dnl dnl проверка резолвинга домена верхнего уровня аргумента команды HELO dnl NO - не проверять резолвинг домена верхнего уровня команды HELO dnl DROP - возврат клиенту кода 5xx и обрыв соединения dnl REJECT - возврат клиенту кода 5xx dnl DEFER - возврат клиенту кода 4xx dnl WARN - вывод в лог файл предупреждения dnl QUARANTINE - принять письмо с сохранением в карантин без доставки получателям dnl PAUSE:XX - пауза XX секунд dnl GREYLIST:XX - добавить XX баллов к счетчику опционального greylisting'а dnl REJECT:XX - добавить XX баллов к счетчику опционального reject'а dnl define(`confCHECK_HELO_TOP_LEVEL', `NO')dnl dnl dnl из проверки исключаются известные домены: dnl define(`confCHECK_HELO_TOP_LEVEL_SKIP', `ac:ad:ae:aero:af:ag:ai:al:am:an:ao:aq:ar:arpa:as:asia:at:au:aw:ax:az:ba:bb:bd:be:bf:bg:bh:bi:biz:bj:bm:bn:bo:br:bs:bt:bv:bw:by:bz:ca:cat:cc:cd:cf:cg:ch:ci:ck:cl:cm:cn:co:com:coop:cr:cu:cv:cx:cy:cz:de:dj:dk:dm:do:dz:ec:edu:ee:eg:er:es:et:eu:fi:fj:fk:fm:fo:fr:ga:gb:gd:ge:gf:gg:gh:gi:gl:gm:gn:gov:gp:gq:gr:gs:gt:gu:gw:gy:hk:hm:hn:hr:ht:hu:id:ie:il:im:in:info:int:io:iq:ir:is:it:je:jm:jo:jobs:jp:ke:kg:kh:ki:km:kn:kp:kr:kw:ky:kz:la:lb:lc:li:lk:lr:ls:lt:lu:lv:ly:ma:mc:md:me:mg:mh:mil:mk:ml:mm:mn:mo:mobi:mp:mq:mr:ms:mt:mu:museum:mv:mw:mx:my:mz:na:name:nc:ne:net:nf:ng:ni:nl:no:np:nr:nu:nz:om:org:pa:pe:pf:pg:ph:pk:pl:pm:pn:pr:pro:ps:pt:pw:py:qa:re:ro:rs:ru:rw:sa:sb:sc:sd:se:sg:sh:si:sj:sk:sl:sm:sn:so:sr:st:su:sv:sy:sz:tc:td:tel:tf:tg:th:tj:tk:tl:tm:tn:to:tp:tr:travel:tt:tv:tw:tz:ua:ug:uk:us:uy:uz:va:vc:ve:vg:vi:vn:vu:wf:ws:ye:yt:yu:za:zm:zw')dnl dnl dnl действие при defer'ах резолвера dnl NO - не игнорировать defer'ы резолвера dnl YES - игнорировать defer'ы резолвера dnl define(`confCHECK_HELO_TOP_LEVEL_DEFER_OK', `YES')dnl dnl define(`confACL_DNSDB', `1')dnl # Проверка существования домена первого уровня из HELO # из проверки исключаются литералы warn set acl_m0 = set acl_m1 = condition = ${if match{$sender_helo_name}{\N^\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]$\N}{yes}{no}} set acl_m0 = skip # из проверки исключаются известные домены первого уровня warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if match{$sender_helo_name}{\N(?i)^.+\.(replace_char(confCHECK_HELO_TOP_LEVEL_SKIP, `:', `|'))$\N}{yes}{no}} set acl_m0 = skip # из проверки исключаются однословные домены warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if match{$sender_helo_name}{\N^[^\.]+$\N}{yes}{no}} set acl_m0 = skip # пытаемся отрезолвить top level domain из HELO warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} acl = acl_dnsdb ns=${sg{$sender_helo_name}{\N^.+\.([a-zA-Z]+)\N}{\$1}} condition = ${if eq{$acl_m_dnsdb_result}{defer}{no}{yes}} ifdef(`confCHECK_HELO_TOP_LEVEL_DEFER_OK', `ifelse(confCHECK_HELO_TOP_LEVEL_DEFER_OK, `NO', `dnl defer condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m_dnsdb_result}{defer}{yes}{no}} log_message = Could not resolve NS records for top level domain of $sender_helo_name message = Could not resolve NS records for top level domain of $sender_helo_name ', ` warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m_dnsdb_result}{defer}{yes}{no}} set acl_m0 = skip set acl_m1 = ')') warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m_dnsdb_result}{}{no}{yes}} log_message = New top level domain has been found: ${sg{$sender_helo_name}{\N^.+\.([a-zA-Z]+)\N}{\$1}} set acl_m1 = warn condition = ${if eq{$acl_m0}{skip}{no}{yes}} condition = ${if eq{$acl_m_dnsdb_result}{}{yes}{no}} ifelse_strstr(confCONTENT_SCANNING_QUARANTINE, `PERSONAL',`dnl set acl_m1 = NORMALIZE_ACTION_PERSONAL_QUARANTINE(confCHECK_HELO_TOP_LEVEL) ',`dnl set acl_m1 = NORMALIZE_ACTION(confCHECK_HELO_TOP_LEVEL) ')dnl set acl_m1 = ${sg{$acl_m1 }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}} # message = $acl_m2 # log_message = $acl_m0 set acl_m2 = HELO top level domain does not resolve set acl_m0 = NS lookup failed for top level HELO domain ${sg{$sender_helo_name}{\N^.+\.([a-zA-Z]+)\N}{\$1}} ifdef(`confENTERPRISE_USER', `dnl warn condition = ${if match{$acl_m1}{submit_mysql}{yes}{no}} ENTERPRISE(`mysql', `submit', `helo', `unknown top level', `$sender_helo_name', `0') warn condition = ${if match{$acl_m1}{submit_sqlite}{yes}{no}} ENTERPRISE(`sqlite', `submit', `helo', `unknown top level', `$sender_helo_name', `0') warn condition = ${if match{$acl_m1}{submit_rbl}{yes}{no}} dnl ENTERPRISE(`rbl', `update', `mx.org.ua', `helo.rbl.mx.org.ua', `unknown top level', `$sender_helo_name') ENTERPRISE(`rbl', `submit', `helo', `unknown top level', `$sender_helo_name') ') dnl # pause warn condition = ${if eq{${extract{pause}{$acl_m1}}}{}{no}{yes}} delay = ${extract{pause}{$acl_m1}}s set acl_m_spam_action = ${acl_m_spam_action}\t\ delay=${extract{pause}{$acl_m1}}s\t\t\ $acl_m0\n log_message = $acl_m0; message delayed for ${extract{pause}{$acl_m1}}s # warning warn condition = ${if match{$acl_m1}{warn}{yes}{no}} add_header = X-Warn-HELO-Blacklisted: ${if eq{$acl_m2}{}{HELO $sender_helo_name is blacklisted}{$acl_m2}} # quarantine and reject accept condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} log_message = $acl_m0 set acl_m_fakereject = \ message will be quarantined and rejected: $acl_m0\ |X-Quarantine-HELO: $acl_m0\ |$acl_m2 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope # quarantine and !reject warn condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} log_message = message will be quarantined: $acl_m0 add_header = X-Quarantine-HELO: $acl_m0 set acl_m_add_x_orig_rcpt = yes set acl_m_quarantined = $acl_m_quarantined envelope accept condition = ${if eq{${extract{quarantine}{$acl_m1}}}{00}{yes}{no}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} # !quarantine and reject deny condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{yes}{no}} message = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} log_message = $acl_m0 # defer defer condition = ${if match{$acl_m1}{defer}{yes}{no}} message = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} log_message = $acl_m0 # drop drop condition = ${if match{$acl_m1}{drop}{yes}{no}} message = ${if eq{$acl_m2}{}{Invalid greeting used}{$acl_m2}} log_message = $acl_m0 # warning warn condition = ${if match{$acl_m1}{warn}{yes}{no}} condition = ${if eq{${extract{pause}{$acl_m1}}}{}{yes}{no}} log_message = $acl_m0 ifelse(confGREYLIST, `OPTIONAL', `dnl # greylist в случае неизвестного top level домена HELO # greylist if sender HELO top level domain does not resolve warn condition = ${if eq{${extract{greylist}{$acl_m1}}}{}{no}{yes}} set acl_m_optional_greylist = \ scores=${eval:${extract{scores}{$acl_m_optional_greylist}}+${extract{greylist}{$acl_m1}}} \ log_message="${extract{log_message}{$acl_m_optional_greylist}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ greylist scores=${extract{greylist}{$acl_m1}}\t\ $acl_m0\n ') dnl ifelse(confGREYLIST, `OPTIONAL', `') ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `dnl', `dnl # optional reject в случае неизвестного top level домена HELO # optional reject if sender HELO top level domain does not resolve warn condition = ${if eq{${extract{reject}{$acl_m1}}}{}{no}{yes}} condition = ${if eq{${extract{reject}{$acl_m1}}}{00}{no}{yes}} set acl_m_optional_reject = \ scores=${eval:${extract{scores}{$acl_m_optional_reject}}+${extract{reject}{$acl_m1}}} \ log_message="${extract{log_message}{$acl_m_optional_reject}} $acl_m0;" set acl_m_spam_action = ${acl_m_spam_action}\t\ reject scores=${extract{reject}{$acl_m1}}\t\t\ $acl_m0\n ')') dnl ifdef(`confOPTIONAL_REJECT', `ifelse(confOPTIONAL_REJECT, `NO', `', `')')