exim/exim-4.92-greylist-conf.patch

120 lines
5.0 KiB
Diff
Raw Normal View History

diff --git a/src/configure.default b/src/configure.default
2019-06-05 09:16:58 +00:00
index 9242bac..eabf102 100644
--- a/src/configure.default
+++ b/src/configure.default
2019-06-05 09:16:58 +00:00
@@ -119,6 +119,7 @@ hostlist relay_from_hosts = localhost
# manual for details. The lists above are used in the access control lists for
# checking incoming messages. The names of these ACLs are defined here:
2019-06-05 09:16:58 +00:00
+acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
.ifdef _HAVE_PRDR
acl_smtp_data_prdr = acl_check_prdr
@@ -395,6 +396,29 @@ timeout_frozen_after = 7d
begin acl
+
+# This access control list is used for the MAIL command in an incoming
+# SMTP message.
+
+acl_check_mail:
+
+ # Hosts are required to say HELO (or EHLO) before sending mail.
+ # So don't allow them to use the MAIL command if they haven't
+ # done so.
+
+ deny condition = ${if eq{$sender_helo_name}{} {1}}
+ message = Nice boys say HELO first
+
+ # Use the lack of reverse DNS to trigger greylisting. Some people
+ # even reject for it but that would be a little excessive.
+
+ warn condition = ${if eq{$sender_host_name}{} {1}}
+ set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons
+
+ accept
+
+
+
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
2019-06-05 09:16:58 +00:00
@@ -520,7 +544,8 @@ acl_check_rcpt:
2007-02-07 12:57:15 +00:00
# There are no default checks on DNS black lists because the domains that
# contain these lists are changing all the time. However, here are two
# examples of how you can get Exim to perform a DNS black list lookup at this
- # point. The first one denies, whereas the second just warns.
+ # point. The first one denies, whereas the second just warns. The third
+ # triggers greylisting for any host in the blacklist.
#
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
# dnslists = black.list.example
2019-06-05 09:16:58 +00:00
@@ -528,6 +553,10 @@ acl_check_rcpt:
2007-02-07 12:57:15 +00:00
# warn dnslists = black.list.example
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
# log_message = found in $dnslist_domain
+ #
+ # warn dnslists = black.list.example
+ # set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
+ #
#############################################################################
#############################################################################
2019-06-05 09:16:58 +00:00
@@ -554,6 +583,10 @@ acl_check_rcpt:
# set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
2007-02-07 12:57:15 +00:00
#############################################################################
+ # Alternatively, greylist for it:
+ # warn !verify = csa
+ # set acl_m_greylistreasons = Host failed CSA check\n$acl_m_greylistreasons
+
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
2019-06-05 09:16:58 +00:00
@@ -612,6 +645,12 @@ acl_check_data:
2007-02-07 12:57:15 +00:00
# deny condition = ${if !def:h_Message-ID: {1}}
# message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
# Most messages without it are spam, so your mail has been rejected.
+ #
+ # Alternatively if we're feeling more lenient we could just use it to
2007-02-07 12:57:15 +00:00
+ # trigger greylisting instead:
+
+ warn condition = ${if !def:h_Message-ID: {1}}
+ set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons
# Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above.
2019-06-05 09:16:58 +00:00
@@ -658,8 +697,31 @@ acl_check_data:
2007-02-07 12:57:15 +00:00
# message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
# $spam_report
+ # Trigger greylisting (if enabled) if the SpamAssassin score is greater than 0.5
+ #
+ # warn condition = ${if >{$spam_score_int}{5} {1}}
+ # set acl_m_greylistreasons = Message has $spam_score SpamAssassin points\n$acl_m_greylistreasons
+
+
+ # If you want to greylist _all_ mail rather than only mail which looks like there
+ # might be something wrong with it, then you can do this...
+ #
+ # warn set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
+
+ # Now, invoke the greylisting. For this you need to have installed the exim-greylist
+ # package which contains this subroutine, and you need to uncomment the bit below
+ # which includes it too. Whenever the $acl_m_greylistreasons variable is non-empty,
+ # greylisting will kick in and will defer the mail to check if the sender is a
+ # proper mail which which retries, or whether it's a zombie. For more details, see
+ # the exim-greylist.conf.inc file itself.
+ #
+ # require acl = greylist_mail
+
accept
+# To enable the greylisting, also uncomment this line:
2007-02-07 12:57:15 +00:00
+# .include /etc/exim/exim-greylist.conf.inc
2019-06-05 09:16:58 +00:00
+
2007-02-07 12:57:15 +00:00
acl_check_mime:
2019-06-05 09:16:58 +00:00
# File extension filtering.