X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=example%2Fpostlicyd.conf;h=08ab73c4d1cc88dfe958de3d6fd516a5e73136fa;hb=5c75febadf099c0a656b3b8072b14ec14b38c2f6;hp=a8ef0e0e3c891633b8991544c29541355d12fd5e;hpb=d0eb62ddac601110ebbcc73bb17c8b90407c9874;p=apps%2Fpfixtools.git

diff --git a/example/postlicyd.conf b/example/postlicyd.conf
index a8ef0e0..08ab73c 100644
--- a/example/postlicyd.conf
+++ b/example/postlicyd.conf
@@ -12,8 +12,8 @@
 #         escape any character \c = c (\n = n, \\ = \, ...). This format allow non-ascii
 #         strings and string concatenation " abcd " "ef" = " abcd ef".
 #       - ASCII-only strings can be written without double-quotes. They can be splitted
-#         into several lines using shell-like escaping of EOL. A string begins on the
-#         first non-blank character. This king of string can not contain semi-colons.
+#         into several lines using shell-like escaping of EOL. A string begins and ends on
+#         on a non-blank character. This king of string can not contain semi-colons.
 # eg:
 #  The following format are equivalent:
 #   (1) this is a str\
@@ -52,10 +52,10 @@
 #
 # Filter:
 #   Current defined filter types are:
-#     - rbl: match the client_address against one or more blacklist files from a rbl
+#     - iplist: match the client_address against one or more blacklist files from a rbl
 #        Parameters:
 #           - file: (non)?lock:weight:filename
-#             declare a file to load. If lock is given, the blacklist is locked into the
+#             declare a file to load. If lock is given, the klist is locked into the
 #             RAM. The weight is a number giving the weight of this blaclist file in the
 #             score of the IP
 #           - soft_threshold: score (default: 1)
@@ -69,6 +69,41 @@
 #           - If the score is strictly greater >= than soft_threshold, returns soft_match
 #           - Else, returns fail
 #
+#     - strlist: match strings from the query against a list of list.
+#        Parameters:
+#           - file: (non)?lock:(pre|suf)fix:weight:filename
+#             declare a file to load. If lock is given, the list is locked into the
+#             RAM. Prefix/Suffix is a parameter to tell the matcher which is the most
+#             efficient storage order. The strings are internally stored into a trie that
+#             allow high compression if a lot of prefix are shared by several strings. If
+#             you choose "prefix", string are stored in the natural order in memory and
+#             prefix compression is performed. If you choose "suffix", strings are stored
+#             in reverse order in memory and suffix compression is performed. The weight
+#             is a number giving the weight of this list in the string score.
+#           - soft_threshold: score (default: 1)
+#             minimum score to match the soft_match return value
+#           - hard_threshold: score (default: 1)
+#             minimum score to match the hard_match return value
+#           - fields: field_name(,field_name)*
+#             list of field the match the string against.
+#             currently only email OR hostname fields are supported. You MUST choose only
+#             one of these types per strlist, and be carefull that the field you requested
+#             are available in the protocol state you want to use this filter for.
+#              * hostname fields: helo_name, client_name, reverse_client_name
+#              * email fields: sender, recipient
+#        Return value:
+#          The score of a query is the sum of the weight of the list it matched.
+#           - If the score is strictly greater >= than hard_threshold, returns hard_match
+#           - If the score is strictly greater >= than soft_threshold, returns soft_match
+#           - Else, returns fail
+#        State:
+#           - to match helo_name, you must be on HELO state or later
+#           (stmpd_helo_restrictions)
+#           - to match sender, you must be on MAIL state or later
+#           (smtpd_sender_restrictions)
+#           - to match recipient, you must on RCPT state (stmpd_recipient_restrictions)
+#           - client_name and reverse_client_name are always available
+#
 #     - greylist: greylister
 #        Paramters:
 #           - path: /my/path/ (required)
@@ -103,6 +138,7 @@
 #  }
 
 
+# Perform greylisting
 greylist {
   type   = greylist;
 
@@ -115,14 +151,16 @@ greylist {
   on_whitelist = postfix:OK;
 }
 
+
+# Lookup in a rbl
 spamhaus_and_abuseat {
-  type   = rbl;
+  type   = iplist;
 
   # configuration
   file   = lock:10:/var/spool/postlicyd/rbl.spamhaus.org;
   file   = lock:1:/var/spool/postlicyd/cbl.abuseat.org;
   soft_threshold = 1;
-  hard_threshold = 9;
+  hard_threshold = 11;
 
   # hooks
   on_soft_match = greylist;
@@ -132,6 +170,20 @@ spamhaus_and_abuseat {
 }
 
 
+# Whitelist some clients
+client_whitelist {
+  type  = strlist;
+
+  # configuration
+  file    = lock:1:/var/spool/postlicyd/client_whitelist;
+  fields  = client_name;
+
+  # hooks
+  on_hard_match = postfix:OK;
+  on_fail       = spamhaus_and_abuseat;
+}
+
+
 # ENTRY POINTS
 #
 # Access policy daemon can be used at several protocol states. For each of this states,
@@ -150,9 +202,9 @@ spamhaus_and_abuseat {
 #  - data_filter: called on the DATA command (smtpd_data_restrictions)
 #  - end_of_data_filter: called on the END-OF-DATA command
 #    (smtpd_end_of_data_restrictions)
-#  - ertn_filter: called on the ETRN command (stmpd_etrn_restrictions)
+#  - etrn_filter: called on the ETRN command (stmpd_etrn_restrictions)
 #  - verify_filter: called on the VRFY command (no postfix hook ?)
 
-recipient_filter = spamhaus_and_abuseat;
+recipient_filter = client_whitelist;
 
 # vim:set syntax=conf: