dnsbl: xml/dnsbl.in annotate

annotate xml/dnsbl.in @ 108:1c7677042b78

move to autoconf/automake/docbook

author	carl
date	Sun, 18 Dec 2005 12:05:05 -0800
parents	586d5b58040a
children	d0dad5610980

rev	line source
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	1 <reference>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	2 <title>@PACKAGE@ Sendmail milter - Version @VERSION@</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	3 <partintro>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	4 <title>Packages</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	5 <para>The various source and binary packages are available at <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	6 url="http://www.five-ten-sg.com/@PACKAGE@/packages">http://www.five-ten-sg.com/@PACKAGE@/packages</ulink>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	7 The most recent documentation is available at <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	8 url="http://www.five-ten-sg.com/@PACKAGE@/">http://www.five-ten-sg.com/@PACKAGE@/</ulink>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	9 </para>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	10
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	11 </partintro>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	12
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	13 <refentry id="@PACKAGE@.1">
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	14 <refentryinfo>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	15 <date>2005-12-18</date>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	16 </refentryinfo>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	17
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	18 <refmeta>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	19 <refentrytitle>@PACKAGE@</refentrytitle>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	20 <manvolnum>1</manvolnum>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	21 <refmiscinfo>@PACKAGE@ @VERSION@</refmiscinfo>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	22 </refmeta>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	23
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	24 <refnamediv id='name.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	25 <refname>@PACKAGE@</refname>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	26 <refpurpose>a sendmail milter with per-user dnsbl filtering</refpurpose>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	27 </refnamediv>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	28
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	29 <refsynopsisdiv id='synopsis.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	30 <title>Synopsis</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	31 <cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	32 <command>@PACKAGE@</command>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	33 <arg><option>-c</option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	34 <arg><option>-s</option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	35 <arg><option>-d <replaceable class="parameter">n</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	36 <arg><option>-e <replaceable class="parameter">from\|to</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	37 <arg><option>-r <replaceable class="parameter">local-domain-socket</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	38 <arg><option>-p <replaceable class="parameter">sendmail-socket</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	39 <arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	40 </cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	41 </refsynopsisdiv>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	42
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	43 <refsect1 id='options.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	44 <title>Options</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	45 <variablelist>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	46 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	47 <term>-c</term>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	48 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	49 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	50 Load the configuration file, print a cannonical form
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	51 of the configuration on stdout, and exit.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	52 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	53 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	54 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	55 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	56 <term>-s</term>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	57 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	58 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	59 Stress test the configuration loading code by repeating
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	60 the load/free cycle in an infinite loop.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	61 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	62 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	63 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	64 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	65 <term>-d <replaceable class="parameter">n</replaceable></term>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	66 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	67 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	68 Set the debug level to <replaceable class="parameter">n</replaceable>.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	69 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	70 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	71 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	72 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	73 <term>-e <replaceable class="parameter">from\|to</replaceable></term>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	74 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	75 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	76 Print the results of looking up the from and to addresses in the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	77 current configuration. The \| character is used to separate the from and to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	78 addresses in the argument to the -e switch.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	79 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	80 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	81 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	82 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	83 <term>-r <replaceable class="parameter">local-domain-socket</replaceable></term>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	84 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	85 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	86 Set the local socket used for the connection to our own dns resolver processes.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	87 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	88 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	89 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	90 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	91 <term>-p <replaceable class="parameter">sendmail-socket</replaceable></term>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	92 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	93 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	94 Set the socket used for the milter connection to sendmail. This is either
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	95 "inet:port@ip-address" or "local:local-domain-socket-file-name".
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	96 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	97 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	98 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	99 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	100 <term>-t <replaceable class="parameter">timeout</replaceable></term>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	101 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	102 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	103 Set the timeout in seconds used for communication with sendmail.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	104 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	105 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	106 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	107 </variablelist>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	108 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	109
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	110 <refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	111 <title>Usage</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	112 <para><command>@PACKAGE@</command> -c</para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	113 <para><command>@PACKAGE@</command> -s</para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	114 <para><command>@PACKAGE@</command> -d 2</para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	115 <para><command>@PACKAGE@</command> -e'someone@aol.com\|localname@mydomain.tld'</para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	116 <para><command>@PACKAGE@</command> -d 10 -r /var/run/dnsbl/dnsbl.resolver.sock -p local:/var/run/dnsbl/dnsbl.sock</para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	117 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	118
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	119 <refsect1 id='introduction.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	120 <title>Introduction</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	121 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	122 Consider the case of a mail server that is acting as secondary MX for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	123 collection of clients, each of which has a collection of mail domains.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	124 Each client may use their own collection of DNSBLs on their primary mail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	125 server. We present here a mechanism whereby the backup mail server can
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	126 use the correct set of DNSBLs for each recipient for each message. As a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	127 side-effect, it gives us the ability to customize the set of DNSBLs on a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	128 per-recipient basis, so that fred@example.com could use SPEWS and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	129 SBL, where all other users @example.com use only the SBL.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	130 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	131 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	132 This milter can also verify the envelope from/recipient pairs with the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	133 primary MX server. This allows the backup mail servers to properly
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	134 reject mail sent to invalid addresses. Otherwise, the backup mail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	135 servers will accept that mail, and then generate a bounce message when
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	136 the message is forwarded to the primary server (and rejected there with
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	137 no such user).
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	138 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	139 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	140 This milter will also decode (uuencode, base64, mime, html entity, url
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	141 encodings) and scan for HTTP and HTTPS URLs and bare hostnames in the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	142 body of the mail. If any of those host names have A or NS records on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	143 the SBL (or a single configurable DNSBL), the mail will be rejected
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	144 unless previously whitelisted. This milter also counts the number of
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	145 invalid HTML tags, and can reject mail if that count exceeds your
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	146 specified limit.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	147 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	148 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	149 The DNSBL milter reads a text configuration file (dnsbl.conf) on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	150 startup, and whenever the config file (or any of the referenced include
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	151 files) is changed. The entire configuration file is case insensitive.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	152 If the configuration cannot be loaded due to a syntax error, the milter
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	153 will log the error and quit. If the configuration cannot be reloaded
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	154 after being modified, the milter will log the error and send an email to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	155 root from dnsbl@$hostname. You probably want to added dnsbl@$hostname
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	156 to your /etc/mail/virtusertable since otherwise sendmail will reject
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	157 that message.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	158 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	159 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	160
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	161 <refsect1 id='todo.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	162 <title>DCC Issues</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	163 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	164 If you are also using the <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	165 url="http://www.rhyolite.com/anti-spam/dcc/">DCC</ulink> milter, there
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	166 are a few considerations. You may need to whitelist senders from the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	167 DCC bulk detector, or from the DNS based lists. Those are two very
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	168 different reasons for whitelisting. The former is done thru the DCC
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	169 whiteclnt config file, the later is done thru the DNSBL milter config
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	170 file.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	171 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	172 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	173 You may want to blacklist some specific senders or sending domains.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	174 This could be done thru either the DCC (on a global basis, or for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	175 specific single recipient). We prefer to do such blacklisting via the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	176 DNSBL milter config, since it can be done for a collection of recipient
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	177 mail domains. The DCC approach has the feature that you can capture the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	178 entire message in the DCC log files. The DNSBL milter approach has the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	179 feature that the mail is rejected earlier (at RCPT TO time), and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	180 sending machine just gets a generic "550 5.7.1 no such user" message.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	181 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	182 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	183 The DCC whiteclnt file can be included in the DNSBL milter config by the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	184 dcc_to and dcc_from statements. This will import the (env_to, env_from,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	185 and substitute mail_host) entries from the DCC config into the DNSBL
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	186 config. This allows using the DCC config as the single point for
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	187 white/blacklisting.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	188 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	189 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	190 Consider the case where you have multiple clients, each with their own
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	191 mail servers, and each running their own DCC milters. Each client is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	192 using the DCC facilities for envelope from/to white/blacklisting.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	193 Presumably you can use rsync or scp to fetch copies of your clients DCC
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	194 whiteclnt files on a regular basis. Your mail server, acting as a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	195 backup MX for your clients, can use the DNSBL milter, and include those
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	196 client DCC config files. The envelope from/to white/blacklisting will
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	197 be appropriately tagged and used only for the domains controlled by each
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	198 of those clients.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	199 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	200 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	201
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	202 <refsect1 id='todo.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	203 <title>Definitions</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	204 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	205 CONTEXT - a collection of parameters that defines the filtering context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	206 to be used for a collection of envelope recipient addresses. The
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	207 context includes such things as the list of DNSBLs to be used, and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	208 various content filtering parameters.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	209 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	210 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	211 DNSBL - a named DNS based blocking list is defined by a dns suffix (e.g.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	212 sbl-xbl.spamhaus.org) and a message string that is used to generate the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	213 "550 5.7.1" smtp error return code. The names of these DNSBLs will be
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	214 used to define the DNSBL-LISTs.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	215 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	216 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	217 DNSBL-LIST - a named list of DNSBLs that will be used for specific
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	218 recipients or recipient domains.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	219 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	220 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	221
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	222 <refsect1 id='todo.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	223 <title>Filtering Procedure</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	224 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	225 If the client has authenticated with sendmail, the mail is accepted, the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	226 filtering contexts are not used, the dns lists are not checked, and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	227 body content is not scanned. Otherwise, we follow these steps for each
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	228 recipient.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	229 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	230 <orderedlist>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	231 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	232 The envelope to email address is used to find an initial filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	233 context. We first look for a context that specified the full email
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	234 address in the env_to statement. If that is not found, we look for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	235 context that specified the entire domain name of the envelope recipient
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	236 in the env_to statement. If that is not found, we look for a context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	237 that specified the user@ part of the envelope recipient in the env_to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	238 statement. If that is not found, we use the first top level context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	239 defined in the config file.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	240 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	241 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	242 The initial filtering context may redirect to a child context based on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	243 the values in the initial context's env_from statement. We look for [1)
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	244 the full envelope from email address, 2) the domain name part of the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	245 envelope from address, 3) the user@ part of the envelope from address]
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	246 in that context's env_from statement, with values that point to a child
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	247 context. If such an entry is found, we switch to that child filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	248 context.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	249 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	250 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	251 We lookup [1) the full envelope from email address, 2) the domain name
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	252 part of the envelope from address, 3) the user@ part of the envelope
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	253 from address] in the filtering context env_from statement. That results
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	254 in one of (white, black, unknown, inherit).
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	255 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	256 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	257 If the answer is black, mail to this recipient is rejected with "no such
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	258 user", and the dns lists are not checked.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	259 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	260 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	261 If the answer is white, mail to this recipient is accepted and the dns
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	262 lists are not checked.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	263 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	264 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	265 If the answer is unknown, we don't reject yet, but the dns lists will be
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	266 checked, and the content may be scanned.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	267 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	268 If the answer is inherit, we repeat the envelope from search in the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	269 parent context.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	270 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	271 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	272 The dns lists specified in the filtering context are checked and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	273 mail is rejected if any list has an A record for the standard dns based
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	274 lookup scheme (reversed octets of the client followed by the dns
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	275 suffix).
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	276 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	277 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	278 If the mail has not been accepted or rejected yet, we look for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	279 verification context, which is the closest ancestor of the filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	280 context that both specifies a verification host, and which covers the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	281 envelope to address. If we find such a verification context, and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	282 verification host is not our own hostname, we open an smtp conversation
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	283 with that verification host. The current envelope from and recipient to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	284 values are passed to that verification host. If we receive a 5xy
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	285 response those commands, we reject the current recipient with "no such
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	286 user".
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	287 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	288 <listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	289 If the mail has not been accepted or rejected yet, and the filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	290 context enables content filtering, and this is the first such recipient
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	291 in this smtp transaction, we set the content filtering parameters from
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	292 this context, and enable content filtering for the body of this message.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	293 </listitem>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	294 </orderedlist>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	295 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	296 If content filtering is enabled for this body, the mail text is decoded
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	297 (uuencode, base64, mime, html entity, url encodings), scanned for HTTP
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	298 and HTTPS URLs, and the first <configurable> host names are
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	299 checked for their presence on the single <configurable> DNSBL.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	300 The only known list that is suitable for this purpose is the SBL. If
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	301 any of those host names are on that DNSBL (or have nameservers that are
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	302 on that list), and it is not on the <configurable> ignore list,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	303 the mail is rejected. We also scan for excessive bad html tags, and if
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	304 a <configurable> limit is exceeded, the mail is rejected.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	305 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	306 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	307
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	308 <refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	309 <title>Sendmail access vs. DNSBL</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	310 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	311 With the standard sendmail.mc dnsbl FEATURE, the dnsbl checks may be
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	312 suppressed by entries in the /etc/mail/access database. For example,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	313 suppose you control a /18 of address space, and have allocated some /24s
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	314 to some clients. You have access entries like
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	315 <screen>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	316 192.168.4 OK
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	317 192.168.17 OK
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	318 </screen>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	319 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	320 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	321 to allow those clients to smarthost thru your mail server. Now if one
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	322 of those clients happens get infected with a virus that turns a machine
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	323 into an open proxy, and their 192.168.4.45 lands on the SBL-XBL, you
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	324 will still wind up allowing that infected machine to smarthost thru your
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	325 mail servers.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	326 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	327 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	328 With this DNSBL milter, the sendmail access database cannot override the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	329 dnsbl checks, so that machine won't be able to send mail to or thru your
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	330 smarthost mail server (unless the virus/proxy can use smtp-auth).
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	331 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	332 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	333 Using the standard sendmail features, you would add access entries to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	334 allow hosts on your local network to relay thru your mail server. Those
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	335 OK entries in the sendmail access database will override all the dnsbl
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	336 checks. With this DNSBL milter, you will need to have the local users
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	337 authenticate with smtp-auth to get the same effect. You might find
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	338 <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	339 url="http://www.ists.dartmouth.edu/classroom/sendmail-ssl-how-to.php">
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	340 these directions</ulink> helpful for setting up smtp-auth if you are on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	341 RH Linux.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	342 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	343 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	344
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	345 <refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	346 <title>Installation and configuration</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	347 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	348 This is a standard GNU autoconf/automake installation, so the normal
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	349 <screen>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	350 ./configure
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	351 make
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	352 su
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	353 make install
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	354 </screen>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	355 works. "make chkconfig" will setup the init.d runlevel scripts.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	356 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	357 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	358 Note that this has ONLY been tested on Linux, specifically RedHat Linux.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	359 In particular, this milter makes no attempt to understand IPv6. Your
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	360 mileage will vary. You will need at a minimum a C++ compiler with a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	361 minimally thread safe STL implementation. The distribution includes a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	362 test.cpp program. If it fails this milter won't work. If it passes,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	363 this milter might work.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	364 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	365 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	366 Modify your sendmail.mc by removing all the "FEATURE(dnsbl" lines, add
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	367 the following line in your sendmail.mc and rebuild the .cf file
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	368 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	369 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	370 <screen>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	371 INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=C:30s;S:5m;R:5m;E:5m')
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	372 </screen>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	373 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	374 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	375 Modify the default <citerefentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	376 <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	377 </citerefentry> configuration.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	378 </para>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	379
e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	380
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	381 <refsect1 id='todo.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	382 <title>Performance Issues</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	383 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	384 Consider a high volume high performance machine running sendmail. Each
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	385 sendmail process can do its own dns resolution. Typically, such dns
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	386 resolver libraries are not thread safe, and so must be protected by some
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	387 sort of mutex in a threaded environment. When we add a milter to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	388 sendmail, we now have a collection of sendmail processes, and a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	389 collection of milter threads.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	390 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	391 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	392 We will be doing a lot of dns lookups per mail message, and at least
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	393 some of those will take many tens of seconds. If all this dns work is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	394 serialized inside the milter, we have an upper limit of about 25K mail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	395 messages per day. That is clearly not sufficient for many sites.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	396 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	397 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	398 Since we want to do parallel dns resolution across those milter threads,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	399 we add another collection of dns resolver processes. Each sendmail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	400 process is talking to a milter thread over a socket, and each milter
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	401 thread is talking to a dns resolver process over another socket.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	402 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	403 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	404 Suppose we are processing 20 messages per second, and each message
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	405 requires 20 seconds of dns work. Then we will have 400 sendmail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	406 processes, 400 milter threads, and 400 dns resolver processes. Of
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	407 course that steady state is very unlikely to happen.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	408 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	409 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	410
e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	411
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	412 <refsect1 id='todo.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	413 <title>Rejected Ideas</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	414 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	415 The following ideas have been considered and rejected.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	416 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	417 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	418 Add max_recipients for each mail domain to the configuration.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	419 Recipients in excess of that limit will be rejected, and all the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	420 recipients in that domain will be removed if there are some other
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	421 whitelisted recipients. Current spammers very rarely send more than
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	422 ten recipients in a single smtp transaction, so this won't stop any
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	423 significant amount of spam.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	424 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	425 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	426 Add poison addresses to the configuration. If any recipient is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	427 poison, all recipients are rejected even if they would be whitelisted,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	428 and the data is rejected if sent. I have a collection of spam trap
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	429 addresses that would be suitable for such use. Based on my log files,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	430 any mail to those spam trap addresses is rejected based on either dnsbl
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	431 lookups or the DCC. So this won't result in blocking any additional
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	432 spam.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	433 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	434 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	435 Add an option to only allow one recipient if the return path is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	436 empty. Based on my log files, there is no mail that violates this
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	437 check.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	438 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	439 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	440 Reject the mail if the envelope from domain name contains any MX
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	441 records pointing to 127.0.0.0/8. I don't see any significant amount of
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	442 spam sent with such domain names.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	443 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	444 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	445
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	446 <refsect1 id='todo.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	447 <title>TODO</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	448 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	449 The following ideas are under consideration.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	450 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	451 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	452 Add a per-context option to reject mail if the number of digits in
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	453 the reverse dns client name exceeds some threshold.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	454 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	455 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	456
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	457 <refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	458 <title>Configuration</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	459 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	460 The configuration file is documented in <citerefentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	461 <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	462 </citerefentry>. Any change to the config file, or any file included
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	463 from that config file, will cause it to be reloaded within three
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	464 minutes.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	465 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	466 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	467
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	468 <refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	469 <title>Copyright</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	470 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	471 Copyright (C) 2005 by 510 Software Group <carl@five-ten-sg.com>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	472 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	473 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	474 This program is free software; you can redistribute it and/or modify it
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	475 under the terms of the GNU General Public License as published by the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	476 Free Software Foundation; either version 2, or (at your option) any
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	477 later version.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	478 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	479 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	480 You should have received a copy of the GNU General Public License along
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	481 with this program; see the file COPYING. If not, please write to the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	482 Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	483 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	484 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	485
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	486 <refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	487 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	488 $Id$
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	489 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	490 </refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	491 </refentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	492
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	493
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	494 <refentry id="@PACKAGE@.conf.5">
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	495 <refentryinfo>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	496 <date>2005-12-18</date>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	497 </refentryinfo>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	498
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	499 <refmeta>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	500 <refentrytitle>@PACKAGE@.conf</refentrytitle>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	501 <manvolnum>5</manvolnum>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	502 <refmiscinfo>@PACKAGE@ @VERSION@</refmiscinfo>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	503 </refmeta>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	504
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	505 <refnamediv id='name.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	506 <refname>@PACKAGE@.conf</refname>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	507 <refpurpose>configuration file for @PACKAGE@</refpurpose>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	508 </refnamediv>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	509
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	510 <refsynopsisdiv id='synopsis.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	511 <title>Synopsis</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	512 <cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	513 <command>@PACKAGE@.conf</command>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	514 </cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	515 </refsynopsisdiv>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	516
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	517 <refsect1 id='description.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	518 <title>Description</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	519 <para>The <command>@PACKAGE@.conf</command> configuration file is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	520 specified by this partial bnf description.</para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	521
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	522 <literallayout class="monospaced"><![CDATA[
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	523 CONFIG = {CONTEXT ";"}+
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	524 CONTEXT = "context" NAME "{" {STATEMENT}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	525 STATEMENT = (DNSBL \| DNSBLLIST \| CONTENT \| ENV-TO \| VERIFY \| CONTEXT \| ENV-FROM) ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	526
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	527 DNSBL = "dnsbl" NAME DNSPREFIX ERROR-MSG
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	528
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	529 DNSBLLIST = "dnsbl_list" {NAME}+
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	530
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	531 CONTENT = "content" ("on" \| "off") "{" {CONTENT-ST}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	532 CONTENT-ST = (FILTER \| IGNORE \| TLD \| HTML-TAGS \| HTML-LIMIT \| HOST-LIMIT) ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	533 FILTER = "filter" DNSPREFIX ERROR-MSG
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	534 IGNORE = "ignore" "{" {HOSTNAME [";"]}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	535 TLD = "tld" "{" {TLD [";"]}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	536 HTML-TAGS = "html_tags" "{" {HTMLTAG [";"]}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	537 ERROR-MSG = string containing exactly two %s replacement tokens for the client ip address
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	538
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	539 HTML-LIMIT = "html_limit" ("on" INTEGER ERROR-MSG \| "off")
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	540
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	541 HOST-LIMIT = "host_limit" ("on" INTEGER ERROR-MSG \| "off" \| "soft" INTEGER)
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	542
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	543 ENV-TO = "env_to" "{" {(TO-ADDR \| DCC-TO)}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	544 TO-ADDR = ADDRESS [";"]
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	545 DCC-TO = "dcc_to" ("ok" \| "many") "{" DCCINCLUDEFILE "}" ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	546
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	547 VERIFY = "verify" HOSTNAME ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	548
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	549 ENV_FROM = "env_from" [DEFAULT] "{" {(FROM-ADDR \| DCC-FROM)}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	550 FROM-ADDR = ADDRESS VALUE [";"]
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	551 DCC-FROM = "dcc_from" "{" DCCINCLUDEFILE "}" ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	552 DEFAULT = ("white" \| "black" \| "unknown" \| "inherit" \| "")
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	553 ADDRESS = (USER@ \| DOMAIN \| USER@DOMAIN)
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	554 VALUE = ("white" \| "black" \| "unknown" \| CHILD-CONTEXT-NAME)]]></literallayout>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	555 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	556
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	557 <refsect1 id='sample.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	558 <title>Sample</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	559 <literallayout class="monospaced"><![CDATA[
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	560 context sample {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	561 dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	562 dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	563 dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	564 dnsbl dul dul.dnsbl.sorbs.net "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	565 dnsbl_list local sbl dul;
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	566
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	567 content on {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	568 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	569 ignore { include "hosts-ignore.conf"; };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	570 tld { include "tld.conf"; };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	571 html_tags { include "html-tags.conf"; };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	572 html_limit on 20 "Mail containing excessive bad html tags rejected";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	573 html_limit off;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	574 host_limit on 20 "Mail containing excessive host names rejected";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	575 host_limit soft 20;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	576 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	577
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	578 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	579 # child contexts are not allowed to specify recipient addresses outside these domains
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	580 # leave this outer global context env_to empty to allow arbitrary recipients in child contexts
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	581 mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	582 customer1.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	583 customer1a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	584 customer1b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	585 customer2.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	586 customer2a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	587 customer2b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	588 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	589
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	590 context whitelist {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	591 content off {};
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	592 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	593 # dcc_to ok { include "/var/dcc/whitecommon"; }; # copy the dcc OK values (env_to) into this context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	594 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	595 env_from white {}; # white forces all unmatched from addresses (everyone in this case) to be whitelisted
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	596 # so all mail TO these env_to addresses is accepted
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	597 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	598
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	599 context abuse {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	600 dnsbl_list xbl;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	601 content off {};
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	602 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	603 abuse@; # no content filtering on abuse reports
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	604 postmaster@; # ""
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	605 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	606 env_from unknown {}; # ignore all parent white/black listing
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	607 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	608
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	609 context minimal {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	610 dnsbl_list sbl dul;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	611 content on {};
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	612 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	613 sales@mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	614 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	615 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	616
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	617 context blacklist {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	618 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	619 dcc_to many { include "/var/dcc/whitecommon"; }; # copy the dcc MANY values (env_to) into this context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	620 old-employee@mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	621 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	622 env_from black {}; # black forces all unmatched from addresses (everyone in this case) to be blacklisted
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	623 # so all mail TO these env_to addresses is rejected
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	624 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	625
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	626 context vp { # special context for the vp
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	627 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	628 vp@mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	629 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	630 env_from inherit {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	631 nai.com black; # the vp does not like nai
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	632 yahoo.com unknown; # override parent context blacklisting
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	633 mother@spammyisp.com white; # suppress dnsbl checking
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	634 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	635 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	636
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	637 context customer1 {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	638 dnsbl_list sbl dul;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	639 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	640 customer1.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	641 customer1a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	642 customer1b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	643 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	644
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	645 verify mail.customer1.com;
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	646
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	647 context customer1a {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	648 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	649 customer1a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	650 }
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	651 env_from black { # blacklist everything
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	652 first@acceptable.com unknown; # except these specific envelope senders
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	653 second@another.com unknown;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	654 yahoo.com inherit; # delegate to the parent
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	655 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	656 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	657
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	658 env_from { # default value of the default is inherit
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	659 yahoo.com black; # no mail from yahoo
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	660 first@yahoo.com unknown; # except this one
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	661 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	662 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	663
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	664 context customer2 {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	665 dnsbl_list sbl;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	666 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	667 customer2.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	668 customer2a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	669 customer2b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	670 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	671 };
104 586d5b58040a move to autoconf/automake/docbook carl parents: 103 diff changeset	672
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	673 env_from unknown {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	674 dcc_from { include "/var/dcc/whitecommon"; }; # copy the dcc OK/MANY values (env_from, substitute mail_host) into this context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	675 abuse@ abuse; # replies to abuse reports use the abuse context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	676 yahoo.com black; # don't take mail from yahoo
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	677 spammer@example.com black;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	678 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	679 };]]></literallayout>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	680 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	681
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	682 <refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	683 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	684 $Id$
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	685 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	686 </refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	687
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	688 </refentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	689 </reference>

Mercurial > dnsbl

annotate xml/dnsbl.in @ 108:1c7677042b78