| # This is a test configuration. It listens on port 8025, waits for an incoming |
| # connection, and applies the following rules : |
| # - if the address is in the white list, then accept it and forward the |
| # connection to the server (local port 25) |
| # - if the address is in the black list, then immediately drop it |
| # - otherwise, wait up to 35 seconds. If the client talks during this time, |
| # drop the connection. |
| # - then accept the connection if it passes all the tests. |
| # |
| # Note that the rules are evaluated at every new chunk of data read, and at |
| # delay expiration. Rules which apply to incomplete data don't match as long |
| # as the timer has not expired. |
| |
| listen block-fake-mailers |
| log 127.0.0.1:514 local0 |
| option tcplog |
| |
| mode tcp |
| bind :8025 |
| timeout client 60s |
| timeout server 60s |
| timeout queue 60s |
| timeout connect 5s |
| |
| tcp-request inspect-delay 35s |
| |
| acl white_list src 127.0.0.2 |
| acl black_fast src 127.0.0.3 # those ones are immediately rejected |
| acl black_slow src 127.0.0.4 # those ones are rejected after a delay |
| |
| tcp-request content accept if white_list |
| tcp-request content reject if black_fast |
| tcp-request content reject if black_slow WAIT_END |
| tcp-request content reject if REQ_CONTENT |
| # note that it is possible to wait for the end of the analysis period |
| # before rejecting undesired contents |
| # tcp-request content reject if REQ_CONTENT WAIT_END |
| |
| # on Linux+transparent proxy patch, it's useful to reuse the client'IP |
| # source 0.0.0.0 usesrc clientip |
| |
| balance roundrobin |
| server mail 127.0.0.1:25 |
| |