# This is a test configuration. It listens on port 8025, waits for an incoming # connection, and applies the following rules : # - if the address is in the white list, then accept it and forward the # connection to the server (local port 25) # - if the address is in the black list, then immediately drop it # - otherwise, wait up to 35 seconds. If the client talks during this time, # drop the connection. # - then accept the connection if it passes all the tests. # # Note that the rules are evaluated at every new chunk of data read, and at # delay expiration. Rules which apply to incomplete data don't match as long # as the timer has not expired. listen block-fake-mailers log 127.0.0.1:514 local0 option tcplog mode tcp bind :8025 timeout client 60s timeout server 60s timeout queue 60s timeout connect 5s tcp-request inspect-delay 35s acl white_list src 127.0.0.2 acl black_fast src 127.0.0.3 # those ones are immediately rejected acl black_slow src 127.0.0.4 # those ones are rejected after a delay tcp-request content accept if white_list tcp-request content reject if black_fast tcp-request content reject if black_slow WAIT_END tcp-request content reject if REQ_CONTENT # note that it is possible to wait for the end of the analysis period # before rejecting undesired contents # tcp-request content reject if REQ_CONTENT WAIT_END # on Linux+transparent proxy patch, it's useful to reuse the client'IP # source 0.0.0.0 usesrc clientip balance roundrobin server mail 127.0.0.1:25