Page 75 - Mercury Manual.book
P. 75
The MercuryS SMTP Server Module 70
Compliance options
• ‘B’ to issue an error response then drop the connection immediately.
• 'X' to exit immediately from rule processing for the current type of rule
• 'S' to suppress all further rule processing for this connection.
The ‘F’ action is only avail- • ‘F’ to fail the current command, but remain in the same state.
able in Mercury/32 v4.01b
and later.
To understand the difference between the 'X' and 'S' actions, you need to be aware that
transaction filtering is done in several "passes", each pass testing a different state of the
SMTP transaction. The 'X' action only exits from the current pass, meaning that future pass-
es will still take place. The 'S' action, however, exits from the current pass and suppresses
all further transaction filtering on the message altogether.
The ‘F’ action is especially handy if you need to “turn off” an address for a while... For ex-
ample, if an address is being mailbombed, adding an ‘F’ rule that returns a 500-series diag-
nostic asking the sender to try again later can be a good way of “riding out the storm”. After
an ‘F’ action has been processed, the connected client can still issue other SMTP commands
if it wishes to do so – the ‘F’ action only refuses the current request.
The ‘R’ action differs from the ‘F’ action in that it will fail the current request and will also
put the connection into a state where all other SMTP commands except the QUIT command
will be rejected. This is the best way of handling situations where you get a message you do
not want delivered by a host that is not necessarily compromised or undesirable, because it
still allows the SMTP transaction to be closed down in a graceful manner.
The ‘D’ and ‘B’ actions both terminate the connection immediately, the difference being
that the ‘B’ action attempts to “shove an error response down the pipe” before it does so,
while the ‘D’ action simply kills the connection dead – you might say that the ‘B’ action is
slightly “less hostile” than the ‘D’ action.
The second character in the action string is optional and can have one of the following values:
• 'S' to blacklist the host for the next half hour
The third character in the action string is also optional, and can have one of the following val-
ues:
• ‘N’ if the rule should trigger if the test is NOT matched (negation).
Note that if you want to use a three-character action string but do not want to use the second
character (for instance, if you want to negate a rule but do not want to blacklist the address in
the event of the rule triggering), then you should specify a dash character (-) as the second
character in the action.
Response is an optional response code that MercuryS should return to the client (for the 'R'
action) or the string to log as the system message (for the 'L' action). It must be quoted, and
if it is returned as an error response to the client, then it must start with a 3-digit RFC2821
error response code (we recommend 554 for this).
Transaction-level filtering examples
1: To detect and refuse any connection where the client tries to connect using your own IP
address as its HELO greeting – an extremely common gambit by spam zombie systems – use
this test (assuming 192.156.225.99 as your IP address in this example)
H, "*192.156.225.99*", R, "554 Get out of here, worthless scum."
