forked from martbrooks/hmx_tombstone
/
exim4.conf
483 lines (377 loc) · 20.9 KB
/
exim4.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
# Database setttings and SQL macros
hide pgsql_servers = <server>/<db>/<user>/<password>
SQL_ALL_DOMAINS = SELECT array_to_string(ARRAY(SELECT DISTINCT domainname FROM all_domains ORDER BY domainname),':')
SQL_ANTISPAM = SELECT CASE WHEN antispam IS TRUE THEN 1 ELSE 0 END FROM all_domains WHERE domainname=lower('${quote_pgsql:$domain}')
SQL_ANTIVIRUS = SELECT CASE WHEN antivirus IS TRUE THEN 1 ELSE 0 END FROM all_domains WHERE domainname=lower('${quote_pgsql:$domain}')
SQL_AUTH_HOSTS = SELECT array_to_string(ARRAY(SELECT DISTINCT mailroute FROM all_domains WHERE delivery_username!='' AND delivery_password!=''),':')
SQL_ENABLED = SELECT CASE WHEN enabled IS TRUE THEN 1 ELSE 0 END FROM all_domains WHERE domainname=lower('${quote_pgsql:$domain}')
SQL_GEOBLOCK = SELECT CASE WHEN geoblock IS TRUE THEN 1 ELSE 0 END FROM all_domains WHERE domainname=lower('${quote_pgsql:$domain}')
SQL_GREYLISTING = SELECT CASE WHEN greylist IS TRUE THEN 1 ELSE 0 END FROM all_domains WHERE domainname=lower('${quote_pgsql:$domain}')
SQL_GREYLIST_ADD = INSERT INTO greylist (relay_ip, from_domain) VALUES ( '$sender_host_address', lower('${quote_pgsql:$sender_address_domain}'))
SQL_GREYLIST_TEST = SELECT CASE WHEN now() > block_expires THEN 2 ELSE 1 END FROM greylist WHERE relay_ip='$sender_host_address' AND from_domain=lower('${quote_pgsql:$sender_address_domain}') ORDER BY id;
SQL_GREYLIST_UPDATE = UPDATE greylist SET record_expires = now() + interval '7 days' WHERE relay_ip='$sender_host_address' AND from_domain=lower('${quote_pgsql:$sender_address_domain}')
SQL_INVALID_MAILBOX = SELECT COUNT(*) FROM all_invalid_localparts WHERE domainname=lower('${quote_pgsql:$domain}') AND localpart=lower('${quote_pgsql:$local_part}')
SQL_LOG_MALWARE = SELECT log_to_db ('$message_exim_id','malware',lower('$sender_host_address'),lower('${quote_pgsql:$sender_address}'),lower('${quote_pgsql:$recipients}'),trim(both ' ' from '${quote_pgsql:$malware_name}'),$message_size)
SQL_LOG_NORMAL = SELECT log_to_db ('$message_exim_id','normal',lower('$sender_host_address'),lower('${quote_pgsql:$sender_address}'),lower('${quote_pgsql:$recipients}'),trim(both ' ' from '$spam_score $spam_report'),$message_size)
SQL_LOG_SPAM = SELECT log_to_db ('$message_exim_id','spam',lower('$sender_host_address'),lower('${quote_pgsql:$sender_address}'),lower('${quote_pgsql:$recipients}'),trim(both ' ' from '$spam_score $spam_report'),$message_size)
SQL_MAILROUTE = SELECT mailroute FROM all_domains WHERE domainname=lower('${quote_pgsql:$domain}')
SQL_QADDRESS = SELECT quarantine_address FROM all_domains WHERE domainname=lower('${quote_pgsql:$domain}')
SQL_QUARANTINE = SELECT CASE WHEN quarantine IS TRUE THEN 1 ELSE 0 END FROM all_domains WHERE domainname=lower('${quote_pgsql:$domain}')
SQL_REJECT_MESSAGE = SELECT COALESCE ((SELECT reject_messages.reject_message FROM all_domains,reject_messages WHERE all_domains.id=reject_messages.domain_id AND all_domains.domainname='$acl_m_domain' and from_domain='$sender_address_domain'),(SELECT reject_message FROM all_domains WHERE domainname='$acl_m_domain'))
SQL_ROUTED_DOMAINS = SELECT array_to_string(ARRAY(SELECT DISTINCT domainname FROM all_domains WHERE domaintype='routed' ORDER BY domainname),':')
SQL_SPAMSCORE = SELECT spamscore FROM all_domains WHERE domainname=lower('${quote_pgsql:$domain}')
SQL_STRICT_ADDRESSING = SELECT CASE WHEN strictaddress IS TRUE THEN 1 ELSE 0 END FROM all_domains WHERE domainname=lower('${quote_pgsql:$domain}')
SQL_TRANSIENT_BAN = SELECT COUNT(*) FROM transient_bans WHERE host='$sender_host_address'
SQL_VALID_MAILBOX = SELECT COUNT(*) FROM all_valid_localparts WHERE domainname=lower('${quote_pgsql:$domain}') AND localpart=lower('${quote_pgsql:$local_part}')
SQL_VALID_VMAILBOX = SELECT COUNT(*) FROM virtual_redirects WHERE domainname=lower('${quote_pgsql:$domain}') AND localpart=lower('${quote_pgsql:$local_part}')
SQL_VIRTUAL_DOMAINS = SELECT array_to_string(ARRAY(SELECT DISTINCT domainname FROM all_domains WHERE domaintype='virtual' ORDER BY domainname),':')
SQL_VIRTUAL_REDIRECT = SELECT redirect_to FROM virtual_redirects WHERE domainname=lower('${quote_pgsql:$domain}') AND localpart=lower('${quote_pgsql:$local_part}')
SQL_BANNED_ASN = SELECT COUNT(*) FROM asn_exception WHERE domainname=lower('${quote_pgsql:$domain}') AND asn='$acl_m_asn'
SQL_BANNED_COUNTRY = SELECT COUNT(*) FROM cc_exception WHERE domainname=lower('${quote_pgsql:$domain}') AND country_code='$acl_m_cc'
SQL_BANNED_ALL_ASN = SELECT COUNT(*) FROM global_bans WHERE object='asn' AND asn='$acl_m_asn'
SQL_BANNED_NET = SELECT COUNT(*) FROM global_bans WHERE object='netblock' AND '$sender_host_address' <<= netblock
SQL_BANNED_DOMAIN = SELECT COUNT(*) FROM global_bans WHERE object='domain' AND sender_domain=lower('$sender_address_domain')
SQL_BANNED_ADDRESS = SELECT COUNT(*) FROM global_bans WHERE object='address' AND sender_address=lower('${quote_pgsql:$sender_address}')
SQL_BL_NET = SELECT COUNT(*) FROM bl_exception_netblock WHERE domainname=lower('${quote_pgsql:$domain}') AND '$sender_host_address' <<= netblock
SQL_BL_DOMAIN = SELECT COUNT(*) FROM bl_exception_domain WHERE domainname=lower('${quote_pgsql:$domain}') AND sender_domain=lower('$sender_address_domain')
SQL_BL_ADDRESS = SELECT COUNT(*) FROM bl_exception_address WHERE domainname=lower('${quote_pgsql:$domain}') AND sender_address=lower('${quote_pgsql:$sender_address}')
SQL_GL_NET = SELECT COUNT(*) FROM gl_exception_netblock WHERE domainname=lower('${quote_pgsql:$domain}') AND '$sender_host_address' <<= netblock
SQL_GL_DOMAIN = SELECT COUNT(*) FROM gl_exception_domain WHERE domainname=lower('${quote_pgsql:$domain}') AND sender_domain=lower('$sender_address_domain')
SQL_GL_ADDRESS = SELECT COUNT(*) FROM gl_exception_address WHERE domainname=lower('${quote_pgsql:$domain}') AND sender_address=lower('${quote_pgsql:$sender_address}')
SQL_WL_NET = SELECT COUNT(*) FROM wl_exception_netblock WHERE domainname=lower('${quote_pgsql:$domain}') AND '$sender_host_address' <<= netblock
SQL_WL_DOMAIN = SELECT COUNT(*) FROM wl_exception_domain WHERE domainname=lower('${quote_pgsql:$domain}') AND sender_domain=lower('$sender_address_domain')
SQL_WL_ADDRESS = SELECT COUNT(*) FROM wl_exception_address WHERE domainname=lower('${quote_pgsql:$domain}') AND sender_address=lower('${quote_pgsql:$sender_address}')
SQL_ACCEPT_NET = SELECT COUNT(*) FROM global_accepts WHERE object='netblock' AND '$sender_host_address' <<= netblock
SQL_ACCEPT_DOMAIN = SELECT COUNT(*) FROM global_accepts WHERE object='domain' AND sender_domain=lower('$sender_address_domain')
SQL_ACCEPT_ADDRESS = SELECT COUNT(*) FROM global_accepts WHERE object='address' AND sender_address=lower('${quote_pgsql:$sender_address}')
SQL_ACCEPT_NOREVDNS = SELECT COUNT(*) FROM norevdns_exception WHERE domainname=lower('${quote_pgsql:$domain}') AND '$sender_host_address' <<= netblock
# Configuration macros
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
CONFDIR = /etc/exim4
MAILNAME = hardened.mx
# Other settings
acl_smtp_data = acl_check_data
acl_smtp_mail = acl_check_mail
acl_smtp_mime = acl_smtp_mime
acl_smtp_rcpt = acl_check_rcpt
av_scanner = clamd:/var/run/clamav/clamd.ctl
check_rfc2047_length = false
disable_ipv6 = true
exim_path = /usr/sbin/exim4
gecos_name = $1
gecos_pattern = ^([^,:]*)
host_lookup = *
hosts_proxy = 172.16.0.0/12
ignore_bounce_errors_after = 1d
local_from_check = false
local_interfaces = 0.0.0.0
local_sender_retain = true
log_file_path = :syslog
log_selector = +tls_peerdn +proxy +subject
message_size_limit = 50M
primary_hostname = hardened.mx
qualify_domain = hardened.mx
smtp_return_error_details = true
split_spool_directory = true
spool_directory = /var/spool/exim4
timeout_frozen_after = 1h
tls_advertise_hosts = *
tls_certificate = CONFDIR/exim.crt
tls_privatekey = CONFDIR/exim.key
tls_try_verify_hosts = *
tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt
trusted_users = uucp
untrusted_set_sender = *
write_rejectlog = false
domainlist filtered_domains = ${lookup pgsql{SQL_ALL_DOMAINS}}
domainlist routed_domains = ${lookup pgsql{SQL_ROUTED_DOMAINS}}
domainlist virtual_domains = ${lookup pgsql{SQL_VIRTUAL_DOMAINS}}
add_environment =
keep_environment =
begin acl
acl_check_mail:
deny
message = No HELO given before MAIL command.
condition = ${if def:sender_helo_name {no}{yes}}
deny
message = Invalid HELO.
condition = ${if isip{$sender_helo_name}}
deny
message = Invalid HELO.
condition = ${if isip6{$sender_helo_name}}
accept
acl_check_rcpt:
require
message = Relay not permitted.
domains = +filtered_domains
warn
condition = ${run{CONFDIR/memcache_asn_lookup.pl $sender_host_address}{yes}{no}}
set acl_m_asn = $value
warn
condition = ${run{CONFDIR/memcache_geoip_lookup.pl $sender_host_address}{yes}{no}}
set acl_m_cc = $value
defer
message = Excess connection attempts.
ratelimit = 10 / 10s / per_mail / strict
defer
message = Unable to accept mail for this domain at this time.
condition = ${if = {${lookup pgsql{SQL_ENABLED}}}{0}}
defer
message = Multiple destination domains per transaction is unsupported. Please try again.
condition = ${if and{ {!eq{$acl_m_lastrcptdomain}{}} {!eq{$acl_m_lastrcptdomain}{$domain}} } {true}{false}}
warn
set acl_m_lastrcptdomain = $domain
warn
set acl_m_antispam = ${lookup pgsql{SQL_ANTISPAM}}
warn
set acl_m_spamscore = ${lookup pgsql{SQL_SPAMSCORE}}
warn
set acl_m_antivirus = ${lookup pgsql{SQL_ANTIVIRUS}}
warn
set acl_m_greylisting = ${lookup pgsql{SQL_GREYLISTING}}
warn
set acl_m_strictaddressing = ${lookup pgsql{SQL_STRICT_ADDRESSING}}
warn
set acl_m_quarantine = ${lookup pgsql{SQL_QUARANTINE}}
deny
message = Restricted characters in address.
domains = +filtered_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
deny
message = Recipient mailbox does not exist.
condition = ${if > {${lookup pgsql{SQL_INVALID_MAILBOX}}}{0}}
deny
message = Restricted characters in address.
domains = !+filtered_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
deny
message = Recipient mailbox does not exist.
domains = +virtual_domains
condition = ${if < {${lookup pgsql{SQL_VALID_VMAILBOX}}}{1}}
deny
message = Recipient mailbox does not exist.
domains = +routed_domains
condition = ${if eq {$acl_m_strictaddressing}{1}}
condition = ${if < {${lookup pgsql{SQL_VALID_MAILBOX}}}{1}}
warn
set acl_m_iswhitelisted = 0
accept
condition = ${if > {${lookup pgsql{SQL_ACCEPT_NET}}}{0}}
set acl_m_iswhitelisted = 1
set acl_m_whitelistreason = $sender_host_address is from a globally whitelisted network.
accept
condition = ${if > {${lookup pgsql{SQL_ACCEPT_DOMAIN}}}{0}}
set acl_m_iswhitelisted = 1
set acl_m_whitelistreason = $sender_address_domain is a globally whitelisted domain.
accept
condition = ${if > {${lookup pgsql{SQL_ACCEPT_ADDRESS}}}{0}}
set acl_m_iswhitelisted = 1
set acl_m_whitelistreason = $sender_address is a globally whitelisted address.
accept
condition = ${if > {${lookup pgsql{SQL_WL_NET}}}{0}}
set acl_m_iswhitelisted = 1
set acl_m_whitelistreason = $sender_host_address is from a whitelisted network.
accept
condition = ${if > {${lookup pgsql{SQL_WL_DOMAIN}}}{0}}
set acl_m_iswhitelisted = 1
set acl_m_whitelistreason = $sender_address_domain is a whitelisted domain.
accept
condition = ${if > {${lookup pgsql{SQL_WL_ADDRESS}}}{0}}
set acl_m_iswhitelisted = 1
set acl_m_whitelistreason = $sender_address is a whitelisted address.
defer
message = Transient ban present for $sender_host_address.
condition = ${if eq {$acl_m_iswhitelisted}{0}}
condition = ${if > {${lookup pgsql{SQL_TRANSIENT_BAN}}}{0}}
deny
message = Mail from sender location is not accepted.
condition = ${if > {${lookup pgsql{SQL_BANNED_COUNTRY}}}{0}}
deny
message = Mail from sender ASN is not accepted.
condition = ${if > {${lookup pgsql{SQL_BANNED_ALL_ASN}}}{0}}
deny
message = Mail from sender ASN is not accepted by this domain.
condition = ${if > {${lookup pgsql{SQL_BANNED_ASN}}}{0}}
deny
message = Banned sender pattern.
condition = ${if eq{${lookup{$sender_address}nwildlsearch{CONFDIR/banned_wildcards.txt}{1}}}{1}}
deny
message = Globally blacklisted network.
condition = ${if > {${lookup pgsql{SQL_BANNED_NET}}}{0}}
deny
message = Globally blacklisted domain.
condition = ${if > {${lookup pgsql{SQL_BANNED_DOMAIN}}}{0}}
deny
message = Globally blacklisted address.
condition = ${if > {${lookup pgsql{SQL_BANNED_ADDRESS}}}{0}}
deny
message = Blacklisted network.
condition = ${if > {${lookup pgsql{SQL_BL_NET}}}{0}}
deny
message = Blacklisted domain.
condition = ${if > {${lookup pgsql{SQL_BL_DOMAIN}}}{0}}
deny
message = Blacklisted address.
condition = ${if > {${lookup pgsql{SQL_BL_ADDRESS}}}{0}}
deny
message = Sending IP is listed at zen.spamhaus.org.
dnslists = XXXXXXXXXX.zen.dq.spamhaus.net/$sender_host_address
deny
message = Sending domain is listed in the Spamhaus DBL.
dnslists = XXXXXXXXXX.dbl.dq.spamhaus.net/$sender_address_domain
deny
message = Communicado Ltd - http://blog.hinterlands.org/2013/10/unwanted-email-from-communicado-ltd/
dnslists = excommunicado.co.uk/$sender_address_domain
deny
message = Sending domain listed in rjek.com
dnslists = mailsl.dnsbl.rjek.com/$sender_address_domain
deny
message = Sender address is listed in rjek.com phishing list.
dnslists = phish.dnsbl.rjek.com/${sha1:${lc:${sender_address}}}
defer
message = No PTR found for $sender_host_address.
condition = ${if eq {${lookup pgsql{SQL_ACCEPT_NOREVDNS}}}{0}}
!verify = reverse_host_lookup
warn
set acl_m_greyliststate = ${lookup pgsql{SQL_GREYLIST_TEST}{$value}{0}}
condition = ${if eq {$acl_m_greylisting}{1}}
defer
message = Greylisted.
!condition = ${if > {${lookup pgsql{SQL_GL_NET}}}{0}}
!condition = ${if > {${lookup pgsql{SQL_GL_DOMAIN}}}{0}}
!condition = ${if > {${lookup pgsql{SQL_GL_ADDRESS}}}{0}}
condition = ${if eq {$acl_m_greylisting}{1}}
condition = ${if eq {$acl_m_greyliststate}{0}}
condition = ${lookup pgsql{SQL_GREYLIST_ADD}}
defer
message = Greylisted.
!condition = ${if > {${lookup pgsql{SQL_GL_NET}}}{0}}
!condition = ${if > {${lookup pgsql{SQL_GL_DOMAIN}}}{0}}
!condition = ${if > {${lookup pgsql{SQL_GL_ADDRESS}}}{0}}
condition = ${if eq {$acl_m_greylisting}{1}}
condition = ${if eq {$acl_m_greyliststate}{1}}
warn
set acl_m_greylist_update = ${lookup pgsql{SQL_GREYLIST_UPDATE}}
!condition = ${if > {${lookup pgsql{SQL_GL_NET}}}{0}}
!condition = ${if > {${lookup pgsql{SQL_GL_DOMAIN}}}{0}}
!condition = ${if > {${lookup pgsql{SQL_GL_ADDRESS}}}{0}}
condition = ${if eq {$acl_m_greylisting}{1}}
condition = ${if eq {$acl_m_greyliststate}{2}}
defer
message = Sender verification failed.
!verify = sender/no_details
deny
message = $sender_host_address is not allowed to send mail from $sender_address_domain.
log_message = SPF check failed.
set acl_m_spfquery = -ip=$sender_host_address -sender=$sender_address -helo=$sender_helo_name
set acl_m_spfresult = ${run{/usr/bin/spfquery $acl_m_spfquery}}
condition = ${if eq {$runrc}{3}{true}{false}}
warn
condition = ${run{CONFDIR/maxmind_geoip_lookup.pl $sender_host_address}{yes}{no}}
set acl_m_cc = $value
add_header = X-HMX-Country-Code: $acl_m_cc
warn
condition = ${run{CONFDIR/maxmind_asn_lookup.pl $sender_host_address}{yes}{no}}
set acl_m_asn = $value
add_header = X-HMX-ASN: $acl_m_asn
warn
add_header = X-Clacks-Overhead: GNU Terry Pratchett
set acl_m_domain = $domain
deny
message = Mail from sender location is not accepted.
condition = ${if > {${lookup pgsql{SQL_BANNED_COUNTRY}}}{0}}
deny
message = Mail from sender ASN is not accepted.
condition = ${if > {${lookup pgsql{SQL_BANNED_ALL_ASN}}}{0}}
deny
message = Mail from sender ASN is not accepted by this domain.
condition = ${if > {${lookup pgsql{SQL_BANNED_ASN}}}{0}}
accept
acl_smtp_mime:
warn
decode = default
deny
message = Blacklisted file extension detected.
condition = ${if match {${lc:$mime_filename}} {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.vbs)$\N}{1}{0}}
accept
acl_check_data:
warn
condition = ${if eq {$acl_m_iswhitelisted}{1}}
add_header = X-HMX-Whitelisted: Yes
add_header = X-HMX-Whitelist-Reason: $acl_m_whitelistreason
log_message = Whitelisted: $acl_m_whitelistreason
accept
condition = ${if eq {$acl_m_iswhitelisted}{1}}
deny
message = Message headers fail syntax check.
!verify = header_syntax
defer
message = No verifiable sender address in message headers.
!verify = header_sender
warn
set acl_m_rejectmessage = ${lookup pgsql{SQL_REJECT_MESSAGE}}
warn
condition = ${if eq {$acl_m_quarantine}{1}}
malware = *
condition = ${if eq {$acl_m_antivirus}{1}}
set acl_m_logmail = ${lookup pgsql{SQL_LOG_MALWARE}}
set acl_m_sendtoquarantine = 1
warn
condition = ${if eq {$acl_m_quarantine}{1}}
spam = Debian-exim:true
condition = ${if eq {$acl_m_antispam}{1}}
condition = ${if > {$spam_score_int}{$acl_m_spamscore}}
set acl_m_logmail = ${lookup pgsql{SQL_LOG_SPAM}}
set acl_m_sendtoquarantine = 1
deny
condition = ${if eq {$acl_m_quarantine}{0}}
message = ${if eq{$acl_m_rejectmessage}{}{Message appears to be infected with $malware_name.}{$acl_m_rejectmessage}}
malware = *
condition = ${if eq {$acl_m_antivirus}{1}}
set acl_m_logmail = ${lookup pgsql{SQL_LOG_MALWARE}}
deny
condition = ${if eq {$acl_m_quarantine}{0}}
message = ${if eq{$acl_m_rejectmessage}{}{Your message scored $spam_score points.}{$acl_m_rejectmessage}}
spam = Debian-exim:true
condition = ${if eq {$acl_m_antispam}{1}}
condition = ${if > {$spam_score_int}{$acl_m_spamscore}}
set acl_m_logmail = ${lookup pgsql{SQL_LOG_SPAM}}
warn
set acl_m_logmail = ${lookup pgsql{SQL_LOG_NORMAL}}
accept
begin routers
hmx_quarantine:
driver = redirect
data = ${lookup pgsql{SQL_QADDRESS}}
condition = ${if eq {$acl_m_sendtoquarantine}{1}}
hmx_routed:
driver = manualroute
domains = ${lookup pgsql{SQL_ROUTED_DOMAINS}}
route_data = ${lookup pgsql{SQL_MAILROUTE}}
transport = remote_smtp
hmx_virtual:
driver = redirect
domains = ${lookup pgsql{SQL_VIRTUAL_DOMAINS}}
data = ${lookup pgsql{SQL_VIRTUAL_REDIRECT}}
nothmx:
driver = dnslookup
transport = remote_smtp
begin transports
remote_smtp:
driver = smtp
hosts_try_auth = ${lookup pgsql{SQL_AUTH_HOSTS}}
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
PASSWDLINE=${sg{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
}\
{\\N[\\^]\\N}\
{^^}\
}
plain:
driver = plaintext
public_name = PLAIN
client_send = "<; ^${extract{1}{:}{PASSWDLINE}}^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"