X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=example%2Fpostlicyd.conf;h=0fc5953bcf4bc20e25d1ede1d77a0ef50677aa03;hb=545172eff0a3c4e3d8126a756a073f99b6998642;hp=c7af9400b7fdf31af611101629cedd36ba749e4f;hpb=52179a67b5e09f3f767789abd7857ae17d5f15c2;p=apps%2Fpfixtools.git

diff --git a/example/postlicyd.conf b/example/postlicyd.conf
index c7af940..0fc5953 100644
--- a/example/postlicyd.conf
+++ b/example/postlicyd.conf
@@ -40,6 +40,18 @@
 #  - a list of type-specific parameters
 #  - a list of hooks (on_hookname)
 #
+# Format:
+#  A filter look likes that:
+#
+#  filter_name {
+#    type = type_name;
+#    param1 = parameter value 1;
+#    ...
+#    on_hook1 = action1;
+#    on_hook2 = action2;
+#    ...
+#  }
+#
 # Hooks:
 #   A filter can returns different values. Each return value is given a name. The
 #   configuration associates an action to run to a return value name.
@@ -55,7 +67,7 @@
 #     - iplist: match the client_address against one or more blacklist files from a rbl
 #        Parameters:
 #           - file: (non)?lock:weight:filename
-#             declare a file to load. If lock is given, the blacklist is locked into the
+#             declare a file to load. If lock is given, the klist is locked into the
 #             RAM. The weight is a number giving the weight of this blaclist file in the
 #             score of the IP
 #           - soft_threshold: score (default: 1)
@@ -68,7 +80,74 @@
 #           - If the score is strictly greater >= than hard_threshold, returns hard_match
 #           - If the score is strictly greater >= than soft_threshold, returns soft_match
 #           - Else, returns fail
-#
+
+# Lookup in a rbl
+spamhaus_and_abuseat {
+  type   = iplist;
+
+  # configuration
+  file   = lock:10:/var/spool/postlicyd/rbl.spamhaus.org;
+  file   = lock:1:/var/spool/postlicyd/cbl.abuseat.org;
+  soft_threshold = 1;
+  hard_threshold = 11;
+
+  # hooks
+  on_soft_match = greylist;
+  on_hard_match = postfix:REJECT optional text;
+  on_fail       = postfix:OK;
+  on_error      = postfix:DUNNO;
+}
+
+
+#     - strlist: match strings from the query against a list of list.
+#        Parameters:
+#           - file: (non)?lock:(pre|suf)fix:weight:filename
+#             declare a file to load. If lock is given, the list is locked into the
+#             RAM. Prefix/Suffix is a parameter to tell the matcher which is the most
+#             efficient storage order. The strings are internally stored into a trie that
+#             allow high compression if a lot of prefix are shared by several strings. If
+#             you choose "prefix", string are stored in the natural order in memory and
+#             prefix compression is performed. If you choose "suffix", strings are stored
+#             in reverse order in memory and suffix compression is performed. The weight
+#             is a number giving the weight of this list in the string score.
+#           - soft_threshold: score (default: 1)
+#             minimum score to match the soft_match return value
+#           - hard_threshold: score (default: 1)
+#             minimum score to match the hard_match return value
+#           - fields: field_name(,field_name)*
+#             list of field the match the string against.
+#             currently only email OR hostname fields are supported. You MUST choose only
+#             one of these types per strlist, and be carefull that the field you requested
+#             are available in the protocol state you want to use this filter for.
+#              * hostname fields: helo_name, client_name, reverse_client_name
+#              * email fields: sender, recipient
+#        Return value:
+#          The score of a query is the sum of the weight of the list it matched.
+#           - If the score is strictly greater >= than hard_threshold, returns hard_match
+#           - If the score is strictly greater >= than soft_threshold, returns soft_match
+#           - Else, returns fail
+#        State:
+#           - to match helo_name, you must be on HELO state or later
+#           (stmpd_helo_restrictions)
+#           - to match sender, you must be on MAIL state or later
+#           (smtpd_sender_restrictions)
+#           - to match recipient, you must on RCPT state (stmpd_recipient_restrictions)
+#           - client_name and reverse_client_name are always available
+
+# Whitelist some clients
+client_whitelist {
+  type  = strlist;
+
+  # configuration
+  file    = lock:1:/var/spool/postlicyd/client_whitelist;
+  fields  = client_name;
+
+  # hooks
+  on_hard_match = postfix:OK;
+  on_fail       = spamhaus_and_abuseat;
+}
+
+
 #     - greylist: greylister
 #        Paramters:
 #           - path: /my/path/ (required)
@@ -91,18 +170,8 @@
 #         State:
 #           this filter is a recipient filter and works in RCPT state only
 #           (smtpd_recipient_restrictions).
-#
-# Format:
-#  A filter look likes that:
-#
-#  filter_name {
-#    type = type_name;
-#    param1 = parameter value 1;
-#    ...
-#    on_action1 = action;
-#  }
-
 
+# Perform greylisting
 greylist {
   type   = greylist;
 
@@ -115,20 +184,47 @@ greylist {
   on_whitelist = postfix:OK;
 }
 
-spamhaus_and_abuseat {
-  type   = iplist;
+
+#     - match: direct matching against the query fields
+#        Parameters:
+#           - match_all: boolean
+#             if true, the filter won't match until all conditions
+#             are verified. If false, the filter match on the first
+#             verified condition.
+#           - condition: field_name OP (value)
+#             * the field_name is one of the field name of the query
+#              emitted by postfix. This list with description of each
+#              field is available at:
+#               http://www.postfix.org/SMTPD_POLICY_README.html
+#             * OP is an operator. Available operators are:
+#                == field_name is strictly equal to value
+#                =i field_name is case insensitively equal to value
+#                != field_name is not equal to value
+#                !i field_name is not case insensitively equal to value
+#                >= field_name contains value
+#                >i field_name contains case insensitively value
+#                <= field_name is contained by value
+#                <i field_name is contained case insensitively by value
+#                #= field_name is empty or not set
+#                #i field_name is not empty
+#         Return value:
+#           - if the conditions are verified (according to match_all strategy), return match
+#           - if the conditions are not verified, return fail
+
+# match one of the condition: "stress mode activated", "client_name contains debian.org" or
+#                             "recipient is empty"
+match {
+  type = match;
 
   # configuration
-  file   = lock:10:/var/spool/postlicyd/rbl.spamhaus.org;
-  file   = lock:1:/var/spool/postlicyd/cbl.abuseat.org;
-  soft_threshold = 1;
-  hard_threshold = 11;
+  match_all = false;
+  condition = stress == yes;
+  condition = client_name >= debian.org;
+  condition = recipient #=;
 
-  # hooks
-  on_soft_match = greylist;
-  on_hard_match = postfix:REJECT optional text;
-  on_fail       = postfix:OK;
-  on_error      = postfix:DUNNO;
+  # hook
+  on_match = postfix:OK;
+  on_fail = greylist;
 }
 
 
@@ -153,6 +249,16 @@ spamhaus_and_abuseat {
 #  - etrn_filter: called on the ETRN command (stmpd_etrn_restrictions)
 #  - verify_filter: called on the VRFY command (no postfix hook ?)
 
-recipient_filter = spamhaus_and_abuseat;
+recipient_filter = client_whitelist;
+
+
+# SERVER PORT
+#
+# Port to which the server is bound. The default is 10000. If the port is specified as
+# a command line parameter, the value specified on command line overides this value.
+#
+# You must RESTART the server to change the port (reload does not affect the port).
+
+port = 10000;
 
 # vim:set syntax=conf: