Actions and Conditions
Actions
Add_hits!
Adds or removes hits to current connection. 'Hits' are like points that you can use to control aspects of current connected host. You can rate a host negatively for no have a valid SPF, Reverse Name or if it is on a Blacklist. It is possible to remove this hits passing negative values in parameter.
Examples: Spf_resp "2" Add_hits! "1" Spf_resp "3" Add_hits! "2" Rev_fail? Add_hits! "2" Itest? "%H>2" Reply! "500 Too many negative points" Deny!
Accept!
Forces to accept the current sender or recipient even that its domain not exists. Inside event Limit (Event.limit) this option serves to force a acceptation of a IP that was considered a attacker Examples: From? "foo@domain123456.com" Accept! Ip? "10.10.10.0/24" Accept!
Close!
Closes the current connection. Examples: Ip? "250.250.250.250" Close!
Cp!
Adds the email specified in parameter to receive a copy of current message. Examples: From? "employee1@domain123456.com" To? "employee2@123456domain.com" Cp! "supervisor@domain123456.com" To? "user1@testdomain.com" Cp! "supervisor@domain.com" Cp! "administrator@domain.com"
Def!
Changes a global option (option of selor.conf) to current connection. The most part of options can be changed by this action. Examples: Ip? "200.200.200." Def! "Auth_relay 0" Ip? "192.168.0.15" Def! "Max_rcpts 1000" From? "test@testdomain.com" Def! "Queue_path '/var/spool_alternative/mails'" Ip? "10.0.0.100" Def! "Modseq_auth 'ldap mysql'" Ip? "10.10.10.0/24" Def! "Event.rcpt '/usr/local/selor/rules_10.10.10.0'"
This is the list of options that can be changed by this action:
Server_name Cp_errors_path Report_file Central_log Sumary_log Warning_log Dlocal Adlocal_allowed Msg_full_mailbox Msg_no_mailbox Msg_transaction_falied Msg_refused Msg_nodisk_space Msg_perm_deny Msg_invalid_domain Msg_header_toobig Msg_internal_error Msg_cannot_connect Msg_mailbox_unavaibble |
Msg_mail_toobig Msg_lavg Postmaster Subject_error_msg Report_from Msg_cannot_resolve Timezone Sid Log_lvl Max_rcpts Max_attempts Max_error_report Connect_timeout Mx_alias_ip Cp_errors Timeout Lavg_queue Lavg_negative Tarpit_sleep |
Tarpit_limit Tls_enable Tls_delivery Refused_log Qend_process Force_alias_seek Modseq_auth Modseq_domain Modseq_mail Modseq_alias Srs_key Srs_shift Srs_alias_redir Event_error_report Max_msgs_per_cnx Event_dl_rcpt Df_domain Allow_broadcasts |
Deny!
Denies a recipient, sender or connection Examples: From? "test@testdomain.com" To? "foo@domain123456.com" Deny! Ip? "10.10.10.40" From? "foo2@domain123456.com" Reply! "550 You cannot use this sender address" Deny!
Data_reply!
Foces a answer to 'data' SMTP command. This action makes this command (SMTP data) be refused. It is used when we not want refuse the message during the recipient specification. This action is rarely used but can be useful to hosts that makes sender confirmation. Examples: From? "mailer-daemon@sv.server123456remote.com" Data_reply! "500 This email is refused"
Exit!
Leave the current rules-file and back to the last rules-file called. This option is like the 'Stop!' action, but it stops only the execution of current rules-file and not the event. Examples: From? "foo1@domain123456.com" To? "test@domain123456.com" Exit!
Exec!
Runs a external program of operatiing system. The return value of this program may be tested through 'Exec_resp?' condition or by '%t' variable. The output text from this program is captured and can be used by '%E' variable. Examples: Internal_from? Exec! "/usr/sbin/anti-virus /var/spool/selor/c%d" Auth? Exec! "/usr/local/selor/uteis/statistics_process.sh %f %r"
Fchange!
Changes the address of sender in SMTP level. The sender address in email header is not changed. Examples: From? "foo1@domain123456.com" Fchange! "finances@domain123456.com"
Hadd!
Adds a new line with a text to the email Header. Obs: After 1.3 version, this action works in Event.data but only for messages that will be sent to external hosts. Examples: Spf_resp? "4" Hadd! "Spf: REFUSED" From? "externalmail@externaldomain.com" Hadd! "Reply-to: %f" Fchange! "email@localdomain.com.br"
Inc_rules!
Executes an another rules-file. When this another rules-files finish, the Selor back to last file (the caller rules-file). You can use 'Stop!' to stop the entire event or 'Exit!' to leave this another rules-file before it finish. Examples: Internal_from? Inc_rules! "/var/mail/%c/rules_domain_com" Internal_rcpt? Inc_rules! "%C/personal_rules"
Log!
Writes a message to an another log file. The file can be anyone. If file not exists, it is created. The param of this action consists in two values. The first is a file log and second is the text to be recorded. The values are separated by ':' character. See 'Delimiter!' action to change this character Examples: Auth? Log! "/var/log/selor/auth_connections.log: Authenticated connection by [%u] Sender [%f] IP:%i"
Mx_dest!
Forces the delivery to current recipient to the Host specified by parameter. You can specify an IP address or a Hostname. You can specify a TCP/IP port to connect, to do this you must use a space between IP/Hostname and the Port. Examples: Find_in_to? "@externaldomain.com" Mx_dest! "10.10.10.100" Find_in_to? "@externaldomain.com" Mx_dest! "smtp.externalserverrelay.net" Find_in_to? "@externaldomain.com" Mx_dest! "smtp.externalserverrelay.net 587" Mx_auth! "user:pass"
Mx_auth!
Forces an authentication when Selor server will deliver an email to external Host. You can use this with 'Mx_dest!' action. The parameter of this is separated by two values. The first is the username and second is the password. The values are separated by ':' character. See 'Delimiter!' action to change this character Examples Find_in_to? "@externaldomain.com" Mx_dest! "smtp.externalserverrelay.net" Mx_auth! "username:password" Find_in_to? "@externaldomain.com" Mx_dest! "smtp.externalserverrelay.net 587" Mx_auth! "user@domain123456.com:password"
Mx_source!
Forces an Output IP to use for a recipient. With this option you can change the outgoing link that may be used for each recipient. Let's say that your server has two outgoing links. One has the Gateway like 250.250.250.1 and the other, the second link, has the Gateway 251.251.251.10. You can use the example bellow to force all messages destinated to '@hotmail.com' to out through the second link. Examples: Find_in_to? "@hotmail.com" Mx_source! "251.251.251.10"
Mark!
Adds a mark to current connection. The mark is only a text that you can use to identify something in others rules-files. You can test the mark with 'Tmark?' condition. Examples: Rbl_resp? "1" Mark! "Blacklist" Rbl_resp? "2" Mark! "Trash" Spf_resp? "4" Mark! "ToDiscart"
Proc_rules!
Transfers the execution of rule-file to an another file. When execution is finished it NOT back to the caller rule file. Examples: Ip? "80.80." Proc_rules! "/usr/local/selor/spammer_test"
Qlimit!
Forces the comming email to an another spool queue, the Qlimit spool. The Qlimit is a second spool directory where the messages has no a great priority and you can use diferent limits to control these messages sent by inopportune customers Examples: Ip? "192.168.0.34" From? "newsletter@domain123456.com" Qlimit!
Reply!
Sends a SMTP message to connected host. This message must have the SMTP code like 4xx for temporary errors and 5xx for permanent errors. The use of this action does not refusal the connection, sender or recipient, to do this you must use the action 'Deny!' together. Examples: From? "foo@externaldomain.com" To? "admin@domainexample.com" Reply! "500 The owner %r does not want to receive your messages" Deny!
Relay!
Enables the relay to current connection. The Selor not gives relay by default and you must configure who can win the relay. Examples: Ip? "127.0.0.1" Relay! Ip? "129.168.0.0/24" Relay! Ip? "10.10.10.1" Relay!
Relay_denied!
Denies the relay to current connection. This option revokes the 'Relay' permission to a connection. You must use this when has a Relay to a entire local network but you want revoke a relay to a defined IP. Examples: Ip? "10.10.10.50" Relay_denied! To? "foo@mydomainexample.com" Relay_denied!
Rbl_test!
Makes a RBL (Blacklist) test to current IP connected. In parameter you can specify which blacklists the test must be done. The return can be tested with 'Rbl_test?' condition or with '%R' variable that returns the number of RBLs that IP was found. The '%T' variable returns the text of answer of first RBL that the IP was found Examples: Rbl_test! "rbl_1.org" Rbl_test! "rbl_1.org rbl_2.org rbl_3.org rbl_4.org" Rbl_test! "bl.spamcop.net zen.spamhaus.org b.barracudacentral.org"
Resolve!
When the Resolve_all of selor.conf is disabled, you can use this action to resolve the reverse name of current IP connected. This can be used to make your server more fast. You disables the Resolve_all in selor.conf and forces a resolve only to unauthenticated connections. Examples: !Auth? Resolve!
Stop!
Stops the execution of current event. Attention: This action does NOT refuse the connection, sender or recipient. This action only makes the Selor stop the current event Examples: Auth? From? "foo@mydomainexample.com" Stop! Auth? Stop!
Spf_test!
Makes a SPF test with the current IP and the sender domain specified. This action works starting on Event.from. Examples: !Auth? Spf_test!
Srs!
Changes the address of sender with SRS codification. In parameter you must specify a internal domain. Examples: Auth? !From? "" !Internal_from? !Internal_rcpt? Srs! "myinternaldomain.com"
Sendmail!
Sent an email to any recipient. The parameters are separated with ':' character. The first parameter is the file of message The second parameter is the sender The third parameter is the recipient Examples: To? "foo@internaldomain.com" Sendmail! "/usr/local/selor/message.eml:%r:%f"
Obs: This example works like a auto response
So_mark!
Adds a TCP mark to a recipient that the Selor will use in the shipping process. You can use the Firewall/Iproute of Linux to detect this marks and do a traffic shaping or everything else. Obs: This action works only in Linux and where the executable code of Selor was compiled with libcap Examples: Find_in_to? "@externaldomain.com" So_mark! "1"
Tchange!
Changes the current recipient address in SMTP level. Works only in Event.rcpt Examples: To? "foo@internaldomain.com" Tchange! "adm@internaldomain.com" To? "foo@internaldomain.com" Tchange! "test@anotherdomain.com"
Delimiter! (Version >= 1.3)
This is a internal configuration action of the server. It changes the delimiter character that separates the fields of some actions or conditions like: 'Cmp_str?', 'Cmp_left?', 'Cmp_right?', 'Find_str?', 'Find_strfile?', 'Find_filestr?', 'Log!', 'Mx_auth!', 'Sendmail!' By default the delimiter character is ':', you can change this any time in rules-files. The delimiter is reseted to ':' in each new line of rules-file This option was created because sometimes the delimiter can conflict with the text passed in some parameter. Examples: Auth? Delimiter! "|" !Cmp_str? "%f|%u" Reply! "500 Invalid sender" Delimiter! "|" !Find_filestr? "/var/spool/selor/c%d|%f" Reply! "550 Sender Address was not found in email HEADER"
Condições
All conditions can be preceded by a exclamation to invert the result of check. For example: If we want to execute a external program/script when current connection is authenticated, we use:
Auth? Exec! "external_script.sh" If we want to execute this same program when the current connection is NOT authenticated, we must insert a exclamation (!) before the condition:
!Auth? Exec! "external_script.sh"
Auth?
Tests if the current connection is authenticated. Examples: Auth? From? "foo@domaintest.com" Reply! "Email refused" Internal_from? !Auth? Reply! "550 You need authentication" Deny!
Cmp_str?
Tests if two texts are equal. This condition has two parameter separated by ':' character Examples: Cmp_str? "%r:user@domainexample.com" Reply! "550 This address is blocked" Deny! Auth? !Cmp_str? "%f:%u" Reply! "500 Refused. This sender if different of authenticated user"
Cmp_left?
Compares only the left part of a text. The texts (parameters) must by separated by character ':'. The first parameter is the text where the seek is made and the second is the text to seek. Examples: Ip? "10.10.10.5" Cmp_left? "%r:user@" Reply! "550 You cannot use this address" Deny!
Cmp_right?
Compares only the rigth part of a text. The texts (parameters) must by separated by character ':'. The first parameter is the text where the seek is made and the second is the text to seek. Examples: Cmp_right? "%f:.com.br" Ip? "192.168.0.100" Reply! "550 You are not allowed to send messages with '.com.br' domains" Deny!
Cmp_reverse?
Compares the reverse name of IP with text passed in parameter Examples: Cmp_reverse? "sv1.domainofspammer.com" Reply! "550 Host refused" Deny!
Exec_resp?
Tests the value returned by the last program executed by action 'Exec!' Examples Ip? "10.10.10.78" Exec! "/usr/local/selor/uteis/email_check.sh" Exec_resp? "1" Reply! "500 This message has a content that is not allowed by this server" Deny!
From?
Checks if the sender in parameter is the same of current address passed in SMTP session by 'mail from' command. Examples: !Ip? "10.10.10.55" From? "administrator@internaldomain.net" Reply! "500 You are not allowed to use this sender" Deny!
Find_in_from?
Seekd for a text in sender address. You can use this to test the domain of sender. Examples: Find_in_from? "marketing" Close! Find_in_from? "@spammerdomain.net" Reply! "550 Spammer !!!" Deny!
Find_in_to?
Seeks for a text in recipient address. You can use this to test the domain of recipient. Examples: Find_in_to? "test@" Internal_from? Ip? "192.168.0.0/24" Mx_dest! "192.168.0.101 2525" Find_in_to? "@hotmail.com" Mx_dest! "smtp.externaldomaintorelay.com 587" Mx_auth! "user:pass"
Find_str?
Seeks a text inside of other. This condition requires two parameters separated by ':' character. Examples: Find_str? "%e:spammer" Reply! "550 Host refused" Deny!
Find_in_reverse?
Seeks a text inside the reverse name of connected IP. This condition can be replaced by condition 'Find_str?' with '%e' variable. Examples: Find_in_reverse? "spammer" Reply! "550 Host refused" Deny!
Find_strfile?
This condition has two parameters separated by character ':' The function of condition Find_strfile is open the file specified in second parameter to seek each line of this file in text passed in first parameter. You can use this to make local blacklists of IPs, hosts, domains, sender, etc. Examples: Find_strfile? "%e:/usr/local/selor/bloqued_hosts" Reply! "550 You are listed in a local blacklist" Deny!
Find_filestr? (Selor >= 1.5)
This condition has two parameters separated by character ':' The function of condition Find_filestr is seek the text of second parameter in each line of file passed in first parameter. Examples: Find_filestr? "/usr/local/selor/blacklist_ips.txt:%i" Reply! "500 IP in blacklist" Deny!
Find_fileline?
This condition has two parameters separated by character ':'
This function seeks and compares the full text between line in file and the second parameter
Examples: Find_fileline? "/usr/local/selor/blacklist_hosts.txt:%e" Reply! "500 Your host in blacklist" Deny!
From_type? (Selor >= 1.4)
Tests the type of address sender specified. There are three types: 0 = The sender is not exists in local tabel of emails. 1 = The sender exists in local table of emails 2 = The sender is a ALIAS Examples: Find_in_from? "@domaintest.com" From_type? "2" Reply! "500 The alias addresses are temporarily blocked for this domain"
Internal_from? From_type? "0" Reply! "This sender does not exists" Deny!
Helo?
Checks the helo/ehlo specified in SMTP protocol Examples: Helo? "host1" Reply! "500 Host refused" Deny!
Ip?
Tests the IP connected. You can specified a IP address, a IP network with its mask or pass a part of an IP. Examples: Ip? "192.168.0.10" Relay! Ip? "127.0.0.1" Relay! Ip? "10.10.10.0/24" Relay! Ip? "200.200." Close!
Internal_from?
Tests if the domain of sender is local or not Examples: Internal_from? !Auth? Reply! "500 Authentication is required" Deny! !Internal_from? Reply! "500 We do not accept emails from external domains" Deny!
Internal_rcpt?
Tests if the domain of recipient is local or not. Examples: Internal_rcpt? Ip? "192.168.40" Reply! "You cannot send emails to local addresses" Deny!
Itest?
Tests the two values specified in two parameters using the operation in the middle
The possible operations are:
Bigger than: > Less than: < Equal: =
Examples: Itest? "%t=1" Reply! "550 The analysis of our anti-spam program has classified your message like spam" Deny! Ip? "192.168.0.33" Itest? "%n>10" Reply! "500 "Hey, you not allowed to send an email with more than 10 recipients" Deny! Itest? "%R>1" Reply! "500 You are listed in more than one Blacklist: %T" Deny!
Rbl_resp?
Tests the number of RBLs that the IP was found.
Attention: You must run a 'Rbl_test! first than 'Rbl_resp?' The "Rbl_test!" can be executed in a line and 'Rbl_resp?' in another line or rules-file
Examples: Rbl_test! "zen.spamhaus.org" Rbl_resp? "1" Reply! "500 You are listed in Blacklist: %T" Deny! Rbl_test! "zen.spamhaus.org" Rbl_resp? "1" Reply! "500 You are listed in two Blacklists: %T" Deny!
Rev_fail?
Makes a general test in connected IP. First, this function resolves the reverse name of IP, in second stage is see whether this name resolves to the same IP. Examples: Rev_fail? Add_hits! "2"
Spf_resp?
Checks for answer of SPF test executed by action 'Spf_test!': Answers of SPF: 0 = None 1 = Pass 2 = Neutral 3 = SoftFail 4 = Fail 5 = TempError 6 = PermError Examples: Spf_resp? "4" Reply! "550 Email refused by not pass in SPF test" Deny!
Seek_to?
Searches for a recipient address in all recipients already specified in SMTP email session Examples: To? "foo@externaldomain.com.br" Seek_to? "admin@externaldomain.com.br" Reply! "550 The foo and admin cannot receive the same email" Deny!
Seek_in_to?
Seeks a text in all recipients already specified. Examples: To? "foo@domaintest123.net" Seek_in_to? "@gmail.com" Mark! "ARCHIVE_EMAIL"
To?
Tests the recipient Examples: To? "foo@externaldomain.com" Deny! To? "foo2@externaldomain.com" Relay!
Tmark?
Test if current connection contains a 'mark' made with 'Mark!' action Examples: Tmark? "ARCHIVE_EMAIL" Exec! "cp /var/spool/selor/c%d /mnt/hd_bk/"
To_type? (Selor >= 1.4)
This condition tests for address type of recipient. There are three types: 0 = The recipient is not exists in local tabel of emails. 1 = The recipient exists in local table of emails 2 = The recipient is a ALIAS
Examples: Internal_rcpt? To_type? "0" Reply! "This recipient not exists" Deny! Internal_rcpt? To_type? "1" To_over_quota? Reply! "550 I am sorry but this account is full. Try again later" Exec! "/usr/local/selor/warn_recipient_ovre_quota.sh %r" Deny!
To_over_quota? (Selor >= 1.4)
Tests if current recipient is over quota. Obs: This function works only if Rcpt_level_check is -1
Examples:
Internal_rcpt? To_type? "1" To_over_quota? Reply! "550 I am sorry but this account is full. Try again later" Exec! "/usr/local/selor/warn_recipient_ovre_quota.sh %r" Deny!
Variables
%r |
The recipient address |
%f |
The sender address |
%u |
The username used in authentication |
%i |
IP address of connected host |
%e |
Name of connected host |
%s |
Name or IP Addreess of connected host. If the reverse name was cannot be resolved, this variable will return the IP address |
%h |
Identification specified by remote host in SMTP command helo or ehlo |
%o |
The sender domain |
%c |
The recipient domain |
%m |
Name that comes before the '@' in sender address |
%p |
Name that comes before the '@' in recipient address |
%n |
The number of recipients passed until now |
%y |
The number of SPF answer: 0 = None 1 = Pass 2 = Neutral 3 = SoftFail 4 = Fail 5 = TempError 6 = PermError |
%H |
The accumulated value by 'Add_hist!' action |
%t |
The returned value by the last external program executed by action 'Exec!' |
%E |
The returned text by the last external program executed by action 'Exec!' |
%R |
Number of RBLs that the connected IP was found |
%T |
Text returned by RBL. |
%P |
In Event.lrcpt_refused this variable returns the refuses message of local server. In Event.dl_rcpt this variable returns a answer of remote server after the Selor specify the address of recipient (rcpt to) |
%d |
The number (ID) of current queue file |
%C |
HOME directory of recipient |
%F |
HOME directory of sender |
%U |
HOME directory of authenticated user |
%O |
The current hour |
%M |
The current minute |
%S |
The current seconds |
%D |
The day number of week 0 = Sunday 1 = Monday 2 = Tuesday 3 = Wednesday 4 = Thursday 5 = Friday 6 = Saturday |
%z |
The size of current email. This works with precision starting on Event.data. In Event.from or Event.rcpt this variables returns the value specified by SIZE parameter in 'mail from' SMTP command. Obs: It's not always that the SIZE is passed in 'mail from' command. |
%L |
Returns the spool directory of current queue file. This not works before Event.data (Selor >= 1.3) |
%" |
This is equivalent to the character ("). You can use this to insert the (") character inside of actions and conditions, like this: Cmp_str? "%u:user@mydomain.com" Exec! "/usr/local/selor/script.sh %"The user %u now is connected%"" |
%% |
This is equivalent to the character (%) |
|