exim, не проверять на спам "свои" письма

[Gamerman]

exim+p5-Mail-SpamAssassin-3.4.0_2
Когда пользователь отправляет по смтп письмо, оно проверяеться на спам. Как можно избежать этого? Не хочу при отправке проверять, только при получении.

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[xM]

exim+p5-Mail-SpamAssassin-3.4.0_2
Когда пользователь отправляет по смтп письмо, оно проверяеться на спам. Как можно избежать этого? Не хочу при отправке проверять, только при получении.

Каким правилом (или чем вы там это делаете) вы вызываете SA ?

[Gamerman]

Секция acl c файла configure

Код: Выделить всё

############################################################################
#                            ACL CONFIGURATION                             #
#           Specifies access control lists for incoming SMTP mail          #
############################################################################

begin acl
acl_check_rcpt:

# Сохраняем адресата для будущей подстановки в тему письма
warn

#set acl_m1 = $local_part@$domain
 set acl_m1 = $local_part

# Разрешаем отправку, если отправитель находится в "белом списке".
# Выборка делается из БД MySQL.
accept senders=${lookup mysql{SELECT senders FROM whitelist \
        WHERE deleting in (1,2)=0 and (senders='${quote_mysql:$sender_address}'   \
        OR senders='*@${quote_mysql:$sender_address_domain}') LIMIT 1}}

# Запрещаем письма содержащие в локальной части символы @; %; !; /; |.
deny message      = "Illegal characters are in an address."
domains       = +local_domains
local_parts   = ^[.] : ^.*[@%!/|]

# Запрещаем недопустимые символы для нелокальных получателей.
deny message      = "Illegal characters are in an address."
domains       = !+local_domains
local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

# Запрещаем прием почты с определенных доменов. С них жестко СПАМ идет.
# orange.fr
deny message   = "All email from *.orange.fr - discarded!"
condition = ${if match{$sender_helo_name}{.orange.fr}{yes}{no}}
# mdp2.net
deny message   = "All email from *.mdp2.net - discarded!"
condition = ${if match{$sender_helo_name}{.mdp2.net}{yes}{no}}
# mail.comcast.net
deny message   = "All email from *.mail.comcast.net - discarded!"
condition = ${if match{$sender_helo_name}{.mail.comcast.net}{yes}{no}}
# libero.it
deny message   = "All email from *.libero.it - discarded!"
condition = ${if match{$sender_helo_name}{.libero.it}{yes}{no}}
# ono.com
deny message   = "All email from *.ono.com - discarded!"
condition = ${if match{$sender_helo_name}{.ono.com}{yes}{no}}
# wanadoo.fr
deny message   = "All email from *.wanadoo.fr - discarded!"
condition = ${if match{$sender_helo_name}{.wanadoo.fr}{yes}{no}}


# Запрещаем отправку тем, кто внесен в "черный список".
# Выборка делается из БД MySQL.
#deny message = "Your address in banlist!"
#        senders=${lookup mysql{SELECT senders FROM blacklist \
#       WHERE senders='${quote_mysql:$sender_address}' \
#        OR senders='*@${quote_mysql:$sender_address_domain}' LIMIT 1}}

# Запрещаем отправку тем, кто "достал" и приравнивается к спамеру.
# Выборка делается из БД MySQL.
#deny hosts = +spamers
#     message = "Host rejected by spamers list on rbl.ispalternativa.net.ua!"

# Разрешаем отправку авторизованным пользователям
accept authenticated = *

# Запрещаем тех, кто не обменивается приветственными сообщениями (HELO/EHLO)
deny message       = "HELO/EHLO required by SMTP RFC"
condition     = ${if eq{$sender_helo_name}{}{yes}{no}}

# Запрещаем тех, кто в HELO "отдаеат" только цифры
#deny condition     = ${if match{$sender_helo_name}{\N^\d+$\N}{yes}{no}}
#     hosts         = !127.0.0.1:!localhost:*
#     message       = "There can not be only numbers in HELO!"

# Запрещаем тех, кто не пишет отправителя.
deny condition     = ${if eq{$sender_address}{}{yes}{no}}
hosts         = +relay_from_hosts
message       = "Your message have not return address"

# Запрещаем тех, кто подставляет свой IP в HELO.
deny message   = "The use of IP is forbidden in HELO!"
hosts     = *:!+relay_from_hosts
condition = ${if eq{$sender_helo_name}\
{$sender_host_address}{true}{false}}

# Запрещаем использовать наш IP в HELO.
deny condition = ${if eq{$sender_helo_name}\
  {$interface_address}{yes}{no}}
hosts     = !127.0.0.1 : !localhost : *
message   = "The use of my IP is forbidden!"

# Запрещаем прием почты с динамических хостов.
deny message   = "Dynamic hosts is forbidden!"
condition = ${if match{$sender_host_name}\
          {dsl|dial|pool|peer|dhcp|cable} {yes}{no}}

# Запрещаем прием почты с хостов, которые находятся в блэк-листах.
deny    message       = rejected because $sender_host_address \
      is in a black list at $dnslist_domain\n$dnslist_text
hosts  = !+relay_from_hosts
         !authenticated = *
log_message   = found in $dnslist_domain
dnslists  = bl.spamcop.net : \
            cbl.abuseat.org : \
            dnsbl.njabl.org : \
            sbl-xbl.spamhaus.org : \
            pbl.spamhaus.org

# Удерживание соединения. Метод борьбы со спамом.
# Метод не допускается на высокозагруженых серверах,
# поскольку в результате ему приходится удерживать
# много открытых соединений.
#warn
# ставим дефолтовую задержку в 25 секунд
#       set acl_m0 = 25s
#warn
# ставим задержку в 0 секунд для своих сетей
#       hosts = +relay_from_hosts
#       set acl_m0 = 0s
#warn
# ставим задержку в 0 секунд для авторизованых пользователей
#       authenticated = *
#       set acl_m0 = 0s
#warn
# пишем в логи задержку (если в этом есть необходимость)
#       logwrite = Delay $acl_m0 for $sender_host_name \
#       [$sender_host_address] with HELO=$sender_helo_name. Mail \
#       from $sender_address to $local_part@$domain.
#       delay = $acl_m0

# Проверка существования отправителя.
drop   message     = Rejected - Sender Verify Failed
log_message = Rejected - Sender Verify Failed
hosts       = *
!verify     = sender/no_details/callout=2m,defer_ok
!condition  =  ${if eq{$sender_verify_failure}{}}

# Проверка получателя в локальных доменах.
accept domains    = +local_domains
endpass
message    = $acl_verify_message
verify     = recipient

# Проверяем получателя в релейных доменах.
accept domains  = +relay_to_domains
endpass
message  = "Unrouteable address!"
verify   = recipient/callout=30s,defer_ok,use_postmaster

# Разрешаем почту от хостов в релейных доменах.
accept  hosts         = +relay_from_hosts
accept  authenticated = *
deny    message       = relay not permitted

accept

acl_check_mime:
# Запрещаем вложения определенных типов
deny message = Blacklisted file extension detected ($mime_filename)
condition = ${if match \
            {${lc:$mime_filename}} \
            {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.vbs|\.cpl)$\N}{1}{0}}
accept

# ACL проверки "тела" письма.
acl_check_data:

# Проверка антивирусом.
deny     message  = This message contains a virus ($malware_name).
#         demime   = *
hosts = *
malware  = */defer_ok

#Сохраняем тему письма в переменную
warn
set acl_m2 = $rheader_subject
accept

Код: Выделить всё

cat sa-exim.conf
# Options for spamassassin running in exim's local_scan (SA Exim)
# By Marc MERLIN <marc_soft@merlins.org> - Initial version: April 2002
# Sander Smeenk <ssmeenk@freshdot.net> - Improvements: March 2004
#
# Sample file version 1.16 for SA-Exim 4.1 - 2005/01/10
#
# The parse routine is minimalistic. It expects "option: value" (exactly
# one space after the colon, and none before). You should put long lines
# on one line. The parser isn't capable of parsing multiline values.
#
# SA threshold values are parsed as floats and other numerical options
# are ints. String options have to be set. To unset them, comment out the
# variable, don't set it to nothing.
#

# Enable basic verbose output by default. Watch your logs!
SAEximDebug: 1


# Default path is /usr/local/bin/spamc, but you can change it here
SAspamcpath: /usr/local/bin/spamc

# Which characters are retained from a Message-Id header (for safety, we
# remove characters that might cause problems with shell parsing)
# Change the default at your own risk (you also have to change this in
# the SA greylisting patch if you use that)
#SAsafemesgidchars: !#%( )*+,-.0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{|}~

# If SAspamcSockPath is set spamc uses socket to connect to spamd,
# use --socketpath pathname as argument to spamd (new in SA 2.60).
# Leave it unset if you want spamc to connect(AF_INET) to spamd at
# 127.0.0.1 (this is the default shown in the options below), but if
# you set it, it will override the two TCP connect options below
#SAspamcSockPath: /var/run/spamd.sock

# SAspamcHost / SAspamcPort: TCP socket where your spamd is listening
# Shown below are the defaults:
SAspamcHost: 127.0.0.1
SAspamcPort: 783


# Exim configuration string to run before running SA against the message
# This decides whether SA gets run against the message or not.  This
# default will not reject messages if the message had SA headers but
# they weren't added by us.
SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}}
# Remove or comment out the following line to enable sa-exim
#SAEximRunCond: 0
#SAEximRunCond: 1


# If and only if SAEximRunCond was true, and we did run SA, this
# expression decides whether we actually consider acting upon SAdevnull,
# SApermreject, and SAtempreject if you have them set.
#
# Use this to tag messages that you shouldn't reject (messages sent to
# abuse or postmaster for instance).
#
# X-SA-Do-Not-Rej should be set as a warn header if mail is sent to
# postmaster and abuse (in the RCPT ACL), this way you're not bouncing
# spam abuse reports sent to you. This is a RFC guideline.
SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}}


# How much of the body we feed to spamassassin (in bytes)
# Default is 250KB
SAmaxbody: 256000

SATruncBodyCond: 0

SARewriteBody: 0

# Prepend saved messages with an fake From-header to make the file look like a
# valid mbox file
SAPrependArchiveWithFrom: 1

# If you are archiving messages that are rejected, how much do you want
# to archive? Default is 20MB.
SAmaxarchivebody: 20971520

# On errors, if you are saving messages, you probably want the entire message
# Default size saved (if you are saving errors) is 1GB
SAerrmaxarchivebody: 1073741824

# You can have SA-Exim add a X-SA-Exim-Rcpt-To header, which will list all
# the receipients for the Email, unless the list gets bigger than
# SAmaxrcptlistlength bytes.
# The default value of 0 disables the header for privacy reasons (the header
# exposes Bcced receipients)
# Any value bigger than 8000 will be ignored because there is a limit on the
# size of headers that you can have and exim's string_sprintf
# Note that if you are planning to use greylisting, you should set this
# value to 8000 since SA's greylisting code needs the recipients.
SAmaxrcptlistlength: 0

# Add X-SA-Exim-Rcpt-To and X-SA-Exim-Mail-From headers before SA scans
# the message.
# If this option is enabled, SARewiteBody is true, and safe_mode is
# enabled in SA, you end up with the X-SA-Exim-Rcpt-To/X-SA-Exim-Mail-From in
# the attatched message as well without the ability to remove them later in an
# exim transport (think privacy).
# In real life this is usually not a problem because the message is spam anyway,
# and if you turn this off, you lose the option to use those headers to score
# the message with SA.
SAaddSAEheaderBeforeSA: 1

# How many seconds you want to allow spamc to run. Exim 4.04 and better will
# kill us after a default of 5 minutes. This however is not great, because the
# mail gets temporarily rejected
# You should set this and have SA Exim handle the timeout itself and accept the
# message if spamc takes too long (instead of timing out)
# A value of 0 means no timeout, and we run until exim stops us.
# I know of at least one mail server (nanog's merit.edu) that will not
# wait a full 5mn (which causes tempreject and resends), so the default is 4mn
#SAtimeout: 240

# Do you want to save mails that were accepted because spamc timed out?
# Specify a directory to enable the feature.
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAtimeoutsave: /var/spool/exim/SAtimeoutsave

# You can optionally save or not save messages that matched the above rule
SAtimeoutSavCond: 1


# You should really create this directory for local_scan to save messages that
# created an error. If you don't want this, comment out this variable
# Make sure all these directories are owned by the exim user
# SA-Exim will try to  create the directory if it has  the permissions to do
# so, check your maillog for failures  (or create the directory yourself and
# make it writeable by exim)
SAerrorsave: /var/spool/exim/SAerrorsave

# You can optionally save or not save messages that matched the above rule
# You should not put double quotes around the expression
SAerrorSavCond: 1

# If you set to 1, SA will temporarily reject messages that generated an error
# while they were processed (they'll still be saved if SAerrorsave is set).
# Otherwise (0 = false), the messages are just accepted, which seems like a
# more sensible default
SAtemprejectonerror: 0


###############################################################################
# NOTE: Spamd needs to tell sa-exim that the message SA-Exim gave spamd
# is spam before sa-exim will consider the SA tresholds.
# In other words, you cannot reject mails on SA scores if you set that
# threshold to a lower threshold than SA's required_hits value.
# The one exception to this rule is SAtempreject (in order to let you
# temporarily reject mail when you are doing greylisting, see
# README.greylisting in the documentation for details)
###############################################################################

# SA score when you start stalling the sender by sending many continuation
# lines for up to SAteergrubetime
# This is now a string (without quotes) that gets evaluated at runtime by exim
# but you can still assign a simple float value to it
# Note that this is an obvious abuse of SMTP, but eh, they started it :-)
# Of course, this means that each incoming spam with the right score threshold
# will keep an exim process busy on your machine. Make sure you can afford it.
# Default value is 2^20, which should disable the behavior

# Please, don't teergrube people who relay for you or your own MXes :-)
# This option is left behind for backward compatibility, but you can now
# get the same result by putting a condition string in SAteergrube
# The trick is to list your score if the condition succeeds, and a really
# high score otherwise.
#SAteergrube: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{127.0.0.2}} } {25}{1048576}}

# SAteergrubecond is deprecated (replaced by SAteergrube)
# You used to be say whether you would apply the teergrubing score with this
# condition, but now that scores are conditions, it is obsolete
#SAteergrubecond: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{127.0.0.2}} } {1}{0}}

# How long do you want to stall the sender (in seconds)
# If you set the value too high, you might get too many exim processes running
# and run out of process slots
# Remember, don't come crying if playing with this "feature" causes your mail
# server to catch fire :-)
SAteergrubetime: 900

# You can optionally save or not save messages that matched the above rule
SAteergrubeSavCond: 1

# Do you want to save mails that you stalled for later analysis?
# Specify a directory to enable the feature.
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAteergrubesave: /var/spool/exim/SAteergrube

# When you stall the sender, you will probably get the mail again.
# By default, we'll  only save messages by message ID so  that we don't save
# multiple copies every time the sender tries again.
# Of course, this means someone could fake someone else's message ID to
# overwrite the saved copy of another spam. Such is life :-)
SAteergrubeoverwrite: 1



# If you reach this score, the mail is accepted and tossed (/dev/nulled).
# The default value is 2^20 which should ensure this never happens.
# This is now a string (without quotes) that gets evaluated at runtime by exim
# but you can still assign a simple float value to it
# You should be really sure that the message is spam because the sender will
# get no notification
#SAdevnull: 20.0

# You can optionally save or not save messages that matched the above rule
SAdevnullSavCond: 1

# Do you want to save mails that are tossed?
# Specify a directory to enable the feature.
# This is just in case you do want to keep a copy of the alledge spams somewhere
# Messages are saved by unixdate_Message-Id or just unix date if there is no
# Message-Id.
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAdevnullsave: /var/spool/exim/SAdevnull



# SA score when you start rejecting Emails (this is better than the above as
# it can notify the sender in case you reject non-spam by mistake)
# This is now a string (without quotes) that gets evaluated at runtime by exim
# but you can still assign a simple float value to it
# Default value is 2^20, which should disable the behavior if you comment out
# the line below
#SApermreject: 12.0

# You can optionally save or not save messages that matched the above rule
SApermrejectSavCond: 1

# Do you want to save mails that are rejected?
# Specify a directory to enable the feature.
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SApermrejectsave: /var/spool/exim/SApermreject



# SA score when you start returning a temporary reject.
# There are few reasons to use this, except if you're reading your tempreject
# save folder (see below) and ajusting scores on the fly, or if you are using
# greylisting
# This is now a string (without quotes) that gets evaluated at runtime by exim
# but you can still assign a simple float value to it
# Default value is 2^20, which should disable the behavior
#SAtempreject: 9.0

# You can optionally save or not save messages that matched the above rule
SAtemprejectSavCond: 1

# Do you want to save mails that are temporarily rejected?
# Specify a directory to enable the feature.
# You could use this to analyse what SA is bouncing and adding an allow rule
# to accept the mail next time it is sent back to you
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAtemprejectsave: /var/spool/exim/SAtempreject

# When you send back a temp reject code, you will get the mail again.
# By default, we'll only save messages by message ID so that we don't save
# multiple copies every time the sender tries again.
# Of course, this means someone could fake someone else's message ID to
# overwrite the saved copy of another spam. Such is life :-)
SAtemprejectoverwrite: 1

# See README.greylisting in the documentation for the following options
# This is the string that SpamAssassin adds if the message is whitelisted
# We use this to optionally increase the score needed for a tempreject
# (in order to let a message through when it would otherwise have been
# temprejected)
# Default value is "GREYLIST_ISWHITE" (as used in the patch provided by SA-Exim)
SAgreylistiswhitestr: GREYLIST_ISWHITE

# By how much do we temporarly raise tempreject to allow a mail in when it
# would otherwise have been temp rejected (because SA flagged it was whitelisted
# by the greylisting code provided as a patch to SA in the SA-Exim distro)
# Note that greylisting will not work in until you patch SA with the greylist
# function
# Note that you most likely want
# SAtempreject + SAgreylistraisetempreject <= SApermreject
# Default value is 3.0 but you'd probably to lower the tempreject score and
# increase this one (see README.greylisting)
SAgreylistraisetempreject: 3.0


# Do you want to save mails that are flagged as spam by SA, but not rejected by
# any of the above thresholds?  Specify a directory to enable the feature.
# That's one way to track mails thare are going through even though they were
# flagged by SA (note that you could also save them in exim's system_filter,
# although copies saved here happen before exim makes modification to the
# message like rewriting)
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAspamacceptsave: /var/spool/exim/SAspamaccept

# You can control which messages you want saved if you only want a subset
SAspamacceptSavCond: 0


# Do you want to save mails that are not flagged as spam by SA
# Specify a directory to enable the feature.
# This is only here for completeness, if you want to save all messages not
# flagged as spam by SA (you could also do this in system_filter)
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAnotspamsave: /var/spool/exim/SAnotspam

# You can control which messages you want saved if you only want a subset
SAnotspamSavCond: 0

# All the following strings can take one '%s' which will be replaced by
# spamstatus: "SA score, trigger score"
SAmsgteergrubewait: Wait for more output
SAmsgteergruberej: Please try again later
SAmsgpermrej: Rejected
SAmsgtemprej: Please try again later
# This string is a static string, do not include "%s"
SAmsgerror: Temporary local error while processing message, please contact postmaster.

[Gamerman]

Часть лога при отправке самому себе

Код: Выделить всё

2014-03-19 10:25:25 SMTP connection from [193.19.*.*] (TCP/IP connection count = 1)
2014-03-19 10:25:26 1WQBoU-0006Lj-Q7 SA: Debug: SAEximRunCond expand returned: '1'
2014-03-19 10:25:26 1WQBoU-0006Lj-Q7 SA: Debug: check succeeded, running spamc
2014-03-19 10:25:45 1WQBoU-0006Lj-Q7 SA: Action: scanned but message isn't spam: score=1.1 required=5.0 (scanned in 19/19 secs | Message-Id: 1477163841.20140319102524@gamer.uz.ua). From <mail@*.uz.ua> (host=goodzone.oreh.dp.ua [193.19.*.*]) for mail@*.uz.ua
2014-03-19 10:25:45 1WQBoU-0006Lj-Q7 <= mail@*.uz.ua H=goodzone.oreh.dp.ua ([192.168.1.21]) [193.19.*.*] P=esmtpa A=fixed_cram:mail@*.uz.ua S=1814 id=1477163841.20140319102524@*.uz.ua T="111" from <mail@gamer.uz.ua> for mail@*.uz.ua
2014-03-19 10:25:45 1WQBoU-0006Lj-Q7 original recipients ignored (system filter)
2014-03-19 10:25:45 1WQBoU-0006Lj-Q7 => mail (mail@*.uz.ua) <system-filter> R=virtual_localuser T=local_delivery
2014-03-19 10:25:46 SMTP connection from *.dp.ua ([192.168.1.21]) [193.19.*.*] closed by QUIT
2014-03-19 10:25:47 1WQBoU-0006Lj-Q7 => |/usr/local/etc/exim/2jabber.sh $sender_address $recipients $acl_m2 <system-filter> T=address_pipe
2014-03-19 10:25:47 1WQBoU-0006Lj-Q7 Completed

[xM]

Ну, если вы используете вызов через SA-Exim, то смотрите в районе формулировки правил

SAEximRunCond

[Gamerman]

вроде оно. Спасибо.

[xM]

вроде оно. Спасибо.

Оно то оно, но, в любом случае, SA будет запускаться на каждое письмо без исключения. Срабатывать не на все будет, согласно этому условию. А это некоторые тормоза.
За это я SA-Exim и не использую.

[Gamerman]

Будет, но проверять не будет. Меня больше время отправки беспокоило чем нагрузка на сервер.

[Gamerman]

Столкнулся с такой проблемой:

Код: Выделить всё

# Запрещаем прием почты с динамических хостов.
deny message   = "Dynamic hosts is forbidden!"
condition = ${if match{$sender_host_name}\
          {dsl|dial|pool|peer|dhcp|cable} {yes}{no}}

# Разрешаем отправку авторизованным пользователям
accept authenticated = * # с проверкой антиспамом
#без проверки антиспамом
# warn    message        = X-SA-Do-Not-Run: Yes
#         authenticated  = *

Отправляю через авторизацию, но с динамического хоста. Мне не дает отправить, так как отрабатывает

Код: Выделить всё

deny message   = "Dynamic hosts is forbidden!"
condition = ${if match{$sender_host_name}\
          {dsl|dial|pool|peer|dhcp|cable} {yes}{no}}

Как все таки разрешить авторизованому юзеру с динамического хоста отправить?
Логи:

Код: Выделить всё

2014-03-22 20:48:49 H=ХХ-198-93-178.pool.ukrtel.net (localhost) [178.93.198.ХХ] F=<mail@gamer.***.ua> A=fixed_cram:mail@gamer.***.ua rejected RCPT <r2@***tel.com.ua>: "Dynamic hosts is forbidden!"

[Alex Keda]

элементарно, уотсон!
второй кондишен сюдаже - проверку что неавторизован

[Gamerman]

Логику понял, как реализовать пока еще нет.

[Gamerman]

Код: Выделить всё

# Запрещаем прием почты с динамических хостов.
deny message   = "Dynamic hosts is forbidden!"
!authenticated = *
condition = ${if match{$sender_host_name}\
          {dsl|dial|pool|peer|dhcp|cable} {yes}{no}}

Так заработало