X-Git-Url: http://git.madism.org/?p=apps%2Fpfixtools.git;a=blobdiff_plain;f=example%2Fpostlicyd.conf;h=08ab73c4d1cc88dfe958de3d6fd516a5e73136fa;hp=c7af9400b7fdf31af611101629cedd36ba749e4f;hb=5c75febadf099c0a656b3b8072b14ec14b38c2f6;hpb=52179a67b5e09f3f767789abd7857ae17d5f15c2 diff --git a/example/postlicyd.conf b/example/postlicyd.conf index c7af940..08ab73c 100644 --- a/example/postlicyd.conf +++ b/example/postlicyd.conf @@ -55,7 +55,7 @@ # - iplist: match the client_address against one or more blacklist files from a rbl # Parameters: # - file: (non)?lock:weight:filename -# declare a file to load. If lock is given, the blacklist is locked into the +# declare a file to load. If lock is given, the klist is locked into the # RAM. The weight is a number giving the weight of this blaclist file in the # score of the IP # - soft_threshold: score (default: 1) @@ -69,6 +69,41 @@ # - If the score is strictly greater >= than soft_threshold, returns soft_match # - Else, returns fail # +# - strlist: match strings from the query against a list of list. +# Parameters: +# - file: (non)?lock:(pre|suf)fix:weight:filename +# declare a file to load. If lock is given, the list is locked into the +# RAM. Prefix/Suffix is a parameter to tell the matcher which is the most +# efficient storage order. The strings are internally stored into a trie that +# allow high compression if a lot of prefix are shared by several strings. If +# you choose "prefix", string are stored in the natural order in memory and +# prefix compression is performed. If you choose "suffix", strings are stored +# in reverse order in memory and suffix compression is performed. The weight +# is a number giving the weight of this list in the string score. +# - soft_threshold: score (default: 1) +# minimum score to match the soft_match return value +# - hard_threshold: score (default: 1) +# minimum score to match the hard_match return value +# - fields: field_name(,field_name)* +# list of field the match the string against. +# currently only email OR hostname fields are supported. You MUST choose only +# one of these types per strlist, and be carefull that the field you requested +# are available in the protocol state you want to use this filter for. +# * hostname fields: helo_name, client_name, reverse_client_name +# * email fields: sender, recipient +# Return value: +# The score of a query is the sum of the weight of the list it matched. +# - If the score is strictly greater >= than hard_threshold, returns hard_match +# - If the score is strictly greater >= than soft_threshold, returns soft_match +# - Else, returns fail +# State: +# - to match helo_name, you must be on HELO state or later +# (stmpd_helo_restrictions) +# - to match sender, you must be on MAIL state or later +# (smtpd_sender_restrictions) +# - to match recipient, you must on RCPT state (stmpd_recipient_restrictions) +# - client_name and reverse_client_name are always available +# # - greylist: greylister # Paramters: # - path: /my/path/ (required) @@ -103,6 +138,7 @@ # } +# Perform greylisting greylist { type = greylist; @@ -115,6 +151,8 @@ greylist { on_whitelist = postfix:OK; } + +# Lookup in a rbl spamhaus_and_abuseat { type = iplist; @@ -132,6 +170,20 @@ spamhaus_and_abuseat { } +# Whitelist some clients +client_whitelist { + type = strlist; + + # configuration + file = lock:1:/var/spool/postlicyd/client_whitelist; + fields = client_name; + + # hooks + on_hard_match = postfix:OK; + on_fail = spamhaus_and_abuseat; +} + + # ENTRY POINTS # # Access policy daemon can be used at several protocol states. For each of this states, @@ -153,6 +205,6 @@ spamhaus_and_abuseat { # - etrn_filter: called on the ETRN command (stmpd_etrn_restrictions) # - verify_filter: called on the VRFY command (no postfix hook ?) -recipient_filter = spamhaus_and_abuseat; +recipient_filter = client_whitelist; # vim:set syntax=conf: