dnsbl: xml/dnsbl.in annotate

annotate xml/dnsbl.in @ 4:15a7e942adec

updates to use dcc conf files

author	carl
date	Wed, 21 Apr 2004 12:52:29 -0700
parents	9bcd5ef11279
children	793ac9cc114d

rev	line source
0 96a9758165cd Initial revision carl parents: diff changeset	1 <html>
96a9758165cd Initial revision carl parents: diff changeset	2
96a9758165cd Initial revision carl parents: diff changeset	3 <head>
96a9758165cd Initial revision carl parents: diff changeset	4 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
96a9758165cd Initial revision carl parents: diff changeset	5 <title>DNSBL Sendmail milter</title>
96a9758165cd Initial revision carl parents: diff changeset	6 </head>
96a9758165cd Initial revision carl parents: diff changeset	7
96a9758165cd Initial revision carl parents: diff changeset	8 <p>This milter is released under the GPL license version 2 included in
96a9758165cd Initial revision carl parents: diff changeset	9 the LICENSE file in the distribution, and also available at
96a9758165cd Initial revision carl parents: diff changeset	10 <a href="http://www.gnu.org/licenses/gpl.html">http://www.gnu.org/licenses/gpl.html</a>
96a9758165cd Initial revision carl parents: diff changeset	11
96a9758165cd Initial revision carl parents: diff changeset	12 <p>Consider the case of a mail server that is acting as secondary MX
96a9758165cd Initial revision carl parents: diff changeset	13 for a collection of clients, each of which has a collection of mail
96a9758165cd Initial revision carl parents: diff changeset	14 domains. Each client may use their own collection of DNSBLs on their
96a9758165cd Initial revision carl parents: diff changeset	15 primary mail server. We present here a mechanism whereby the backup
96a9758165cd Initial revision carl parents: diff changeset	16 mail server can use the correct set of DNSBLs for each message. As a
96a9758165cd Initial revision carl parents: diff changeset	17 side-effect, it gives us the ability to customize the set of DNSBLs on a
96a9758165cd Initial revision carl parents: diff changeset	18 per-recipient basis, so that fred@example.com could use SPEWS and the
96a9758165cd Initial revision carl parents: diff changeset	19 SBL, where all other users @example.com use only the SBL.
96a9758165cd Initial revision carl parents: diff changeset	20
96a9758165cd Initial revision carl parents: diff changeset	21 <p>The DNSBL milter reads a text configuration file on startup, and
96a9758165cd Initial revision carl parents: diff changeset	22 whenever the config file (or any of the referenced include files) is
96a9758165cd Initial revision carl parents: diff changeset	23 changed. The entire configuration file is case insensitive.
96a9758165cd Initial revision carl parents: diff changeset	24
96a9758165cd Initial revision carl parents: diff changeset	25 <p>If you are also using the <a
96a9758165cd Initial revision carl parents: diff changeset	26 href="http://www.rhyolite.com/anti-spam/dcc/">DCC</a> milter, there are
96a9758165cd Initial revision carl parents: diff changeset	27 a few considerations. You may need to whitelist senders from the DCC
96a9758165cd Initial revision carl parents: diff changeset	28 bulk detector, or from the DNS based lists. Those are two very
96a9758165cd Initial revision carl parents: diff changeset	29 different reasons for whitelisting. The former is done thru the DCC
96a9758165cd Initial revision carl parents: diff changeset	30 whiteclnt config file, the later is done thru the DNSBL milter config
4 15a7e942adec updates to use dcc conf files carl parents: 2 diff changeset	31 file. There is an option to reference the DCC whiteclnt file (via an
15a7e942adec updates to use dcc conf files carl parents: 2 diff changeset	32 include_dcc line) in the DNSBL milter config. This will import the
15a7e942adec updates to use dcc conf files carl parents: 2 diff changeset	33 (env_to, env_from, and substitute mail_host) entries from the DCC config
15a7e942adec updates to use dcc conf files carl parents: 2 diff changeset	34 into the DNSBL config. This allows using the DCC config as the single
15a7e942adec updates to use dcc conf files carl parents: 2 diff changeset	35 point for white/blacklisting.
0 96a9758165cd Initial revision carl parents: diff changeset	36
96a9758165cd Initial revision carl parents: diff changeset	37 <p>You may want to blacklist some specific senders or sending domains.
96a9758165cd Initial revision carl parents: diff changeset	38 This could be done thru either the DCC (on a global basis, or for a
96a9758165cd Initial revision carl parents: diff changeset	39 specific single recipient). We prefer to do such blacklisting via the
96a9758165cd Initial revision carl parents: diff changeset	40 DNSBL milter config, since it can be done for an entire recipient mail
96a9758165cd Initial revision carl parents: diff changeset	41 domain. The DCC approach has the feature that you can capture the
96a9758165cd Initial revision carl parents: diff changeset	42 entire message in the DCC log files. The DNSBL milter approach has the
96a9758165cd Initial revision carl parents: diff changeset	43 feature that the mail is rejected earlier (at RCPT TO time), and the
96a9758165cd Initial revision carl parents: diff changeset	44 sending machine just gets a generic "550 5.7.1 no such user" message.
96a9758165cd Initial revision carl parents: diff changeset	45
96a9758165cd Initial revision carl parents: diff changeset	46 <p>Definitions:
96a9758165cd Initial revision carl parents: diff changeset	47
96a9758165cd Initial revision carl parents: diff changeset	48 <p>DNSBL - a named DNS based blocking list is defined by a dns suffix
96a9758165cd Initial revision carl parents: diff changeset	49 (e.g. sbl-xbl.spamhaus.org) and a message string that is used to
96a9758165cd Initial revision carl parents: diff changeset	50 generate the "550 5.7.1" smtp error return code. The names of these
96a9758165cd Initial revision carl parents: diff changeset	51 DNSBLs will be used to define the DNSBL-LISTs.
96a9758165cd Initial revision carl parents: diff changeset	52
96a9758165cd Initial revision carl parents: diff changeset	53 <p>DNSBL-LIST - a named list of DNSBLs that will be used for specific
96a9758165cd Initial revision carl parents: diff changeset	54 recipients or recipient domains.
96a9758165cd Initial revision carl parents: diff changeset	55
96a9758165cd Initial revision carl parents: diff changeset	56 <p>ENVELOPE-FROM-MAP - a named collection of mappings (key->value pairs)
96a9758165cd Initial revision carl parents: diff changeset	57 from envelope-from values to the WHITE, BLACK, or DEFAULT keywords. The
96a9758165cd Initial revision carl parents: diff changeset	58 names of these maps will be used for specific recipients or recipient
96a9758165cd Initial revision carl parents: diff changeset	59 domains.
96a9758165cd Initial revision carl parents: diff changeset	60
96a9758165cd Initial revision carl parents: diff changeset	61 <p>The configuration file maps each recipient (or recipient domain) to
96a9758165cd Initial revision carl parents: diff changeset	62 two names (a named DNSBL-LIST, and a named ENVELOPE-FROM-MAP). If the
96a9758165cd Initial revision carl parents: diff changeset	63 recipient is not found in the configuration, the named DEFAULT
96a9758165cd Initial revision carl parents: diff changeset	64 dnsbl-list and DEFAULT envelope-from-map will be used. When mail is
96a9758165cd Initial revision carl parents: diff changeset	65 received for that recipient,
96a9758165cd Initial revision carl parents: diff changeset	66
96a9758165cd Initial revision carl parents: diff changeset	67 <ol>
96a9758165cd Initial revision carl parents: diff changeset	68
96a9758165cd Initial revision carl parents: diff changeset	69 <li>If the client has authenticated with sendmail, the mail is accepted
96a9758165cd Initial revision carl parents: diff changeset	70 and the dns lists are not checked.
96a9758165cd Initial revision carl parents: diff changeset	71
96a9758165cd Initial revision carl parents: diff changeset	72 <li>If either one is BLACK, mail to this recipient is rejected with "no
96a9758165cd Initial revision carl parents: diff changeset	73 such user", and the dns lists are not checked.
96a9758165cd Initial revision carl parents: diff changeset	74
96a9758165cd Initial revision carl parents: diff changeset	75 <li>If the envelope-from-map name is WHITE, mail to this recipient is
96a9758165cd Initial revision carl parents: diff changeset	76 accepted and the dns lists are not checked.
96a9758165cd Initial revision carl parents: diff changeset	77
96a9758165cd Initial revision carl parents: diff changeset	78 <li>If the envelope-from-map exists, the map is checked for the presence
96a9758165cd Initial revision carl parents: diff changeset	79 of the sender. A WHITE or BLACK answer is definitive and the dns lists
96a9758165cd Initial revision carl parents: diff changeset	80 are not checked.
96a9758165cd Initial revision carl parents: diff changeset	81
96a9758165cd Initial revision carl parents: diff changeset	82 <li>If the dnsbl-list name is WHITE, the dns lists are not checked and
96a9758165cd Initial revision carl parents: diff changeset	83 the mail is accepted. Otherwise, the dns lists are checked and the mail
96a9758165cd Initial revision carl parents: diff changeset	84 is rejected if any list has an A record for the standard dns based
96a9758165cd Initial revision carl parents: diff changeset	85 lookup scheme (reversed octets of the client followed by the dns
96a9758165cd Initial revision carl parents: diff changeset	86 suffix).
96a9758165cd Initial revision carl parents: diff changeset	87
96a9758165cd Initial revision carl parents: diff changeset	88 </ol>
96a9758165cd Initial revision carl parents: diff changeset	89
96a9758165cd Initial revision carl parents: diff changeset	90
96a9758165cd Initial revision carl parents: diff changeset	91 <p>Usage: Note that this has ONLY been tested on Linux, specifically
96a9758165cd Initial revision carl parents: diff changeset	92 RedHat Linux. Your mileage will vary. In particular, this milter makes no
96a9758165cd Initial revision carl parents: diff changeset	93 attempt to understand IPv6.
96a9758165cd Initial revision carl parents: diff changeset	94
96a9758165cd Initial revision carl parents: diff changeset	95 Fetch <a href="http://www.five-ten-sg.com/util/dnsbl.tar.gz">dnsbl.tar.gz</a>
96a9758165cd Initial revision carl parents: diff changeset	96 and
96a9758165cd Initial revision carl parents: diff changeset	97
96a9758165cd Initial revision carl parents: diff changeset	98 <pre>
96a9758165cd Initial revision carl parents: diff changeset	99 tar xfvz dnsbl.tar.gz
96a9758165cd Initial revision carl parents: diff changeset	100 bash install.bash
96a9758165cd Initial revision carl parents: diff changeset	101 </pre>
96a9758165cd Initial revision carl parents: diff changeset	102
96a9758165cd Initial revision carl parents: diff changeset	103 Read and understand the contents of that install.bash script before you
96a9758165cd Initial revision carl parents: diff changeset	104 run it. It may not be suitable for your system. Modify your
96a9758165cd Initial revision carl parents: diff changeset	105 sendmail.mc by removing all the "FEATURE(dnsbl" lines, add the following
96a9758165cd Initial revision carl parents: diff changeset	106 line in your sendmail.mc and rebuild the .cf file
96a9758165cd Initial revision carl parents: diff changeset	107
96a9758165cd Initial revision carl parents: diff changeset	108 <pre>
96a9758165cd Initial revision carl parents: diff changeset	109 INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=S:30s;R:30s;E:30s')
96a9758165cd Initial revision carl parents: diff changeset	110 </pre>
96a9758165cd Initial revision carl parents: diff changeset	111
96a9758165cd Initial revision carl parents: diff changeset	112 Read the sample <a
96a9758165cd Initial revision carl parents: diff changeset	113 href="http://www.five-ten-sg.com/dnsbl.conf">var/dnsbl/dnsbl.conf</a>
96a9758165cd Initial revision carl parents: diff changeset	114 file and modify it to fit your configuration.
96a9758165cd Initial revision carl parents: diff changeset	115
96a9758165cd Initial revision carl parents: diff changeset	116
4 15a7e942adec updates to use dcc conf files carl parents: 2 diff changeset	117 <pre>
2 9bcd5ef11279 no message carl parents: 0 diff changeset	118 $Id$
4 15a7e942adec updates to use dcc conf files carl parents: 2 diff changeset	119 </pre>
0 96a9758165cd Initial revision carl parents: diff changeset	120 </body>
96a9758165cd Initial revision carl parents: diff changeset	121 </html>

Mercurial > dnsbl

annotate xml/dnsbl.in @ 4:15a7e942adec