########################## # As usual, accept local and authenticated mail, no questions. accept hosts = +relay_hosts add_header = PrimaryMX: Accepted email from trusted host. Hint: This skips spam scanning so make sure other host is not vulnerable accept authenticated = * warn set acl_m_spam_user = nobody set acl_m_spam_domain = ########################## # check for esf skip lists accept senders = +esf_skip_senders set acl_m_esf_skip = 1 logwrite = $sender_address skipped via esf_skip_senders accept hosts = +esf_skip_hosts set acl_m_esf_skip = 1 logwrite = $sender_address skipped via esf_skip_hosts accept hosts = +esf_skip_ips set acl_m_esf_skip = 1 logwrite = $sender_host_address whitelisted in esf_skip_ips ########################## # Check SPF record - deny, decrement spam score, or add to score # SPF tells us if server is a sending mailserver for that domain. warn set acl_m_slow1 = 0 drop condition = ${if !eq{EASY_SPF_SOFT_FAIL}{0}} spf = fail message = SPF: $sender_host_address is not allowed to send mail from $sender_address_domain: $spf_smtp_comment warn condition = ${if !eq{EASY_SPF_PASS}{0}} spf = pass set acl_m_slow1 = 1 set acl_m_easy69 = ${eval:$acl_m_easy69+EASY_SPF_PASS} add_header = SPFCheck: Server passes SPF test, EASY_SPF_PASS Spam score warn condition = ${if !eq{EASY_SPF_SOFT_FAIL}{0}} spf = softfail set acl_m_easy69 = ${eval:$acl_m_easy69+EASY_SPF_SOFT_FAIL} add_header = SPFCheck: Soft Fail, EASY_SPF_SOFT_FAIL Spam score warn set acl_m_slow2 = ${if or {{eq {$acl_m_slow0}{1}} \ {eq {$acl_m_slow1}{1}}}{1}{0}} ########################## # No reverse DNS - add some spam score warn condition = ${if !eq{EASY_NO_REVERSE_IP}{0}} condition = ${lookup dnsdb{ptr=$sender_host_address}{false}{true}} set acl_m_easy69 = ${eval:$acl_m_easy69+EASY_NO_REVERSE_IP} set acl_m_no_reverse_dns = 1 add_header = ReverseDNS: No reverse DNS for mailserver at $sender_host_address, +EASY_NO_REVERSE_IP Spam score logwrite = ReverseDNS: No reverse DNS for mailserver at $sender_host_address, +EASY_NO_REVERSE_IP Spam score warn condition = ${if !eq{EASY_FORWARD_CONFIRMED_RDNS}{0}} condition = ${if !def:acl_m_no_reverse_dns} verify = reverse_host_lookup set acl_m_easy69 = ${eval:$acl_m_easy69+EASY_FORWARD_CONFIRMED_RDNS} add_header = Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on $sender_host_address, EASY_FORWARD_CONFIRMED_RDNS Spam score ########################## # If sender IP is not that of one of sender's domain's mailservers, # delay a bit. # Throws off lots of mass mailers. # We do this again later also. accept condition = 1 delay = ${if eq {$acl_m_slow2}{1}{0s}{2s}}