API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 17th, 2025
86
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.53 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. #✅ Valid Actions for Postfix Policy Services
  4. #
  5. #Here are the accepted action= values (as per Postfix documentation):
  6. #action= Value Description
  7. #DUNNO Neutral — continue to next rule
  8. #OK Permit the request (equivalent to permit)
  9. #REJECT Reject the request
  10. #DISCARD Accept but silently discard the message
  11. #DEFER Temporary failure (always)
  12. #DEFER_IF_PERMIT Defer only if later rules would allow
  13. #DEFER_IF_REJECT Defer only if later rules would reject
  14. #HOLD Put message in mail queue and await manual release
  15. #REDIRECT [email protected] Redirect message to another address
  16.  
  17.  
  18.  
  19.  
  20.  
  21.  
  22.  
  23. DNSWL_ZONES=(
  24. "list.dnswl.org"
  25. "rep.mailspike.net"
  26. "dnswl.spfbl.net"
  27. "wl.rbl.debacom.pl"
  28. "white.dnsbl.brukalai.lt"
  29. "0badxxxxxxx7e.white.mail.abusix.zone"
  30. )
  31.  
  32. SYSLOG_TAG="postfix-dnswl"
  33.  
  34. # Function to reverse the IP
  35. reverse_ip() {
  36. echo "$1" | awk -F. '{print $4"."$3"."$2"."$1}'
  37. }
  38.  
  39. # Function to check DNSWL
  40. check_dnswl() {
  41. local ip="$1"
  42. local zone="$2"
  43. local reversed_ip
  44. local fqdn
  45. local result
  46.  
  47. reversed_ip=$(reverse_ip "$ip")
  48. fqdn="${reversed_ip}.${zone}"
  49.  
  50. result=$(dig +short "$fqdn" A)
  51.  
  52. if [[ -n "$result" ]]; then
  53. # logger -t "$SYSLOG_TAG" "Match: $ip in $zone: returned $result, for recipient $recipient, replace with 127.0.0.2"
  54. logger -t "$SYSLOG_TAG" "Match: $ip in $zone: returned $result, $sender > $recipient"
  55. # echo "action=PERMIT"
  56. echo -e "action=OK\n\n"
  57. # echo ""
  58. return 0
  59. fi
  60.  
  61. return 1
  62. }
  63.  
  64. # Read client IP from stdin (Postfix policy protocol)
  65. client_ip=""
  66. sender=""
  67. recipient=""
  68.  
  69. while read -r line; do
  70. [[ "$line" == "" ]] && break
  71. if [[ "$line" =~ ^client_address= ]]; then
  72. client_ip="${line#client_address=}"
  73. elif [[ "$line" =~ ^recipient= ]]; then
  74. recipient="${line#recipient=}"
  75. elif [[ "$line" =~ ^sender= ]]; then
  76. sender="${line#sender=}"
  77. fi
  78.  
  79.  
  80. # if [[ "$line" =~ ^client_address= ]]; then
  81. # client_ip="${line#client_address=}"
  82. ## recipient="${line#recipient=}"
  83. # fi
  84. done
  85.  
  86. # If no client IP, fallback
  87. if [[ -z "$client_ip" ]]; then
  88. echo -e "action=DUNNO\n\n"
  89. # echo "action=DUNNO"
  90. # echo ""
  91. # Postfix expects two newlines at the end — the last one terminates the response.
  92. exit 0
  93. fi
  94.  
  95. #logger -t "$SYSLOG_TAG" "Checking client $client_ip against DNSWLs..."
  96.  
  97. # Check all DNSWL zones
  98. for zone in "${DNSWL_ZONES[@]}"; do
  99. if check_dnswl "$client_ip" "$zone"; then
  100. exit 0
  101. fi
  102. done
  103.  
  104. logger -t "$SYSLOG_TAG" "No DNSWL match in any of the queried lists for $client_ip — not whitelisted $line"
  105. echo -e "action=DUNNO\n\n"
  106. #echo -e "action=OK\n"
  107. #echo ""
  108.  
  109.  
  110. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!