diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-12-10 10:47:05 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-12-10 15:53:02 +0000 |
| commit | 4243a209fd9499f30bebd58ceaa2d0d9845407ae (patch) | |
| tree | b41720cfb1bb6ed0089d6096835587df8d0f5bdd /test/confs | |
| parent | f31b1cd64dfcc7e6a8860ee418543949effd517e (diff) | |
Move connect ACL before TLS-on-connect
Diffstat (limited to 'test/confs')
| -rw-r--r-- | test/confs/5711 | 17 | ||||
| -rw-r--r-- | test/confs/5721 | 17 |
2 files changed, 30 insertions, 4 deletions
diff --git a/test/confs/5711 b/test/confs/5711 index d66935645..57a9fef08 100644 --- a/test/confs/5711 +++ b/test/confs/5711 @@ -6,7 +6,7 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- -acl_smtp_connect = accept logwrite = ACL conn +acl_smtp_connect = check_conn acl_smtp_quit = accept logwrite = ACL quit acl_smtp_notquit = accept logwrite = ACL notquit @@ -16,13 +16,26 @@ tls_certificate = DIR/aux-fixed/cert1 host_reject_connection = ${acl {hrc}} event_action = ${acl {tls_fail}} +log_selector = +pid + # ------ ACL ------ begin acl hrc: - accept logwrite = eval host_reject_connection + warn logwrite = eval host_reject_connection + accept condition = ${if eq {$received_port}{PORT_D}} # no mesage= hence host_reject_connection should be empty + deny condition = ${if eq {$received_port}{PORT_D2}} + message = * + # PORT_D2 gets a host_reject_connection + +check_conn: + warn logwrite = ACL conn + deny condition = ${if eq {$received_port}{PORT_D3}} + log_message = we dislike you + # PORT_D3 gets a conn ACL fail + accept tls_fail: warn logwrite = EV $event_name diff --git a/test/confs/5721 b/test/confs/5721 index d156b1bf5..84c7785d9 100644 --- a/test/confs/5721 +++ b/test/confs/5721 @@ -6,7 +6,7 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- -acl_smtp_connect = accept logwrite = ACL conn +acl_smtp_connect = check_conn acl_smtp_quit = accept logwrite = ACL quit acl_smtp_notquit = accept logwrite = ACL notquit @@ -16,13 +16,26 @@ tls_certificate = DIR/aux-fixed/cert1 host_reject_connection = ${acl {hrc}} event_action = ${acl {tls_fail}} +log_selector = +pid + # ------ ACL ------ begin acl hrc: - accept logwrite = eval host_reject_connection + warn logwrite = eval host_reject_connection + accept condition = ${if eq {$received_port}{PORT_D}} # no mesage= hence host_reject_connection should be empty + deny condition = ${if eq {$received_port}{PORT_D2}} + message = * + # PORT_D2 gets a host_reject_connection + +check_conn: + warn logwrite = ACL conn + deny condition = ${if eq {$received_port}{PORT_D3}} + log_message = we dislike you + # PORT_D3 gets a conn ACL fail + accept tls_fail: warn logwrite = EV $event_name |