new mail.acl, minor inefficiency
42 views
Skip to first unread message
Petar Bogdanovic
May 29, 2012, 5:28:55 AM5/29/12
to mop...@googlegroups.com
Hi,
the following (simplified) mail.acl works great with HEAD; It now has
dnswl and relies more on default values:
# mail.acl
# headers
define hdr_counter "relay=" + counter_relay + " sender=" + counter_penpal
define hdr_delay "tarpit=" + tarpit_delayed + "s greylist=" + greylist_delayed + "s"
define hdr_score "score=" + spamd_score + " symbols=" + spamd_symbols
# category
define bl_local list_local == "127.0.0.5"
define bl_remote list_spamhaus || list_spamcop || list_sorbs
define wl_remote regex_match("127\.0\.[0-9]+\.3", list_dnswl)
define spf_fail spf == SPF_FAIL || spf == SPF_SOFTFAIL
define friend counter_relay >= 5 || wl_remote
# misc
define has_counter counter_relay > 0 || counter_penpal > 0
define has_delay tarpit_delayed || greylist_delayed
# connect
connect friend continue
connect bl_local tarpit 25s
connect tarpit 5s
# envrcpt
envrcpt friend continue
envrcpt bl_local reject
envrcpt greylist
envrcpt spf_fail greylist delay 15m attempts 4
envrcpt bl_remote greylist delay 15m attempts 4
# eom
eom friend jump stamp
eom milter_body_size >= 2M jump stamp
eom spamd_score >= 3 set $do_hdr_score = 1
eom spamd_score >= 10 reject
eom spamd_score >= 5 greylist delay 15m attempts 4
eom spamd_score >= 4 greylist delay 10m attempts 3
eom spamd_score >= 3 greylist delay 5m attempts 2
eom jump stamp
# stamp
stamp has_counter add header "X-Mopher-CTR" value hdr_counter
stamp has_delay add header "X-Mopher-DLY" value hdr_delay
stamp $do_hdr_score add header "X-Mopher-SCR" value hdr_score
I noticed one minor inefficiency, though---statements like:
list_spamhaus || list_spamcop || list_sorbs
will always resolve all symbols:
169: connect: host=[90.151.157.237] addr=90.151.157.237
169: connect: tarpit: delay=5
169: helo: name=[90.151.157.237]
169: envfrom: envfrom=<boud...@oc12.nl>
169: envrcpt: envrcpt=<in...@smokva.net>
169: envrcpt: spf: helo=[90.151.157.237], from=boud...@oc12.nl, spf=none
169: envrcpt: rbl_query: addr=90.151.157.237, rbl=zen.spamhaus.org, result=127.0.0.4
169: envrcpt: rbl_query: addr=90.151.157.237, rbl=dnsbl.sorbs.net, result=127.0.0.7
169: envrcpt: greylist: status=defer, delay=0/900, attempts=1/4
169: close
mopherd.conf:
# mopherd.conf
# general
mopherd_user = "mopher"
mopherd_group = "mopher"
workdir_path = "/var/mopher"
milter_socket = "unix:/var/mopher/mopherd.sock"
milter_socket_permissions = 660
# db
table[state] = {
driver = "bdb",
path = "state.db"
}
table[greylist] = {
driver = "bdb",
path = "greylist.db"
}
table[counter_relay] = {
driver = "bdb",
path = "counter_relay.db"
}
table[counter_penpal] = {
driver = "bdb",
path = "counter_penpal.db"
}
# rbl
rbl[list_local] = "bl.local"
rbl[list_spamhaus] = "zen.spamhaus.org"
rbl[list_spamcop] = "bl.spamcop.net"
rbl[list_sorbs] = "dnsbl.sorbs.net"
rbl[list_dnswl] = "list.dnswl.org"
mopher is becoming a great do-it-all milter..
the following (simplified) mail.acl works great with HEAD; It now has
dnswl and relies more on default values:
# mail.acl
# headers
define hdr_counter "relay=" + counter_relay + " sender=" + counter_penpal
define hdr_delay "tarpit=" + tarpit_delayed + "s greylist=" + greylist_delayed + "s"
define hdr_score "score=" + spamd_score + " symbols=" + spamd_symbols
# category
define bl_local list_local == "127.0.0.5"
define bl_remote list_spamhaus || list_spamcop || list_sorbs
define wl_remote regex_match("127\.0\.[0-9]+\.3", list_dnswl)
define spf_fail spf == SPF_FAIL || spf == SPF_SOFTFAIL
define friend counter_relay >= 5 || wl_remote
# misc
define has_counter counter_relay > 0 || counter_penpal > 0
define has_delay tarpit_delayed || greylist_delayed
# connect
connect friend continue
connect bl_local tarpit 25s
connect tarpit 5s
# envrcpt
envrcpt friend continue
envrcpt bl_local reject
envrcpt greylist
envrcpt spf_fail greylist delay 15m attempts 4
envrcpt bl_remote greylist delay 15m attempts 4
# eom
eom friend jump stamp
eom milter_body_size >= 2M jump stamp
eom spamd_score >= 3 set $do_hdr_score = 1
eom spamd_score >= 10 reject
eom spamd_score >= 5 greylist delay 15m attempts 4
eom spamd_score >= 4 greylist delay 10m attempts 3
eom spamd_score >= 3 greylist delay 5m attempts 2
eom jump stamp
# stamp
stamp has_counter add header "X-Mopher-CTR" value hdr_counter
stamp has_delay add header "X-Mopher-DLY" value hdr_delay
stamp $do_hdr_score add header "X-Mopher-SCR" value hdr_score
I noticed one minor inefficiency, though---statements like:
list_spamhaus || list_spamcop || list_sorbs
will always resolve all symbols:
169: connect: host=[90.151.157.237] addr=90.151.157.237
169: connect: tarpit: delay=5
169: helo: name=[90.151.157.237]
169: envfrom: envfrom=<boud...@oc12.nl>
169: envrcpt: envrcpt=<in...@smokva.net>
169: envrcpt: spf: helo=[90.151.157.237], from=boud...@oc12.nl, spf=none
169: envrcpt: rbl_query: addr=90.151.157.237, rbl=zen.spamhaus.org, result=127.0.0.4
169: envrcpt: rbl_query: addr=90.151.157.237, rbl=dnsbl.sorbs.net, result=127.0.0.7
169: envrcpt: greylist: status=defer, delay=0/900, attempts=1/4
169: close
mopherd.conf:
# mopherd.conf
# general
mopherd_user = "mopher"
mopherd_group = "mopher"
workdir_path = "/var/mopher"
milter_socket = "unix:/var/mopher/mopherd.sock"
milter_socket_permissions = 660
# db
table[state] = {
driver = "bdb",
path = "state.db"
}
table[greylist] = {
driver = "bdb",
path = "greylist.db"
}
table[counter_relay] = {
driver = "bdb",
path = "counter_relay.db"
}
table[counter_penpal] = {
driver = "bdb",
path = "counter_penpal.db"
}
# rbl
rbl[list_local] = "bl.local"
rbl[list_spamhaus] = "zen.spamhaus.org"
rbl[list_spamcop] = "bl.spamcop.net"
rbl[list_sorbs] = "dnsbl.sorbs.net"
rbl[list_dnswl] = "list.dnswl.org"
mopher is becoming a great do-it-all milter..
Petar Bogdanovic
May 31, 2012, 9:09:48 AM5/31/12
to mop...@googlegroups.com
On Tue, May 29, 2012 at 11:28:55AM +0200, Petar Bogdanovic wrote:
>
> define wl_remote regex_match("127\.0\.[0-9]+\.3", list_dnswl)
>
> define wl_remote regex_match("127\.0\.[0-9]+\.3", list_dnswl)
> define friend counter_relay >= 5 || wl_remote
Unfortunately this does not work. wl_remote alone does, but when
combined with `||' and the first expr is false the whole thing is
false.
It would be great if constructs like:
define friend condition_a ||
condition_b ||
condition_c
define foe condition_x ||
condition_y ||
condition_z
connect friend continue
connect foe reject
(...)
would work..
Reply all
Reply to author
Forward
0 new messages