用于EagleEye3.0 规则集漏报和误报测试的示例项目,项目收集于github和gitee
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

45 lines
1.5 KiB

5 months ago
# This is a test configuration. It listens on port 8025, waits for an incoming
# connection, and applies the following rules :
# - if the address is in the white list, then accept it and forward the
# connection to the server (local port 25)
# - if the address is in the black list, then immediately drop it
# - otherwise, wait up to 35 seconds. If the client talks during this time,
# drop the connection.
# - then accept the connection if it passes all the tests.
#
# Note that the rules are evaluated at every new chunk of data read, and at
# delay expiration. Rules which apply to incomplete data don't match as long
# as the timer has not expired.
listen block-fake-mailers
log 127.0.0.1:514 local0
option tcplog
mode tcp
bind :8025
timeout client 60s
timeout server 60s
timeout queue 60s
timeout connect 5s
tcp-request inspect-delay 35s
acl white_list src 127.0.0.2
acl black_fast src 127.0.0.3 # those ones are immediately rejected
acl black_slow src 127.0.0.4 # those ones are rejected after a delay
tcp-request content accept if white_list
tcp-request content reject if black_fast
tcp-request content reject if black_slow WAIT_END
tcp-request content reject if REQ_CONTENT
# note that it is possible to wait for the end of the analysis period
# before rejecting undesired contents
# tcp-request content reject if REQ_CONTENT WAIT_END
# on Linux+transparent proxy patch, it's useful to reuse the client'IP
# source 0.0.0.0 usesrc clientip
balance roundrobin
server mail 127.0.0.1:25