diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2021-08-01 18:15:39 +0100 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2021-08-01 18:15:39 +0100 |
commit | 2357aa78ccd7182cad14307eb89cb1065f078356 (patch) | |
tree | 480b8913a6d153400e8f85b418263f18b25e6f86 /doc/doc-docbook | |
parent | 38089ca5c8f4c06092324099fc38494f8491b53c (diff) |
ACL: "seen" condition
Diffstat (limited to 'doc/doc-docbook')
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index cea21a18f..397096dff 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -32315,6 +32315,14 @@ content-scanning extension, and is available only in the DATA, MIME, and non-SMTP ACLs. It causes the incoming message to be scanned for a match with any of the regular expressions. For details, see chapter &<<CHAPexiscan>>&. +.new +.vitem &*seen&~=&~*&<&'parameters'&> +.cindex "&%sseen%& ACL condition" +This condition can be used to test if a situation has been previously met, +for example for greylisting. +Details are given in section &<<SECTseen>>&. +.wen + .vitem &*sender_domains&~=&~*&<&'domain&~list'&> .cindex "&%sender_domains%& ACL condition" .cindex "sender" "ACL checking" @@ -33039,6 +33047,59 @@ address you should specify alternate list separators for both the outer dnslists = <; dnsbl.example.com/<|$acl_m_addrslist .endd + +.new +.section "Previously seen user and hosts" "SECTseen" +.cindex "&%sseen%& ACL condition" +.cindex greylisting +The &%seen%& ACL condition can be used to test whether a +situation has been previously met. +It uses a hints database to record a timestamp against a key. +host. The syntax of the condition is: +.display +&`seen =`& <&'time interval'&> &`/`& <&'options'&> +.endd + +For example, +.code +defer seen = -5m / key=${sender_host_address}_$local_part@$domain +.endd +in a RCPT ACL will implement simple greylisting. + +The parameters for the condition +are an interval followed, slash-separated, by a list of options. +The interval is taken as an offset before the current time, +and used for the test. +If the interval is preceded by a minus sign then the condition returns +whether a record is found which is before the test time. +Otherwise, the condition returns whether one is found which is since the +test time. + +Options are read in order with later ones overriding earlier ones. + +The default key is &$sender_host_address$&. +An explicit key can be set using a &%key=value%& option. + +If a &%readonly%& option is given then +no record create or update is done. +If a &%write%& option is given then +a record create or update is always done. +An update is done if the test is for &"since"&. + +Creates and updates are marked with the current time. + +Finally, a &"before"& test which succeeds, and for which the record +is old enough, will be refreshed with a timstamp of the test time. +This can prevent tidying of the database from removing the entry. +The interval for this is, by default, 10 days. +An explicit interval can be set using a +&%refresh=value%& option. + +Note that &"seen"& should be added to the list of hints databases +for maintenance if this ACL condition is used. +.wen + + .section "Rate limiting incoming messages" "SECTratelimiting" .cindex "rate limiting" "client sending" .cindex "limiting client sending rates" |