Тема: exim и policyd (cluebringer)

Как заставить exim (В моем случае часть DiractAdmin'a) ограничивать письма в зависимости от вердикта policyd. Как навастривать policyd - другая тема.

в /etc/exim.conf секцию "begin acl" добавляем /etc/exim-acl-check-policyd.conf

...
begin acl
# ACL that is used after the RCPT command
check_recipient:
# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]
.include /etc/exim-acl-check-policyd.conf
# to restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept  hosts = +auth_relay_hosts
        condition = ${if eq {$interface_port}{587} {yes}{no}}
        endpass
        message = relay not permitted, authentication required
        authenticated = *
accept  hosts = +auth_relay_hosts
        condition = ${if eq {$interface_port}{465} {yes}{no}}
        endpass
        message = relay not permitted, authentication required
        authenticated = *
...

cat /etc/exim-acl-check-policyd.conf

warn set acl_m9  = ${readsocket{inet:111.111.111.111:10030}\
                    {request=smtpd_access_policy\n\
                    protocol_state=RCPT\n\
                    protocol_name=SMTP\n\
                    helo_name=$sender_helo_name\n\
                    queue_id=$message_exim_id\n\
                    sender=$sender_address\n\
                    sasl_username=$sender_address\n\
                    recipient=$local_part@$domain\n\
                    recipient_count=$rcpt_count\n\
                    client_address=$sender_host_address\n\
                    client_name=$sender_address_domain\n\
                    reverse_client_name=$sender_helo_name\n\
                    instance=$sender_host_address.$sender_address.$primary_hostname.${hmac{md5}{}{$pid-$tod_log}}\n\n}\
                    {20s}{\n}{socket failure}}
# Defer on socket error
defer condition   = ${if eq{$acl_m9}{socket failure}{yes}{no}}
    message     = Cannot connect to policyd-weight. Please try again later.
# Set proposed action to $acl_m8 and message to $acl_m7
warn set acl_m8 = ${extract{action}{$acl_m9}}
    set acl_m7 = ${sg{$acl_m9}{\Naction=[^ ]+ (.*)\n\n\N}{\$1}}
# Write log entries for debugging purposes
#warn log_message = policyd-weight: from=$sender_address to=$local_part@$domain status=warn action=$acl_m8
#warn log_message = policyd-weight action: from=$sender_address to=$local_part@$domain $acl_m8
#warn log_message = policyd-weight message: $acl_m7
# Add X-policyd-weight header line to message
#warn message   = $acl_m7
#    condition = ${if eq{$acl_m8}{PREPEND}{yes}{no}}
# Write log message, if policyd-weight can't run checks
warn log_message = policyd-weight:from=$sender_address to=$local_part@$domain action=warn-$acl_m8 tmp_id=${hmac{md5}{}{$pid-$tod_log}}
    condition = ${if eq{$acl_m8}{DUNNO}{yes}{no}}
# Deny mails which policyd-weight thinks are spam 
deny message  = policyd-weight: from=$sender_address to=$local_part@$domain action=deny-$acl_m8 tmp_id=${hmac{md5}{}{$pid-$tod_log}}
    condition = ${if eq{$acl_m8}{REJECT}{yes}{no}}
# Defer messages when policyd-weight suggests so.
defer message  = policyd-weight: from=$sender_address to=$local_part@$domain action=defer-$acl_m8 tmp_id=${hmac{md5}{}{$pid-$tod_log}}
    condition = ${if eq{$acl_m8}{DEFER}{yes}{no}}

несколько комментариев, так как он отличается от стандартного

1. к instance добавлен случайная переменная так как письмо откидывается до приема и $message_id еше не существует, а policyd очень хочет чтобы instance был уникальный.
2. в лог выводиться from, to, action - очень помогает ногда