#
greylist_mail:
- # First, accept if it there's absolutely nothing suspicious about it...
- accept condition = ${if eq{$acl_m_greylistreasons}{} {1}}
- # ... or if it was generated locally or by authenticated clients.
+ # Firstly, accept if it was generated locally or by authenticated clients.
accept hosts = :
accept authenticated = *
warn set acl_m_greyexpiry = ${lookup sqlite {GREYDB SELECT expire FROM greylist \
WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
+
+ # If there's absolutely nothing suspicious about the email, accept it. BUT...
+ accept condition = ${if eq {$acl_m_greylistreasons}{} {1}}
+ condition = ${if eq {$acl_m_greyexpiry}{} {1}}
+
+ # ..if this same mail was greylisted before (perhaps because it came from a
+ # host which *was* suspicious), then we still want to mark that original host
+ # as a "known resender". If we don't, then hosts which attempt to deliver from
+ # a dodgy Legacy IP address but then fall back to using IPv6 after greylisting
+ # will *never* see their Legacy IP address added to the 'known resenders' list.
+ accept condition = ${if eq {$acl_m_greylistreasons}{} {1}}
+ acl = write_known_resenders
+
# If the mail isn't already the database -- i.e. if the $acl_m_greyexpiry
# variable we just looked up is empty -- then try to add it now. This is
# where the 5 minute timeout is set ($tod_epoch + 300), should you wish
You should wait another ${eval10:$acl_m_greyexpiry-$tod_epoch} seconds.\n\
Reason(s) for greylisting: \n$acl_m_greylistreasons
+ accept acl = write_known_resenders
+
+write_known_resenders:
# The message was listed but it's been more than five minutes. Accept it now and whitelist
# the _original_ sending host by its { IP, HELO } so that we don't delay its mail again.
warn set acl_m_orighost = ${lookup sqlite {GREYDB SELECT host FROM greylist \
projects / users / dwmw2 / eximconf.git / commitdiff