acl: drop connection from bad hosts

author: pacien 2019-08-21 22:33:44 +0200
committer: pacien 2019-08-21 22:33:44 +0200
commit: a000287fda7809de68a15a497e0eb0cee6707e37 (patch)
tree: b8dd4909afb4ba16d099b2aec10912752f16a35d /conf.d
parent: 97655c8806aa127ddd5fc397a7412adb829f371f (diff)
download: exim-a000287fda7809de68a15a497e0eb0cee6707e37.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/conf.d/020_acl.conf b/conf.d/020_acl.conf
index 19a6918..6bfa6ae 100644
--- a/conf.d/020_acl.conf
+++ b/conf.d/020_acl.conf
@@ -41,7 +41,7 @@ acl_check_rcpt_host_policy:
           control       = dkim_disable_verify
  # Deny messages from hosts known to be bad.
-  deny     dnslists      = sbl-xbl.spamhaus.org : bl.spamcop.net
+  drop     dnslists      = sbl-xbl.spamhaus.org : bl.spamcop.net
           set acl_m_msg = [RBL] $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
  # Accept if the host is an authorized sender according to the SPF policy for the domain (SPF pass).
@@ -53,7 +53,7 @@ acl_check_rcpt_host_policy:
           condition     = ${if eq {$acl_m_spf}{0}{yes}{no}}
  # Deny if the host is explicitely not an authorized sender according to the SPF policy for the domain (SPF fail).
-  deny     condition     = ${if eq {$acl_m_spf}{1}{yes}{no}}
+  drop     condition     = ${if eq {$acl_m_spf}{1}{yes}{no}}
           set acl_m_msg = [SPF] $sender_host_address is not allowed to send mail from \
                           ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
                           Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain \
@@ -61,7 +61,7 @@ acl_check_rcpt_host_policy:
                             {$sender_address}{$sender_helo_name}};ip=$sender_host_address
  # Deny messages from hosts listed as non-MTA in the PBL, for which SPF couldn't determine a policy.
-  deny     dnslists      = pbl.spamhaus.org
+  drop     dnslists      = pbl.spamhaus.org
           set acl_m_msg = [RBL] $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
  accept
author	pacien	2019-08-21 22:33:44 +0200
committer	pacien	2019-08-21 22:33:44 +0200
commit	a000287fda7809de68a15a497e0eb0cee6707e37 (patch)
tree	b8dd4909afb4ba16d099b2aec10912752f16a35d /conf.d
parent	97655c8806aa127ddd5fc397a7412adb829f371f (diff)
download	exim-a000287fda7809de68a15a497e0eb0cee6707e37.tar.gz

diff --git a/conf.d/020_acl.conf b/conf.d/020_acl.conf index 19a6918..6bfa6ae 100644 --- a/conf.d/020_acl.conf +++ b/conf.d/020_acl.conf
@@ -41,7 +41,7 @@ acl_check_rcpt_host_policy:
41	control = dkim_disable_verify	41	control = dkim_disable_verify
42		42
43	# Deny messages from hosts known to be bad.	43	# Deny messages from hosts known to be bad.
44	deny dnslists = sbl-xbl.spamhaus.org : bl.spamcop.net	44	drop dnslists = sbl-xbl.spamhaus.org : bl.spamcop.net
45	set acl_m_msg = [RBL] $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text	45	set acl_m_msg = [RBL] $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
46		46
47	# Accept if the host is an authorized sender according to the SPF policy for the domain (SPF pass).	47	# Accept if the host is an authorized sender according to the SPF policy for the domain (SPF pass).
@@ -53,7 +53,7 @@ acl_check_rcpt_host_policy:
53	condition = ${if eq {$acl_m_spf}{0}{yes}{no}}	53	condition = ${if eq {$acl_m_spf}{0}{yes}{no}}
54		54
55	# Deny if the host is explicitely not an authorized sender according to the SPF policy for the domain (SPF fail).	55	# Deny if the host is explicitely not an authorized sender according to the SPF policy for the domain (SPF fail).
56	deny condition = ${if eq {$acl_m_spf}{1}{yes}{no}}	56	drop condition = ${if eq {$acl_m_spf}{1}{yes}{no}}
57	set acl_m_msg = [SPF] $sender_host_address is not allowed to send mail from \	57	set acl_m_msg = [SPF] $sender_host_address is not allowed to send mail from \
58	${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \	58	${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
59	Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain \	59	Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain \
@@ -61,7 +61,7 @@ acl_check_rcpt_host_policy:
61	{$sender_address}{$sender_helo_name}};ip=$sender_host_address	61	{$sender_address}{$sender_helo_name}};ip=$sender_host_address
62		62
63	# Deny messages from hosts listed as non-MTA in the PBL, for which SPF couldn't determine a policy.	63	# Deny messages from hosts listed as non-MTA in the PBL, for which SPF couldn't determine a policy.
64	deny dnslists = pbl.spamhaus.org	64	drop dnslists = pbl.spamhaus.org
65	set acl_m_msg = [RBL] $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text	65	set acl_m_msg = [RBL] $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
66		66
67	accept	67	accept