diff options
| author | pacien | 2019-08-22 09:40:38 +0200 |
|---|---|---|
| committer | pacien | 2019-08-22 09:40:38 +0200 |
| commit | 71a792f0aebc12b322dfc0acbd904ac413e6ae60 (patch) | |
| tree | 0445d909b3e34caae297511f9900ceb5908f9b27 | |
| parent | a000287fda7809de68a15a497e0eb0cee6707e37 (diff) | |
| download | exim-71a792f0aebc12b322dfc0acbd904ac413e6ae60.tar.gz | |
acl: drop bad hosts conn with message
| -rw-r--r-- | conf.d/020_acl.conf | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/conf.d/020_acl.conf b/conf.d/020_acl.conf index 6bfa6ae..c048b7d 100644 --- a/conf.d/020_acl.conf +++ b/conf.d/020_acl.conf | |||
| @@ -42,7 +42,7 @@ acl_check_rcpt_host_policy: | |||
| 42 | 42 | ||
| 43 | # Deny messages from hosts known to be bad. | 43 | # Deny messages from hosts known to be bad. |
| 44 | drop dnslists = sbl-xbl.spamhaus.org : bl.spamcop.net | 44 | drop dnslists = sbl-xbl.spamhaus.org : bl.spamcop.net |
| 45 | set acl_m_msg = [RBL] $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text | 45 | message = [RBL] $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text |
| 46 | 46 | ||
| 47 | # Accept if the host is an authorized sender according to the SPF policy for the domain (SPF pass). | 47 | # Accept if the host is an authorized sender according to the SPF policy for the domain (SPF pass). |
| 48 | accept set acl_m_spf = ${run{SPF_QUERY_COMMAND \ | 48 | accept set acl_m_spf = ${run{SPF_QUERY_COMMAND \ |
| @@ -54,7 +54,7 @@ acl_check_rcpt_host_policy: | |||
| 54 | 54 | ||
| 55 | # Deny if the host is explicitely not an authorized sender according to the SPF policy for the domain (SPF fail). | 55 | # Deny if the host is explicitely not an authorized sender according to the SPF policy for the domain (SPF fail). |
| 56 | drop condition = ${if eq {$acl_m_spf}{1}{yes}{no}} | 56 | drop condition = ${if eq {$acl_m_spf}{1}{yes}{no}} |
| 57 | set acl_m_msg = [SPF] $sender_host_address is not allowed to send mail from \ | 57 | message = [SPF] $sender_host_address is not allowed to send mail from \ |
| 58 | ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \ | 58 | ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \ |
| 59 | Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain \ | 59 | Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain \ |
| 60 | {mfrom}{helo}};identity=${if def:sender_address_domain \ | 60 | {mfrom}{helo}};identity=${if def:sender_address_domain \ |
| @@ -62,7 +62,7 @@ acl_check_rcpt_host_policy: | |||
| 62 | 62 | ||
| 63 | # Deny messages from hosts listed as non-MTA in the PBL, for which SPF couldn't determine a policy. | 63 | # Deny messages from hosts listed as non-MTA in the PBL, for which SPF couldn't determine a policy. |
| 64 | drop dnslists = pbl.spamhaus.org | 64 | drop dnslists = pbl.spamhaus.org |
| 65 | set acl_m_msg = [RBL] $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text | 65 | message = [RBL] $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text |
| 66 | 66 | ||
| 67 | accept | 67 | accept |
| 68 | 68 | ||
| @@ -115,7 +115,6 @@ acl_mta_rcpt: | |||
| 115 | message = Courtesy protocol violation: $acl_m_msg | 115 | message = Courtesy protocol violation: $acl_m_msg |
| 116 | 116 | ||
| 117 | require acl = acl_check_rcpt_host_policy | 117 | require acl = acl_check_rcpt_host_policy |
| 118 | message = $acl_m_msg | ||
| 119 | 118 | ||
| 120 | require acl = acl_check_rcpt_syntax | 119 | require acl = acl_check_rcpt_syntax |
| 121 | message = Syntactic validation failed: $acl_m_msg | 120 | message = Syntactic validation failed: $acl_m_msg |