# - a list of type-specific parameters
# - a list of hooks (on_hookname)
#
+# Format:
+# A filter look likes that:
+#
+# filter_name {
+# type = type_name;
+# param1 = parameter value 1;
+# ...
+# on_hook1 = action1;
+# on_hook2 = action2;
+# ...
+# }
+#
# Hooks:
# A filter can returns different values. Each return value is given a name. The
# configuration associates an action to run to a return value name.
# - If the score is strictly greater >= than hard_threshold, returns hard_match
# - If the score is strictly greater >= than soft_threshold, returns soft_match
# - Else, returns fail
-#
+
+# Lookup in a rbl
+spamhaus_and_abuseat {
+ type = iplist;
+
+ # configuration
+ file = lock:10:/var/spool/postlicyd/rbl.spamhaus.org;
+ file = lock:1:/var/spool/postlicyd/cbl.abuseat.org;
+ soft_threshold = 1;
+ hard_threshold = 11;
+
+ # hooks
+ on_soft_match = greylist;
+ on_hard_match = postfix:REJECT optional text;
+ on_fail = postfix:OK;
+ on_error = postfix:DUNNO;
+}
+
+
# - strlist: match strings from the query against a list of list.
# Parameters:
# - file: (non)?lock:(pre|suf)fix:weight:filename
# (smtpd_sender_restrictions)
# - to match recipient, you must on RCPT state (stmpd_recipient_restrictions)
# - client_name and reverse_client_name are always available
-#
+
+# Whitelist some clients
+client_whitelist {
+ type = strlist;
+
+ # configuration
+ file = lock:1:/var/spool/postlicyd/client_whitelist;
+ fields = client_name;
+
+ # hooks
+ on_hard_match = postfix:OK;
+ on_fail = spamhaus_and_abuseat;
+}
+
+
# - greylist: greylister
# Paramters:
# - path: /my/path/ (required)
# State:
# this filter is a recipient filter and works in RCPT state only
# (smtpd_recipient_restrictions).
-#
-# Format:
-# A filter look likes that:
-#
-# filter_name {
-# type = type_name;
-# param1 = parameter value 1;
-# ...
-# on_action1 = action;
-# }
-
# Perform greylisting
greylist {
}
-# Lookup in a rbl
-spamhaus_and_abuseat {
- type = iplist;
-
- # configuration
- file = lock:10:/var/spool/postlicyd/rbl.spamhaus.org;
- file = lock:1:/var/spool/postlicyd/cbl.abuseat.org;
- soft_threshold = 1;
- hard_threshold = 11;
-
- # hooks
- on_soft_match = greylist;
- on_hard_match = postfix:REJECT optional text;
- on_fail = postfix:OK;
- on_error = postfix:DUNNO;
-}
-
+# - match: direct matching against the query fields
+# Parameters:
+# - match_all: boolean
+# if true, the filter won't match until all conditions
+# are verified. If false, the filter match on the first
+# verified condition.
+# - condition: field_name OP (value)
+# * the field_name is one of the field name of the query
+# emitted by postfix. This list with description of each
+# field is available at:
+# http://www.postfix.org/SMTPD_POLICY_README.html
+# * OP is an operator. Available operators are:
+# == field_name is strictly equal to value
+# =i field_name is case insensitively equal to value
+# != field_name is not equal to value
+# !i field_name is not case insensitively equal to value
+# >= field_name contains value
+# >i field_name contains case insensitively value
+# <= field_name is contained by value
+# <i field_name is contained case insensitively by value
+# #= field_name is empty or not set
+# #i field_name is not empty
+# Return value:
+# - if the conditions are verified (according to match_all strategy), return match
+# - if the conditions are not verified, return fail
-# Whitelist some clients
-client_whitelist {
- type = strlist;
+match {
+ type = match;
# configuration
- file = lock:1:/var/spool/postlicyd/client_whitelist;
- fields = client_name;
+ match_all = false;
+ condition = stress == yes;
+ condition = client_name >= debian.org;
+ condition = recipient #=;
- # hooks
- on_hard_match = postfix:OK;
- on_fail = spamhaus_and_abuseat;
+ # hook
+ on_match = postfix:OK;
+ on_fail = greylist;
}
projects / apps / pfixtools.git / blobdiff