X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=example%2Fpostlicyd.conf;h=dbfb523c9bd54b6f76bafd2f21e1b1b7799f00c1;hb=7fa8c1bc673add68529fa2bda8134be5089e8745;hp=12d8ff5683a4dd2ba2880ab560c3c194ab66aa9a;hpb=a66e19cd437595328f202cbde8d492d5f7e2205a;p=apps%2Fpfixtools.git

diff --git a/example/postlicyd.conf b/example/postlicyd.conf
index 12d8ff5..dbfb523 100644
--- a/example/postlicyd.conf
+++ b/example/postlicyd.conf
@@ -56,11 +56,26 @@
 #   A filter can returns different values. Each return value is given a name. The
 #   configuration associates an action to run to a return value name.
 #
+#   A hook action has the format: (counter:id:incr:)?(filter_name|postfix:ACTION)
+#
+#   The action can contains the reference to a counter to update. This counters are "message"-wide
+#   counters that stay valid until the end of the filtering of the message. This counters are useful
+#   to trig different actions depending on the number of failures encountered during the processing
+#   of a message. There are 64 counters (0..63), accessible from all the filters. By specifying
+#   counter:id:incr as a prefix of the hook action, you tell postlicyd to add (incr) to counter
+#   (id) when this hook is reached. The "counter" filter type allow you to run actions depending
+#   on the value of a counter.
+#
 #   The action can be either a postfix access(5) value or a filter name. Postfix access
-#   parameters must be prefixed by 'postfix:'.
+#   parameters must be prefixed by 'postfix:'. The text argument given to a postfix reply
+#   may contain format strings to be replaced by the parameters of the query. This arguments
+#   have the following format: ${fieldname}
 #
 # eg:
 #   on_match = postfix:REJECT Blacklisted;
+#   on_fail  = postfix:450 Greylisted, see http://www.example.org/${sender_domain}.html
+#   on_error = counter:0:1:postfix:DUNNO
+#   on_match = counter:63:10:whitelist
 #
 # Filter:
 #   Current defined filter types are:
@@ -72,6 +87,9 @@
 #             score of the IP
 #           - rbldns: (no)?lock:weight:filename
 #             this is an alias for file.
+#           - dns: weight:hostname
+#             use a rbl via DNS resolution with the given weight. If a DNS lookup error occurs
+#             the IP is considered as beeing "not found".
 #           - soft_threshold: score (default: 1)
 #             minimum score to match the soft_match return value
 #           - hard_threshold: score (default: 1)
@@ -79,6 +97,7 @@
 #        Return value:
 #          The score of a query is the sum of the weight of the blacklist it matched.
 #           - If the IP can not be parsed, returns error
+#           - If no rbl was available (no file and all dns down), returns error.
 #           - If the score is strictly greater >= than hard_threshold, returns hard_match
 #           - If the score is strictly greater >= than soft_threshold, returns soft_match
 #           - Else, returns fail
@@ -125,6 +144,10 @@ spamhaus_and_abuseat {
 #               * names beginning with '*' are sorted as 'domains' and are matched as suffix
 #               * names starting with an alphanumirical character are sorted as 'hostnames' and are
 #                process via exact matching.
+#           - dns: weight:hostname
+#             use a rhbl via DNS resolution with the given weight. If a DNS lookup error occurs
+#             the hostname is considered as beeing "not found". This can only be used with "hostnames"
+#             typed fields.
 #           - soft_threshold: score (default: 1)
 #             minimum score to match the soft_match return value
 #           - hard_threshold: score (default: 1)
@@ -140,6 +163,7 @@ spamhaus_and_abuseat {
 #             No space is allowed in this parameter.
 #        Return value:
 #          The score of a query is the sum of the weight of the list it matched.
+#           - If no rhbl was available (no file and all dns down), returns error.
 #           - If the score is strictly greater >= than hard_threshold, returns hard_match
 #           - If the score is strictly greater >= than soft_threshold, returns soft_match
 #           - Else, returns fail
@@ -173,7 +197,15 @@ client_whitelist {
 #           - prefix: name (default: "")
 #             prefix to the name of the greylist database
 #           - lookup_by_host: boolean (default: false)
-#             perform lookup per host instead of domain.
+#             perform lookup per host. The default behaviour is to remove the last number of the IP
+#             to match a domain. This behaviour is disabled if a part of the IP is contained in the
+#             hostname (look like a dialup ip from a provider). With this flag on, the "domain"
+#             matching is always disable.
+#           - no_sender: boolean (default: false)
+#             do not use the sender address. Default behaviour is to greylist using the tuple
+#             (client_address, sender, recipient). With this flag on, the sender is not used.
+#           - no_recipient: boolean (default: false)
+#             same as no_sender but with recipient.
 #           - delay: number (default: 300)
 #             number of seconds the client must wait before retrial.
 #           - retry_window: (default: 2 * 24 * 3600)
@@ -189,8 +221,9 @@ client_whitelist {
 #           - if the client is greylisted, returns greylist
 #           - if a error occured (not currently possible), returns error
 #         State:
-#           this filter is a recipient filter and works in RCPT state only
-#           (smtpd_recipient_restrictions).
+#           this filter is a recipient filter and works in RCPT state onl if no_recipient
+#           is not specified (smtpd_recipient_restrictions). If no_sender is not given, this
+#           requires a sender name, and so must be called after MAIL TO.
 
 # Perform greylisting
 greylist {
@@ -246,10 +279,35 @@ match {
 
   # hook
   on_match = postfix:OK;
-  on_fail = greylist;
+  on_fail = counter:0:1:greylist;
 }
 
 
+#    - counter: trig actions depending on the value of a counter
+#       Parameters:
+#          - counter: the id of the counter to trig on (0 -> 63)
+#          - hard_threshold: minimum counter value to trig the hard_match hook
+#          - soft_threshold: minimum counter value to trig the soft_match hook
+#       Return value:
+#          - hard_match if the counter with the given id is greater or equal to hard_threshold
+#          - soft_match if the counter value is between soft_threshold and hard_threshold
+#          - fail if the counter value is below soft_match
+
+# match if the counter 0 value is greater than 8, or between 5 and 7
+counter {
+  type = counter;
+
+  # configuration
+  counter        = 0;
+  hard_threshold = 8;
+  soft_threshold = 5;
+
+  # hook
+  on_hard_match = postfix:REJECT ${sender_domain};
+  on_soft_match = greylist;
+  on_fail       = counter:1:10:match;
+}
+
 # ENTRY POINTS
 #
 # Access policy daemon can be used at several protocol states. For each of this states,