HELO_FQDN_FORGED, confCHECK_HELO_FQDN_DEFER и dnl confCHECK_HELO_FQDN_NOT_RESOLVABLE могут быть указаны несколько значений, dnl разделеные пробелом dnl dnl исключеня из проверки FQDN в HELO (список) dnl AUTH - не проводить проверку аутентифицированных отправителей dnl RELAY_FROM - не проводить проверку исходящих сообщений dnl HOST_LIST - не проводить проверку сообщений, получаемых с определенного списка хостов dnl (список хостов/сетей находится в файле skip_helo_fqdn_check) dnl REGEXP - не проводить проверку сообщений, HELO которых описано в виде регулярного dnl выражения в файле skip_helo_forged_check dnl define(`confCHECK_HELO_FQDN_SKIP', `AUTH RELAY_FROM')dnl dnl dnl при значении REGEXP в confCHECK_HELO_FQDN_SKIP исключения указываются dnl в файле confCONFDIR/skip_helo_forged_check в виде: dnl <адрес_хоста_отправителя> : dnl dnl в качестве адреса хоста отправителя может быть указана A запись хоста dnl или сеть в виде CIDR dnl в качестве regexp указывается регулярное выражение, которому должно dnl соответствовать HELO сообщений данного хоста отправителя dnl регулярное выражение обязательно указыватеся без \N в начале и в конце dnl dnl пример: dnl 66.218.64.0/19 : ^(.+\.)*yahoo\.com$ dnl 213.180.200.0/24 : ^(.+\.)*yandex\.ru$ dnl 66.220.144.0/20 : ^mx-out\.facebook\.com$ dnl ifelse(SECTION, `MAIN', `dnl ifelse_strstr(confCHECK_HELO_FQDN_SKIP, `HOST_LIST', `dnl hostlist skip_helo_fqdn_check = CONFDIR/skip_helo_fqdn_check ')') ifelse(SECTION, `ACL_CHECK_RCPT', `dnl ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL',`dnl define(`_CHECK_HELO_FQDN_TMP1', `NORMALIZE_ACTION_PERSONAL_QUARANTINE(confCHECK_HELO_FQDN_FORGED)')dnl define(`_CHECK_HELO_FQDN_TMP2', `NORMALIZE_ACTION_PERSONAL_QUARANTINE(confCHECK_HELO_FQDN_DEFER)')dnl define(`_CHECK_HELO_FQDN_TMP3', `NORMALIZE_ACTION_PERSONAL_QUARANTINE(confCHECK_HELO_FQDN_NOT_RESOLVABLE)')dnl ',`dnl define(`_CHECK_HELO_FQDN_TMP1', `NORMALIZE_ACTION(confCHECK_HELO_FQDN_FORGED)')dnl define(`_CHECK_HELO_FQDN_TMP2', `NORMALIZE_ACTION(confCHECK_HELO_FQDN_DEFER)')dnl define(`_CHECK_HELO_FQDN_TMP3', `NORMALIZE_ACTION(confCHECK_HELO_FQDN_NOT_RESOLVABLE)')dnl ')dnl define(`confCHECK_HELO_FQDN_FORGED', _CHECK_HELO_FQDN_TMP1` ')dnl define(`confCHECK_HELO_FQDN_DEFER', _CHECK_HELO_FQDN_TMP2` ')dnl define(`confCHECK_HELO_FQDN_NOT_RESOLVABLE', _CHECK_HELO_FQDN_TMP3` ')dnl # проверка соответствия HELO и FQDN хоста отправителя warn set acl_m0 = set acl_m3 = ${if eq{$received_protocol}{local}{skip}{}} ifelse_strstr(confCHECK_HELO_FQDN_SKIP, `AUTH', `dnl warn condition = ${if eq{$acl_m3}{}{yes}{no}} authenticated = * set acl_m3 = skip ')dnl ifelse_strstr(confCHECK_HELO_FQDN_SKIP, `RELAY_FROM', `dnl warn condition = ${if eq{$acl_m3}{}{yes}{no}} hosts = +relay_from_hosts set acl_m3 = skip ')dnl ifelse_strstr(confCHECK_HELO_FQDN_SKIP, `HOST_LIST', `dnl warn condition = ${if eq{$acl_m3}{}{yes}{no}} hosts = +skip_helo_fqdn_check set acl_m3 = skip ')dnl ifelse_strstr(confCHECK_HELO_FQDN_SKIP, `REGEXP', `dnl warn condition = ${if eq{$acl_m3}{}{yes}{no}} set acl_m1 = ${lookup{$sender_host_address}\ iplsearch{CONFDIR/skip_helo_forged_check}} set acl_m3 = ${if and{\ {!eq{$acl_m1}{}}\ {match{$sender_helo_name}{$acl_m1}}\ }{skip}{$acl_m3}} ')dnl warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if match{$sender_helo_name}{\N^\d+\.\d+\.\d+\.\d+$\N}{yes}{no}} set acl_m3 = skip warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if isip4{$sender_host_address}{yes}{no}} set acl_m3 = defer set acl_m1 = ${if match{$sender_helo_name}{\N^\[?(\d+\.\d+\.\d+\.\d+)\]?$\N}{$1}{${lookup dnsdb{>: a=$sender_helo_name}}}} set acl_m3 = condition = ${if eq{$acl_m1}{}{no}{yes}} condition = ${if forany{$acl_m1}{eq{$item}{$sender_host_address}}{yes}{no}} set acl_m3 = ok ifelse_strstr(confIPv6, `YES', `dnl warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if isip6{$sender_host_address}{yes}{no}} set acl_m3 = defer set acl_m1 = ${if match{$sender_helo_name}{\N^\[?(\ (([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\ )\]?$\N}{$1}{${lookup dnsdb{>; aaaa=$sender_helo_name}}}} set acl_m3 = condition = ${if eq{$acl_m1}{}{no}{yes}} condition = ${if forany{<; $acl_m1}{eq{\ ${sg{${sg{${sg{$item}{\N:0+\N}{:}}}{\N::+\N}{::}}}{\N^0+\N}{}}\ }{$acl_c_sender_host_address_ipv6_compact}}{yes}{no}} set acl_m3 = ok ') dnl ifelse_strstr(confIPv6, `YES', `') warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if eq{$acl_m1}{}{yes}{no}} set acl_m3 = not_resolve warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if isip4{$sender_host_address}{yes}{no}} condition = ${if match{$acl_m1}{\N^(\d{1,3}\.\d{1,3}\.\d{1,3})\.\d{1,3}\N}{no}{yes}} set acl_m3 = not_resolve ifelse_strstr(confIPv6, `YES', `dnl warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if isip6{$sender_host_address}{yes}{no}} condition = ${if match{$acl_m1}{\N^\ (([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\ $\N}{no}{yes}} set acl_m3 = not_resolve ') dnl ifelse_strstr(confIPv6, `YES', `') warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if eq{$acl_m_sender_helo_domain}{}{yes}{no}} set acl_m_sender_helo_domain = ${sg{$sender_helo_name}{\N^([^\.]*)(?:\.(.+))*$\N}{\$2}} warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if eq{$acl_m_sender_host_name_list}{}{yes}{no}} set acl_m_sender_host_name_list = ${lookup dnsdb{>:ptr=$sender_host_address}} warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if eq{$acl_m_sender_host_name_list}{}{yes}{no}} set acl_m_sender_host_name_list = $sender_host_name warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if isip4{$sender_host_address}{yes}{no}} condition = ${if eq{$acl_m_sender_helo_domain}{}{yes}{no}} set acl_m3 = defer warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if eq{$acl_m_sender_host_name_list}{}{yes}{no}} set acl_m3 = not_resolve sender_host_address warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if isip4{$sender_host_address}{yes}{no}} set acl_m3 = ${if and{\ {\ forany{$acl_m1}{eq{\ ${sg{$item}{\N^(\d{1,3}\.\d{1,3}\.\d{1,3})\.\d{1,3}\N}{\$1}}\ }{\ ${sg{$sender_host_address}{\N^(\d{1,3}\.\d{1,3}\.\d{1,3})\.\d{1,3}\N}{\$1}}\ }}\ }{\ forany{$acl_m_sender_host_name_list}{\ match{$item}{\N^(.+\.)?\N${expand:$acl_m_sender_helo_domain}\N$\N}\ }\ }\ }{ok}{forged}} ifelse_strstr(confIPv6, `YES', `dnl warn condition = ${if eq{$acl_m3}{}{yes}{no}} condition = ${if isip6{$sender_host_address}{yes}{no}} set acl_m3 = forged ') dnl ifelse_strstr(confIPv6, `YES', `') warn condition = ${if eq{$acl_m3}{forged}{yes}{no}} condition = ${if isip4{$sender_host_address}{yes}{no}} set acl_m2 = Forged HELO used set acl_m0 = Forged HELO used (A record of HELO $sender_helo_name does not correspond to relay address $sender_host_address) ifelse_strstr(confIPv6, `YES', `dnl warn condition = ${if eq{$acl_m3}{forged}{yes}{no}} condition = ${if isip6{$sender_host_address}{yes}{no}} set acl_m2 = Forged HELO used set acl_m0 = Forged HELO used (AAAA record of HELO $sender_helo_name does not correspond to relay address $sender_host_address) ') dnl ifelse_strstr(confIPv6, `YES', `') warn condition = ${if eq{$acl_m3}{defer}{yes}{no}} set acl_m2 = Forged HELO used set acl_m0 = Forged HELO used (Resolve of HELO $sender_helo_name gave DEFER) warn condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} set acl_m2 = Forged HELO used set acl_m0 = Forged HELO used (HELO $sender_helo_name does not resolve) warn condition = ${if eq{$acl_m3}{not_resolve sender_host_address}{yes}{no}} set acl_m2 = Forged HELO used set acl_m0 = Forged HELO used (sender host address $sender_host_address does not resolve) set acl_m3 = not_resolve warn condition = ${if eq{$acl_m3}{forged}{yes}{no}} ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `pause', `dnl delay = EXTRACT_NAMED(`pause', confCHECK_HELO_FQDN_FORGED)s set acl_m_spam_action = ${acl_m_spam_action}\t\ delay=EXTRACT_NAMED(`pause', confCHECK_HELO_FQDN_FORGED)s\t\t\ $acl_m0\n log_message = $acl_m0; message delayed for EXTRACT(`pause', confCHECK_HELO_FQDN_FORGED)`'s ')dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `pause', `') ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `warn', `dnl add_header = X-Warn-HELO-Forged: $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `warn', `') ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `quarantine', `dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `reject ', `dnl dnl quarantine and reject accept condition = ${if eq{$acl_m3}{forged}{yes}{no}} log_message = message will be quarantined and rejected: $acl_m0 set acl_m_fakereject = \ message will be quarantined and rejected: $acl_m0\ |X-Quarantine-HELO-Forged: $acl_m0\ |$acl_m2 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope ',`dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `reject ', `') dnl quarantine and !reject warn condition = ${if eq{$acl_m3}{forged}{yes}{no}} log_message = message will be quarantined: $acl_m0 add_header = X-Quarantine-HELO-Forged: $acl_m2 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope accept condition = ${if eq{$acl_m3}{forged}{yes}{no}} ') dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `reject ', `') ', `dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `quarantine', `') ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `reject ', `dnl dnl !quarantine and reject deny condition = ${if eq{$acl_m3}{forged}{yes}{no}} message = $acl_m2 log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `reject ', `') ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `defer', `dnl dnl defer defer condition = ${if eq{$acl_m3}{forged}{yes}{no}} message = $acl_m2 log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `defer', `') ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `drop', ` dnl drop drop condition = ${if eq{$acl_m3}{forged}{yes}{no}} message = $acl_m2 log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `drop', `') ') dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `quarantine', `') ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `warn', `dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `pause', `', `dnl warn condition = ${if eq{$acl_m3}{forged}{yes}{no}} log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `pause', `', `') ')dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `warn', `') ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `greylist=', ` ifelse(confGREYLIST, `OPTIONAL', ` # применение опционального грейлистинга в случае указания в качестве HELO не FQDN хоста-отправителя warn condition = ${if eq{$acl_m3}{forged}{yes}{no}} set acl_m_optional_greylist = \ scores=${eval:${extract{scores}{$acl_m_optional_greylist}}+EXTRACT_NAMED(`greylist', confCHECK_HELO_FQDN_FORGED)} \ log_message="${extract{log_message}{$acl_m_optional_greylist}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ greylist scores=EXTRACT_NAMED(`greylist', confCHECK_HELO_FQDN_FORGED)\t\ $acl_m0\n ')dnl ifelse(confGREYLIST, `OPTIONAL', `') ')dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `greylist=', `') ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `reject=', ` ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `dnl', `dnl # применение опционального отказа в приеме письма в случае указания в качестве HELO не FQDN хоста-отправителя warn condition = ${if eq{$acl_m3}{forged}{yes}{no}} set acl_m_optional_reject = \ scores=${eval:${extract{scores}{$acl_m_optional_reject}}+EXTRACT_NAMED(`reject', confCHECK_HELO_FQDN_FORGED)} \ log_message="${extract{log_message}{$acl_m_optional_reject}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ reject scores=EXTRACT_NAMED(`reject', confCHECK_HELO_FQDN_FORGED)\t\t\ $acl_m0\n ')') dnl ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `')') ')dnl ifelse_strstr(confCHECK_HELO_FQDN_FORGED, `reject=', `') warn condition = ${if eq{$acl_m3}{defer}{yes}{no}} ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `pause', `dnl delay = EXTRACT_NAMED(`pause', confCHECK_HELO_FQDN_DEFER)s set acl_m_spam_action = ${acl_m_spam_action}\t\ delay=EXTRACT_NAMED(`pause', confCHECK_HELO_FQDN_DEFER)s\t\t\ $acl_m0\n log_message = $acl_m0; message delayed for EXTRACT(`pause', confCHECK_HELO_FQDN_DEFER)`'s ')dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `pause', `') ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `warn', `dnl add_header = X-Warn-HELO-Forged: $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `warn', `') ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `quarantine', `dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `reject ', `dnl dnl quarantine and reject accept condition = ${if eq{$acl_m3}{defer}{yes}{no}} log_message = message will be quarantined and rejected: $acl_m0 set acl_m_fakereject = \ message will be quarantined and rejected: $acl_m0\ |X-Quarantine-HELO-Forged: $acl_m0\ |$acl_m2 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope ',`dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `reject ', `') dnl quarantine and !reject warn condition = ${if eq{$acl_m3}{defer}{yes}{no}} log_message = message will be quarantined: $acl_m0 add_header = X-Quarantine-HELO-Forged: $acl_m2 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope accept condition = ${if eq{$acl_m3}{defer}{yes}{no}} ') dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `reject ', `') ', `dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `quarantine', `') ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `reject ', `dnl dnl !quarantine and reject deny condition = ${if eq{$acl_m3}{defer}{yes}{no}} message = $acl_m2 log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `reject ', `') ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `defer', `dnl dnl defer defer condition = ${if eq{$acl_m3}{defer}{yes}{no}} message = $acl_m2 log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `defer', `') ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `drop', ` dnl drop drop condition = ${if eq{$acl_m3}{defer}{yes}{no}} message = $acl_m2 log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `drop', `') ') dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `quarantine', `') ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `warn', `dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `pause', `', `dnl warn condition = ${if eq{$acl_m3}{defer}{yes}{no}} log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `pause', `', `') ')dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `warn', `') ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `greylist=', ` ifelse(confGREYLIST, `OPTIONAL', ` # применение опционального грейлистинга в случае defer-а при резолвинге HELO warn condition = ${if eq{$acl_m3}{defer}{yes}{no}} set acl_m_optional_greylist = \ scores=${eval:${extract{scores}{$acl_m_optional_greylist}}+EXTRACT_NAMED(`greylist', confCHECK_HELO_FQDN_DEFER)} \ log_message="${extract{log_message}{$acl_m_optional_greylist}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ greylist scores=EXTRACT_NAMED(`greylist', confCHECK_HELO_FQDN_DEFER)\t\ $acl_m0\n ')dnl ifelse(confGREYLIST, `OPTIONAL', `') ')dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `greylist=', `') ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `reject=', ` ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `dnl', `dnl # применение опционального отказа в приеме письма в случае defer-а при резолвинге HELO warn condition = ${if eq{$acl_m3}{defer}{yes}{no}} set acl_m_optional_reject = \ scores=${eval:${extract{scores}{$acl_m_optional_reject}}+EXTRACT_NAMED(`reject', confCHECK_HELO_FQDN_DEFER)} \ log_message="${extract{log_message}{$acl_m_optional_reject}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ reject scores=EXTRACT_NAMED(`reject', confCHECK_HELO_FQDN_DEFER)\t\t\ $acl_m0\n ')') dnl ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `')') ')dnl ifelse_strstr(confCHECK_HELO_FQDN_DEFER, `reject=', `') warn condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `pause', `dnl delay = EXTRACT_NAMED(`pause', confCHECK_HELO_FQDN_NOT_RESOLVABLE)s set acl_m_spam_action = ${acl_m_spam_action}\t\ delay=EXTRACT_NAMED(`pause', confCHECK_HELO_FQDN_NOT_RESOLVABLE)s\t\t\ $acl_m0\n log_message = $acl_m0; message delayed for EXTRACT(`pause', confCHECK_HELO_FQDN_NOT_RESOLVABLE)`'s ')dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `pause', `') ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `warn', `dnl add_header = X-Warn-HELO-Forged: $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `warn', `') ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `quarantine', `dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `reject ', `dnl dnl quarantine and reject accept condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} log_message = message will be quarantined and rejected: $acl_m0 set acl_m_fakereject = \ message will be quarantined and rejected: $acl_m0\ |X-Quarantine-HELO-Forged: $acl_m0\ |$acl_m2 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope ',`dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `reject ', `') dnl quarantine and !reject warn condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} log_message = message will be quarantined: $acl_m0 add_header = X-Quarantine-HELO-Forged: $acl_m2 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope accept condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} ') dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `reject ', `') ', `dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `quarantine', `') ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `reject ', `dnl dnl !quarantine and reject deny condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} message = $acl_m2 log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `reject ', `') ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `defer', `dnl # возврат временной ошибки в случае нерезолвящегося HELO defer condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} message = $acl_m2 log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `defer', `') ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `drop', ` # сброс соединения в случае нерезолвящегося HELO drop condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} message = $acl_m2 log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `drop', `') ') dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `quarantine', `') ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `warn', `dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `pause', `', `dnl warn condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} log_message = $acl_m0 ')dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `pause', `', `') ')dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `warn', `') ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `greylist=', ` ifelse(confGREYLIST, `OPTIONAL', ` # применение опционального грейлистинга в случае нерезолвящегося HELO warn condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} set acl_m_optional_greylist = \ scores=${eval:${extract{scores}{$acl_m_optional_greylist}}+EXTRACT_NAMED(`greylist', confCHECK_HELO_FQDN_NOT_RESOLVABLE)} \ log_message="${extract{log_message}{$acl_m_optional_greylist}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ greylist scores=EXTRACT_NAMED(`greylist', confCHECK_HELO_FQDN_NOT_RESOLVABLE)\t\ $acl_m0\n ')dnl ifelse(confGREYLIST, `OPTIONAL', `') ')dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `greylist=', `') ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `reject=', ` ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `dnl', `dnl # применение опционального отказа в приеме письма в случае нерезолвящегося HELO warn condition = ${if eq{$acl_m3}{not_resolve}{yes}{no}} set acl_m_optional_reject = \ scores=${eval:${extract{scores}{$acl_m_optional_reject}}+EXTRACT_NAMED(`reject', confCHECK_HELO_FQDN_NOT_RESOLVABLE)} \ log_message="${extract{log_message}{$acl_m_optional_reject}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ reject scores=EXTRACT_NAMED(`reject', confCHECK_HELO_FQDN_NOT_RESOLVABLE)\t\t\ $acl_m0\n ')') dnl ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `')') ')dnl ifelse_strstr(confCHECK_HELO_FQDN_NOT_RESOLVABLE, `reject=', `') ')dnl ifelse(SECTION, `ACL_CHECK_RCPT', `')