# $Id$

# ACL for greylisting, called for suspicious mails only -- don't use it
# for _all_ incoming mail because that will cause unnecessary delays.
#
# When a suspicious mail is seen, we temporarily reject it and wait to see
# if the sender tries again. Most spam robots won't bother. Real mail hosts
# _will_ retry, and we'll accept it the second time. For hosts which are
# observed to retry, we don't bother greylisting again in the future --
# it's obviously pointless.
#
# To remember mail we've rejected, we create an 'identity' from its sender
# and recipient addresses and its Message-ID: header. We don't include the
# sending IP address in the identity, because sometimes the second and 
# subsequent attempts may come from a different IP address to the original.
#
# We do record the original IP address though, because if the message _is_
# retried from another IP address, we want to whitelist the original IP
# address too as a 'known resender'.

greylist_mail:
  # First off, there's _absolutely_ no point in greylisting mail from
  # hosts which are known to resend their mail. Just accept it.
  accept hosts = lsearch;CONFDIR/conf/greylist-known-resenders

  # Generate the mail identity and attempt to look it up in the greylist
  # database.
  warn set acl_m1 = ${hash{20}{62}{$sender_address$recipients$h_message-id:}}
       set acl_m2 = ${lookup {$acl_m1} lsearch{CONFDIR/conf/greylist-db}}

  # If the mail isn't already the database, defer it with an appropriate 
  # message, and add it.
  defer condition = ${if eq {$acl_m2}{} {1}}
	log_message = Greylisted $acl_m1 ($sender_address$recipients$h_message-id:): (${run {/bin/sh -c "echo $acl_m1:$tod_epoch:$sender_host_address >> CONFDIR/conf/greylist-db"}{success}{failure}}
        message = Your mail was considered suspicious and has been greylisted for 5 minutes,\n\
		  after which time it should be accepted. We apologise for the inconvenience.\n\
		  Your mail system should keep the mail on its queue and retry. When that\n\
		  happens, it'll be added to a list of systems which are known to do that,\n\
		  and mail from it should not be greylisted any more. In the event of\n\
		  problems, please contact postmaster@infradead.org.

  # If the message was already listed but its time hasn't yet expired, keep rejecting it
  defer condition = ${if > {${sg {$acl_m2}{^([0-9]*).*}{\$1}}}{${eval:$tod_epoch-300}}}
	message = Your mail was previously greylisted and the time has not yet expired.\n\
		  You should wait another ${eval:${sg {$acl_m2}{^([0-9]*).*}{\$1}}+300-$tod_epoch} seconds.

  # The message was listed but it's been more than five minutes. Accept it now and whitelist
  # the sending host.
  accept condition = ${run {/bin/sh -c "echo $acl_m2 | cut -f2- -d: >> CONFDIR/conf/greylist-known-resenders"}{1}{1}}