Custom Exim ACL: The Ultimate Comprehensive Guide for Mastering Print

🎉 Welcome to the most detailed and visually rich guide on Custom Exim Access Control Lists (ACLs)! This guide will take you through every aspect of Exim ACLs, from the basics to advanced customizations, with step-by-step tutorials, best practices, and troubleshooting tips. 🛠️✨

📖 Table of Contents

🔍 1. Introduction to Exim and ACLs

• 📜 What is Exim? (Overview)
• 🔐 What Are Access Control Lists (ACLs)?
• 🎯 Why Customize ACLs?
• 📊 Key Benefits of Using Custom Exim ACLs

🛠️ 2. Understanding Exim Configuration Basics

• 🗂️ Exim Configuration Files Structure
• ⚙️ The Role of ACLs in Exim Workflow
• 📌 Common ACL Directives in Exim
• 🔄 Order of Processing in ACLs

🎨 3. Setting Up a Custom Exim ACL Environment

• 🖥️ Prerequisites and Tools You Need
• 💾 Backing Up Exim Configuration
• 🔎 Locating Default ACL Sections
• 🚦 Enabling Debugging for ACL Testing

📋 4. Key Components of Exim ACL

• 🛑 ACL States: accept, deny, defer
• 🧩 Variables and Conditions
• 🔄 Regular Expressions in ACLs
• 📡 Integrating DNS and IP Lookup
• 🔍 Examples of ACLs in Action (Basic Snippets)

📝 5. Writing Custom ACL Rules

• 🏗️ Step-by-Step Guide to Writing Your First Custom ACL
• 📧 Validating Sender Addresses
• 📛 Blocking Suspicious Domains
• 🌐 Restricting IP Address Ranges
• 🚫 Anti-Spam Rules: Blacklists and Whitelists
• 🔍 Content Scanning and Attachment Filters

🧑‍💻 6. Advanced Exim ACL Customizations

• 🕵️ Real-Time Blackhole List (RBL) Integration
• 📬 Greylisting for Spam Reduction
• 🛡️ Implementing SPF, DKIM, and DMARC Validation
• ⚠️ Rate-Limiting Connections
• 🔒 Custom Authentication Rules

📚 7. Exim ACL Examples and Use Cases

• ✅ Whitelisting Trusted Senders
• ❌ Blocking Specific Countries Using GeoIP
• 🔐 Enforcing Two-Factor Email Authentication
• 🚧 Handling Large Email Attachments Securely
• 📦 Filtering Malicious Scripts in Email Content

🖼️ 8. Best Practices for Custom Exim ACL

• 🏅 Optimizing ACL Performance
• 🧹 Keeping Configuration Clean and Organized
• 🛠️ Testing ACLs Without Downtime
• 🗂️ Documenting Custom Rules for Future Use
• 🔄 Updating ACLs to Match Evolving Threats

🔍 9. Debugging and Troubleshooting

• 🛠️ Tools for Debugging Exim ACLs
• 🧪 How to Test ACLs in Isolation
• 🚫 Resolving Common ACL Errors
• 🔍 Analyzing Logs for ACL Issues
• 💡 Tips for Faster Troubleshooting

🚀 10. Deploying and Managing Custom ACLs

• 🖇️ Merging ACLs into Live Configuration
• 🚧 Rolling Back Changes Safely
• 🔄 Automating ACL Updates
• 🧑‍🤝‍🧑 Collaboration and Version Control

📦 11. Integrating Custom ACLs with Other Systems

• 🛡️ Integrating with Firewalls and WAFs
• 📂 Working with Mail Filters
• 🔌 Using Exim Hooks for Extended Functionality
• 🖧 Combining ACLs with Third-Party Email Security Tools

🏆 12. Mastering Security with Custom ACLs

• 🔒 Protecting Against Spoofing
• 🔐 Securing Internal Email Traffic
• 🚦 Throttling Suspicious Connections
• 🛡️ Guarding Against Zero-Day Exploits

🧾 13. Monitoring and Analytics

• 📊 Real-Time ACL Metrics
• 🛠️ Tools for Monitoring Exim Performance
• 📈 Generating ACL Activity Reports
• 🔔 Setting Alerts for Suspicious Activity

🔮 14. Future-Proofing Your Exim ACL Setup

• 🌐 Adapting to Evolving Threat Landscapes
• 🚀 Leveraging AI and ML for Dynamic ACL Updates
• 💡 Innovations in Email Security to Watch

📖 15. Appendix

• 📜 Glossary of Key Terms
• 🗂️ Reference Links and Official Documentation
• 🧑‍🤝‍🧑 Community Resources and Forums
• ✍️ Sample ACL Configurations (Copy-Paste Ready)

🔍 1. Introduction to Exim and ACLs

📜 What is Exim? (Overview)

Exim is a powerful and flexible mail transfer agent (MTA) widely used on Unix-like operating systems. It handles email routing, delivery, and acceptance based on customizable rules. Developed as a replacement for Sendmail, Exim is known for its configurability, enabling administrators to implement robust email systems tailored to specific needs.

🔐 What Are Access Control Lists (ACLs)?

Access Control Lists (ACLs) in Exim are sets of rules used to determine how email messages are processed at various stages of their lifecycle. ACLs enable administrators to define conditions for accepting, rejecting, or deferring emails based on specific criteria such as sender IP, recipient address, or email content.

🎯 Why Customize ACLs?

Customizing ACLs allows you to:

• Implement advanced spam and virus filtering.

• Enforce strict authentication mechanisms.

• Restrict access based on geographical or IP-specific rules.

• Enhance email security and compliance with organizational policies.

📊 Key Benefits of Using Custom Exim ACLs

1. Improved Security: Protect against spoofing, phishing, and other email-based threats.

2. Efficient Spam Management: Filter unsolicited emails with fine-grained rules.

3. Customization: Tailor email handling processes to match unique business requirements.

4. Scalability: Adjust rules dynamically to handle varying email traffic loads.

🛠️ 2. Understanding Exim Configuration Basics

💂️ Exim Configuration Files Structure

The Exim configuration file, typically located at /etc/exim/exim.conf, is divided into key sections:

1. Main Configuration: General settings for the mail server.

2. Access Control Lists (ACLs): Define conditions for message handling.

3. Routers: Determine how messages are routed.

4. Transports: Handle message delivery.

5. Retry Rules: Define how undelivered messages are retried.

6. Logging: Configure logging options for debugging and monitoring.

⚙️ The Role of ACLs in Exim Workflow

ACLs play a crucial role in Exim’s workflow by governing how emails are processed at various stages, including:

1. HELO/EHLO Verification: Validating the client’s identity during the initial connection.

2. Sender and Recipient Validation: Ensuring the sender and recipient addresses are valid.

3. Content Filtering: Scanning messages for spam, viruses, or other prohibited content.

4. Connection Throttling: Limiting email traffic to prevent abuse.

📌 Common ACL Directives in Exim

• accept: Accepts the email and processes it further.

• deny: Rejects the email and provides a reason.

• defer: Delays the email processing, typically due to temporary issues.

• require: Ensures specific conditions are met before processing.

🔄 Order of Processing in ACLs

Exim processes ACLs sequentially, evaluating each condition until a match is found. The order of ACL directives is critical; rules at the top take precedence over those below. Misordering can lead to unintended behavior, so rules should be carefully structured.

🎨 3. Setting Up a Custom Exim ACL Environment

🖥️ Prerequisites and Tools You Need

Before customizing Exim ACLs, ensure the following:

1. Root Access: Administrative privileges to modify Exim configuration.

2. Text Editor: Tools like nano, vim, or vi for editing configuration files.

3. Exim Debugging Tools: Utilities such as exim -bh, exim -bt, and exim -d for testing and debugging.

4. Backup Solution: A reliable method to back up configuration files.

🔐 Backing Up Exim Configuration

Always back up the current Exim configuration before making changes. Run:

cp /etc/exim/exim.conf /etc/exim/exim.conf.bak

This ensures you can revert to a working state if something goes wrong.

🔎 Locating Default ACL Sections

The default ACL sections in exim.conf typically include:

1. acl_smtp_connect: Rules for initial client connection.

2. acl_smtp_helo: Conditions for HELO/EHLO validation.

3. acl_smtp_rcpt: Recipient address checks.

4. acl_smtp_data: Content filtering rules.

Search for these sections in the configuration file using a text editor:

nano /etc/exim/exim.conf

or:

grep 'acl_smtp' /etc/exim/exim.conf

🚦 Enabling Debugging for ACL Testing

Debugging ACLs is essential for validating changes. Use the following commands:

• Test the configuration for syntax errors:

  exim -bV

• Simulate an incoming connection to debug ACL rules:

  exim -bh <client_IP>

• Check how a message is routed:

  exim -bt <email_address>

Enable verbose logging for deeper insights:

log_selector = +all

Add this directive to your configuration to capture detailed logs.

🔍 4. Key Components of Exim ACL

🚫 ACL States: accept, deny, defer

• accept: Permits the email to proceed to the next stage.

• deny: Rejects the email and optionally provides an error message to the sender.

• defer: Temporarily holds the email for re-evaluation, typically used for transient issues like high server load.

🧬 Variables and Conditions

Exim ACLs use variables to define conditions for processing emails. Commonly used variables include:

• ${sender_host_address}: The IP address of the sending host.

• ${sender_address_domain}: The domain of the sender's email address.

• ${recipient}: The intended recipient of the email.

Example Conditions:

• Checking for specific domains:

  condition = ${if eq{$sender_address_domain}{example.com}{yes}{no}}

• Validating IP ranges:

  condition = ${if match_ip{$sender_host_address}{192.168.1.0/24}{yes}{no}}

🔄 Regular Expressions in ACLs

Regular expressions are powerful tools for pattern matching in Exim ACLs. Use them to:

• Match email addresses:

  condition = ${if match{$sender_address}{.*@example\.com}{yes}{no}}

• Filter subject lines (in acl_smtp_data):

  condition = ${if match{$message_subject}{.*urgent.*}{yes}{no}}

📡 Integrating DNS and IP Lookup

Exim supports DNS lookups to validate senders and recipients. Examples include:

• Reverse DNS Lookup:

  condition = ${if def:sender_host_name {yes}{no}}

• Blacklist Check:

  condition = ${if dnslist{dnsbl.sorbs.net}{$sender_host_address}{yes}{no}}

🔍 Examples of ACLs in Action (Basic Snippets)

• Deny Emails from Specific Domains:

  deny    condition = ${if eq{$sender_address_domain}{spamdomain.com}{yes}{no}}
          message = "Emails from this domain are not accepted."

• Accept Emails from Trusted IPs:

  accept  condition = ${if match_ip{$sender_host_address}{192.168.1.10/32}{yes}{no}}

📝 5. Writing Custom ACL Rules

🏠 Step-by-Step Guide to Writing Your First Custom ACL

1. Backup Your Configuration:

   cp /etc/exim/exim.conf /etc/exim/exim.conf.bak

2. Identify the ACL Section: Locate the acl_smtp_rcpt or acl_smtp_data section in exim.conf.

3. Add Custom Rules: Insert your conditions and directives sequentially.

4. Test Configuration: Validate changes with:

   exim -bV

5. Reload Exim: Apply changes by restarting Exim:

   systemctl restart exim

📧 Validating Sender Addresses

• Deny emails from addresses with no valid domains:

  deny    condition = ${if !def:sender_host_name {yes}{no}}
          message = "Sender address does not resolve to a valid domain."

🔞 Blocking Suspicious Domains

• Block emails from known spam domains:

  deny    condition = ${if eq{$sender_address_domain}{spammer.com}{yes}{no}}
          message = "Emails from this domain are blocked."

🌐 Restricting IP Address Ranges

• Deny emails from specific IP ranges:

  deny    condition = ${if match_ip{$sender_host_address}{192.168.0.0/16}{yes}{no}}
          message = "Access from this IP range is not allowed."

🚫 Anti-Spam Rules: Blacklists and Whitelists

• Blacklist Example:

  deny    dnslists = zen.spamhaus.org
          message = "Your IP is listed in the Spamhaus blacklist."

• Whitelist Example:

  accept  condition = ${if match_ip{$sender_host_address}{203.0.113.0/24}{yes}{no}}

🔍 Content Scanning and Attachment Filters

• Block emails containing specific keywords:

  deny    message = "Blocked content detected."
          condition = ${if match{$message_body}{.*malware.*}{yes}{no}}

• Deny emails with executable attachments:

  deny    message = "Executable files are not allowed."
          condition = ${if match{$mime_filename}{\.(exe|bat)$}{yes}{no}}

🧑‍💻 6. Advanced Exim ACL Customizations

🕵️ Real-Time Blackhole List (RBL) Integration

• Block spam emails based on RBL checks:

  deny    dnslists = bl.spamcop.net
          message = "Your IP is listed in the SpamCop blacklist."

📩 Greylisting for Spam Reduction

• Delay suspicious emails to prevent spam:

  defer    message = "Temporary rejection, please retry later."
           condition = ${if !match_ip{$sender_host_address}{203.0.113.0/24}{yes}{no}}

🔒 Implementing SPF, DKIM, and DMARC Validation

• SPF Validation:

  deny    condition = ${if !verify{spf}{yes}{no}}
          message = "SPF validation failed."

• DKIM Validation:

  deny    condition = ${if !verify{dkim}{yes}{no}}
          message = "DKIM validation failed."

• DMARC Validation:

  deny    condition = ${if !dmarc_status{pass}{yes}{no}}
          message = "DMARC validation failed."

⚠️ Rate-Limiting Connections

• Limit connections per IP:

  defer    condition = ${if >{$connection_count}{5}{yes}{no}}
          message = "Too many connections from your IP."

🔐 Custom Authentication Rules

• Enforce authentication for specific senders:

  deny    condition = ${if !authenticated_id{yes}{no}}
          message = "Authentication required for sending emails."

📚 7. Exim ACL Examples and Use Cases

✅ Whitelisting Trusted Senders

Ensure that emails from specific, trusted senders bypass restrictive rules:

deny    condition = ${if eq{$sender_address}{trusted@example.com}{no}{yes}}
          message = "Sender not whitelisted."

❌ Blocking Specific Countries Using GeoIP

Prevent emails originating from certain countries by integrating GeoIP:

deny    condition = ${if match{$sender_host_address}{GEOIP-DB-BLOCK}{yes}{no}}
          message = "Emails from your country are not accepted."

(Note: Replace GEOIP-DB-BLOCK with your GeoIP configuration.)

🔐 Enforcing Two-Factor Email Authentication

Enhance security by requiring an additional authentication factor for specific senders:

deny    condition = ${if !authenticated_id{yes}{no}}
          message = "Two-factor authentication required for this sender."

🚧 Handling Large Email Attachments Securely

Reject overly large attachments to prevent resource abuse:

deny    message = "Attachments larger than 25MB are not allowed."
          condition = ${if >{$message_size}{25M}{yes}{no}}

📦 Filtering Malicious Scripts in Email Content

Detect and block emails with malicious content or scripts:

deny    message = "Suspicious content detected in the email."
          condition = ${if match{$message_body}{.*<script>.*}{yes}{no}}

🖼️ 8. Best Practices for Custom Exim ACL

🏅 Optimizing ACL Performance

• Arrange rules by frequency of use to minimize processing overhead.

• Use condition caching for repetitive evaluations.

🧹 Keeping Configuration Clean and Organized

• Use comments to document each rule’s purpose.

• Group related rules together for better readability.

• Avoid hardcoding; use variables and macros where possible.

🛠️ Testing ACLs Without Downtime

• Use Exim’s built-in test mode:

  exim -bh <client_IP>

• Simulate message delivery paths:

  exim -bt <email_address>

🗂️ Documenting Custom Rules for Future Use

• Maintain a changelog for modifications.

• Create a central repository for custom ACL templates.

🔄 Updating ACLs to Match Evolving Threats

• Regularly review and update blacklists and whitelists.

• Incorporate emerging anti-spam techniques and tools.

🔍 9. Debugging and Troubleshooting

🛠️ Tools for Debugging Exim ACLs

• Use Exim’s verbose logging:

  log_selector = +all

• Check message rejection details:

  exim -Mvh <message_id>

🧪 How to Test ACLs in Isolation

• Simulate ACL processing for specific emails:

  exim -bh <client_IP>

• Use exim -d for detailed debugging output.

🚫 Resolving Common ACL Errors

• Syntax Errors: Check for typos in configuration files with:

  exim -bV

• Misordered Rules: Ensure that deny rules precede accept rules for specific conditions.

🔍 Analyzing Logs for ACL Issues

• Locate logs in /var/log/exim/mainlog or /var/log/exim/rejectlog.

• Search for specific errors or rejections:

  grep "rejected" /var/log/exim/mainlog

💡 Tips for Faster Troubleshooting

• Break complex ACLs into smaller, testable sections.

• Use acl_smtp_rcpt or acl_smtp_data sections for targeted debugging.

• Always back up configuration files before making changes:

  cp /etc/exim/exim.conf /etc/exim/exim.conf.bak

🚀 10. Deploying and Managing Custom ACLs

🖇️ Merging ACLs into Live Configuration

1. Validate Changes: Before applying, test the ACL configuration with:

   exim -bV

2. Apply Incrementally: Merge new rules into exim.conf without disrupting existing functionality.

3. Restart Exim: Reload the configuration using:

   systemctl restart exim

🚧 Rolling Back Changes Safely

• Backup Configuration: Always save a copy before modifications:

  cp /etc/exim/exim.conf /etc/exim/exim.conf.bak

• Use Changelogs: Maintain detailed logs of changes to quickly identify problematic rules.

• Revert Quickly: If an issue arises, revert to the backup file and restart Exim:

  cp /etc/exim/exim.conf.bak /etc/exim/exim.conf
  systemctl restart exim

🔄 Automating ACL Updates

• Use automation tools like Ansible or Puppet to deploy ACL changes across multiple servers.

• Schedule periodic updates to maintain up-to-date spam and threat rules.

🧑‍🤝‍🧑 Collaboration and Version Control

• Git for Configuration: Store ACL rules in a Git repository for version control.

• Collaboration: Use Git branches to test new rules without affecting the main configuration.

• Audit Logs: Track who made changes and why for accountability.

📦 11. Integrating Custom ACLs with Other Systems

🛡️ Integrating with Firewalls and WAFs

• Synchronize Rules: Ensure ACLs align with firewall and WAF settings to prevent bypass.

• Example: Use CSF (ConfigServer Security & Firewall) to block IPs flagged by Exim ACLs:

  csf -d <blocked_ip>

📂 Working with Mail Filters

• Combine ACLs with Exim’s mail filtering capabilities to route or block emails based on content.

• Example:

  if $message_body contains "malicious-content"
  then
      deny message = "Blocked due to prohibited content."
  fi

🔌 Using Exim Hooks for Extended Functionality

• Hooks: Trigger external scripts during ACL processing to extend functionality.

• Example: Call a script for real-time spam analysis:

  deny condition = ${run{/path/to/spam_analysis.sh}{$message_body}{yes}{no}}

🖧 Combining ACLs with Third-Party Email Security Tools

• Integrate tools like SpamAssassin, ClamAV, or Rspamd to enhance ACL filtering.

• Example:

  warn  spam = spamd:true
        add_header = X-Spam-Score: $spam_score

🏆 12. Mastering Security with Custom ACLs

🔒 Protecting Against Spoofing

• Enforce strict SPF, DKIM, and DMARC validation:

  deny condition = ${if !verify{spf}{yes}{no}}
        message = "SPF validation failed."

🔐 Securing Internal Email Traffic

• Restrict unauthorized internal email relaying:

  deny condition = ${if !match_ip{$sender_host_address}{192.168.0.0/16}{yes}{no}}
        message = "Internal relay denied."

🚦 Throttling Suspicious Connections

• Rate-limit incoming connections to prevent abuse:

  defer condition = ${if >{$connection_count}{10}{yes}{no}}
        message = "Too many connections from your IP."

🛡️ Guarding Against Zero-Day Exploits

• Use real-time blocklists and frequent updates to respond quickly to emerging threats:

  deny dnslists = zen.spamhaus.org
        message = "Your IP is listed in a blacklist."

13. Monitoring and Analytics

📊 Real-Time ACL Metrics

• Log Monitoring: Use Exim’s logs in /var/log/exim/mainlog to track real-time ACL processing.

• Connection Metrics: Monitor the number of incoming and outgoing connections to evaluate server load.

• Rejected Messages: Keep an eye on the number of rejected emails to identify potential spam attacks or misconfigurations.

🛠️ Tools for Monitoring Exim Performance

1. Eximstats: Generate statistical reports for ACL activity:

   eximstats /var/log/exim/mainlog > report.txt

2. Monitoring Tools: Integrate tools like Zabbix, Nagios, or Prometheus for detailed Exim performance analytics.

3. Third-Party Analytics: Use tools like MailWatch for real-time mail monitoring and management.

📈 Generating ACL Activity Reports

• Generate daily or weekly reports to analyze ACL efficiency:

  eximstats /var/log/exim/mainlog --output-format=csv > acl_report.csv

• Visualize data with tools like Grafana or Excel for better insights.

🔔 Setting Alerts for Suspicious Activity

• Threshold Alerts: Set thresholds for rejected connections and spam activity using monitoring tools.

• Real-Time Notifications: Configure email or SMS alerts for abnormal ACL activity.

• Integration: Use webhook services to push alerts into Slack or other collaboration platforms.

🔮 14. Future-Proofing Your Exim ACL Setup

🌐 Adapting to Evolving Threat Landscapes

• Regularly update ACLs to address new email threats like advanced phishing tactics and spoofing.

• Monitor global threat intelligence feeds for emerging trends.

🚀 Leveraging AI and ML for Dynamic ACL Updates

• Integrate AI-powered tools like Rspamd for adaptive spam filtering.

• Use ML models to dynamically update ACLs based on traffic patterns and historical data.

💡 Innovations in Email Security to Watch

• Blockchain for Email Authentication: Explore decentralized solutions to enhance email authenticity.

• Post-Quantum Cryptography: Prepare for future security standards to counter quantum computing threats.

• Automated Incident Response: Implement tools that automatically adjust ACLs during attacks.

📖 15. Appendix

📜 Glossary of Key Terms

• ACL: Access Control List, a set of rules for email processing.

• DNSBL: Domain Name System-based Blackhole List, used for spam prevention.

• SPF: Sender Policy Framework, used for email sender validation.

• DKIM: DomainKeys Identified Mail, an email authentication method.

🗂️ Reference Links and Official Documentation

• Exim Official Documentation: Exim.org

• SPF and DKIM Resources: DKIM.org

• Exim Configuration Examples: Exim GitHub Repository

🧑‍🤝‍🧑 Community Resources and Forums

• Exim Users Mailing List: Stay updated with community discussions.

• Server Fault Forum: serverfault.com for Exim-related Q&A.

• Reddit Community: Join discussions at r/sysadmin or r/linuxadmin.

✍️ Sample ACL Configurations (Copy-Paste Ready)

Basic Sender Validation

Reject emails from invalid senders:

deny condition = ${if !verify{sender}{yes}{no}}
      message = "Sender verification failed."

Blacklist Integration

Block emails from IPs listed in DNS-based blackhole lists:

deny dnslists = zen.spamhaus.org
      message = "Your IP is blacklisted."

Attachment Blocking

Prevent emails with executable attachments:

deny condition = ${if match{$mime_filename}{\.(exe|bat|scr)$}{yes}{no}}
      message = "Executable attachments are not allowed."

Domain Whitelisting

Accept emails only from specific trusted domains:

accept condition = ${if eq{$sender_address_domain}{trusted.com}{yes}{no}}

Content-Based Blocking

Reject emails containing specific keywords:

deny condition = ${if match{$message_body}{.*spam keyword.*}{yes}{no}}
      message = "Prohibited content detected."

Rate-Limiting Connections

Throttle excessive connections from a single IP:

defer condition = ${if >{$connection_count}{5}{yes}{no}}
      message = "Too many connections from your IP."

Restricting File Types in Attachments

Block disallowed file types:

deny condition = ${if match{$mime_filename}{\.(zip|rar|7z)$}{yes}{no}}
      message = "Compressed files are not allowed."

SPF Validation

Enforce SPF compliance for incoming emails:

deny condition = ${if !verify{spf}{yes}{no}}
      message = "SPF validation failed."

DKIM Validation

Reject emails failing DKIM verification:

deny condition = ${if !verify{dkim}{yes}{no}}
      message = "DKIM validation failed."

DMARC Enforcement

Ensure emails adhere to DMARC policies:

deny condition = ${if !dmarc_status{pass}{yes}{no}}
      message = "DMARC policy validation failed."

Blocking Emails Based on GeoIP

Deny emails originating from specific countries:

deny condition = ${if match{$sender_host_address}{GEOIP-DB-BLOCK}{yes}{no}}
      message = "Emails from your region are not allowed."

(Note: Replace GEOIP-DB-BLOCK with your GeoIP configuration.)

Large Attachment Handling

Reject overly large attachments:

deny condition = ${if >{$message_size}{25M}{yes}{no}}
      message = "Attachments larger than 25MB are not allowed."

Rejecting Specific Email Addresses

Block emails from known bad senders:

deny condition = ${if eq{$sender_address}{baduser@example.com}{yes}{no}}
      message = "Emails from this sender are not allowed."

Greylisting Implementation

Temporarily reject suspicious emails to deter spam:

defer condition = ${if !match_ip{$sender_host_address}{203.0.113.0/24}{yes}{no}}
      message = "Temporary rejection, please retry later."