Тема: exim и policyd (cluebringer)
Как заставить exim (В моем случае часть DiractAdmin'a) ограничивать письма в зависимости от вердикта policyd. Как навастривать policyd - другая тема.
в /etc/exim.conf секцию "begin acl" добавляем /etc/exim-acl-check-policyd.conf
...
begin acl
# ACL that is used after the RCPT command
check_recipient:
# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
.include /etc/exim-acl-check-policyd.conf
# to restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept hosts = +auth_relay_hosts
condition = ${if eq {$interface_port}{587} {yes}{no}}
endpass
message = relay not permitted, authentication required
authenticated = *
accept hosts = +auth_relay_hosts
condition = ${if eq {$interface_port}{465} {yes}{no}}
endpass
message = relay not permitted, authentication required
authenticated = *
...cat /etc/exim-acl-check-policyd.conf
warn set acl_m9 = ${readsocket{inet:111.111.111.111:10030}\
{request=smtpd_access_policy\n\
protocol_state=RCPT\n\
protocol_name=SMTP\n\
helo_name=$sender_helo_name\n\
queue_id=$message_exim_id\n\
sender=$sender_address\n\
sasl_username=$sender_address\n\
recipient=$local_part@$domain\n\
recipient_count=$rcpt_count\n\
client_address=$sender_host_address\n\
client_name=$sender_address_domain\n\
reverse_client_name=$sender_helo_name\n\
instance=$sender_host_address.$sender_address.$primary_hostname.${hmac{md5}{}{$pid-$tod_log}}\n\n}\
{20s}{\n}{socket failure}}
# Defer on socket error
defer condition = ${if eq{$acl_m9}{socket failure}{yes}{no}}
message = Cannot connect to policyd-weight. Please try again later.
# Set proposed action to $acl_m8 and message to $acl_m7
warn set acl_m8 = ${extract{action}{$acl_m9}}
set acl_m7 = ${sg{$acl_m9}{\Naction=[^ ]+ (.*)\n\n\N}{\$1}}
# Write log entries for debugging purposes
#warn log_message = policyd-weight: from=$sender_address to=$local_part@$domain status=warn action=$acl_m8
#warn log_message = policyd-weight action: from=$sender_address to=$local_part@$domain $acl_m8
#warn log_message = policyd-weight message: $acl_m7
# Add X-policyd-weight header line to message
#warn message = $acl_m7
# condition = ${if eq{$acl_m8}{PREPEND}{yes}{no}}
# Write log message, if policyd-weight can't run checks
warn log_message = policyd-weight:from=$sender_address to=$local_part@$domain action=warn-$acl_m8 tmp_id=${hmac{md5}{}{$pid-$tod_log}}
condition = ${if eq{$acl_m8}{DUNNO}{yes}{no}}
# Deny mails which policyd-weight thinks are spam
deny message = policyd-weight: from=$sender_address to=$local_part@$domain action=deny-$acl_m8 tmp_id=${hmac{md5}{}{$pid-$tod_log}}
condition = ${if eq{$acl_m8}{REJECT}{yes}{no}}
# Defer messages when policyd-weight suggests so.
defer message = policyd-weight: from=$sender_address to=$local_part@$domain action=defer-$acl_m8 tmp_id=${hmac{md5}{}{$pid-$tod_log}}
condition = ${if eq{$acl_m8}{DEFER}{yes}{no}}несколько комментариев, так как он отличается от стандартного
1. к instance добавлен случайная переменная так как письмо откидывается до приема и $message_id еше не существует, а policyd очень хочет чтобы instance был уникальный.
2. в лог выводиться from, to, action - очень помогает ногда