Mercurial > dnsbl
annotate xml/sample.conf @ 57:419e00901570
changes to handle 5iantlavalamp.com
author | carl |
---|---|
date | Thu, 28 Oct 2004 22:48:52 -0700 |
parents | 57607387263d |
children | 1142e46be550 |
rev | line source |
---|---|
4 | 1 # $Id$ |
0 | 2 # |
3 # lines start with a command token, following by argument tokens | |
4 # tokens are separated by spaces or tabs | |
5 # | |
6 # | |
28 | 7 # tld: |
8 # second token is the tld suffix - com, net, org, etc | |
9 # | |
56
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
10 # |
20 | 11 # content: |
12 # second token is the dns suffix used for the actual lookups | |
13 # third token? is a string enclosed in single quotes, so it | |
14 # is not really a token. This is the error message, with | |
15 # up to two %s parameters for the offending host name and | |
56
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
16 # client ip address respectively. |
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
17 # |
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
18 # If this command is not present, there is no body scanning |
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
19 # for host names or bad html tags. |
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
20 # |
20 | 21 # |
57 | 22 # ignore: |
23 # second token is a host name that is allowed in the body even | |
24 # if it would otherwise be rejected by the content scanning | |
25 # above. | |
26 # | |
27 # | |
27
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
28 # host_limit: |
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
29 # second token is the integer count of the number of host names |
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
30 # or urls that are allowed in any one mail body. Zero is |
44 | 31 # unlimited. If the actual number of host names in the message |
32 # is larger than this limit, the message is rejected. | |
27
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
33 # third token? is a string enclosed in single quotes, so it |
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
34 # is not really a token. This is the error message supplied |
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
35 # to the smtp client. |
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
36 # |
56
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
37 # |
44 | 38 # host_soft_limit: |
39 # second token is the integer count of the number of host names | |
40 # or urls that are checked in any one mail body. Zero is | |
41 # unlimited. If the actual number of host names in the message | |
42 # is larger than this limit, only a random selection of them | |
43 # are checked against the dnsbl. | |
44 # | |
56
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
45 # |
24 | 46 # html_limit: |
27
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
47 # second token is the integer count of the number of bad html tags |
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
48 # that are allowed in any one mail body. Zero is unlimited. |
24 | 49 # third token? is a string enclosed in single quotes, so it |
50 # is not really a token. This is the error message supplied | |
51 # to the smtp client. | |
52 # | |
56
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
53 # |
24 | 54 # html_tag: |
55 # second token is a valid html tag, that is added to the list | |
56 # of valid tags. Any html tag seen in the mail bodies that | |
57 # that is not in this list is presumed to be invalid. | |
58 # | |
56
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
59 # |
0 | 60 # dnsbl: |
61 # second token is the name of this dnsbl | |
62 # third token is the dns suffix used for the actual lookups | |
63 # fourth token? is a string enclosed in single quotes, so it | |
64 # is not really a token. This is the error message, with | |
65 # up to two %s parameters for the client ip address. | |
66 # | |
56
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
67 # |
0 | 68 # dnsbl_list: |
69 # second token is the name of this list of dnsbls | |
70 # subsequent tokes are the names of the previously defined dnsbls | |
71 # | |
56
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
72 # |
0 | 73 # env_from: |
74 # second token is the name of this envelope-from-map. There will | |
75 # generally be multiple lines with the same name. | |
76 # third token is the envelope from value from the smtp conversation, | |
77 # or just the domain part that follows the @ symbol. | |
78 # fourth token is BLACK, WHITE, or the name of a previously defined | |
79 # envelope-from-map. BLACK causes mail from this sender to be | |
80 # rejected with "no such user". WHITE causes mail to be accepted | |
81 # and the dns based lists are ignored. DEFAULT may be used to override | |
82 # the contents of other maps that are copied into this map, and | |
83 # set that sender back to the default (not white or black listed, | |
84 # and subject to dnsbl lookups). | |
85 # | |
56
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
86 # |
0 | 87 # env_to: |
88 # second token is the envelope recipient value from the smtp conversation, | |
89 # or just the domain part that follows the @ symbol. | |
90 # third token is the name of a dnsbl-list, or WHITE or BLACK. | |
91 # fourth token is the name of an envelope-from-map, or WHITE or BLACK. | |
92 # | |
93 # If either one is BLACK, mail to this recipient is rejected with | |
94 # "no such user", and the dns lists are not checked. | |
95 # | |
96 # If the envelope-from-map name is WHITE, mail to this recipient is accepted | |
97 # and the dns lists are not checked. | |
98 # | |
99 # If the envelope-from-map exists, the map is checked for the presence | |
100 # of the sender. A WHITE or BLACK answer is definitive and the dns lists | |
101 # are not checked. | |
102 # | |
103 # If the dnsbl-list name is WHITE, the dns lists are not checked and the | |
104 # mail is accepted. Otherwise, the dns lists are checked and the mail | |
105 # is rejected if any list has an A record for the standard dns based | |
106 # lookup scheme (reversed octets of the client followed by the dns suffix). | |
107 # | |
108 # | |
4 | 109 # include: |
110 # second token is the path name of the dnsbl milter config file to be | |
111 # included. | |
112 # | |
113 # | |
114 # include_dcc: | |
115 # second token is the name of an envelope-from-map (EMAP below). | |
116 # third token is the path name of the dcc whiteclnt config file to be | |
56
57607387263d
updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents:
54
diff
changeset
|
117 # included. Entries from the dcc config are mapped as: |
14 | 118 # ok -> WHITE |
119 # many -> BLACK | |
120 # env_from -> env_from EMAP xxx | |
121 # env_to -> env_to | |
122 # substitute mail_host -> env_from EMAP xxx | |
4 | 123 # |
0 | 124 # |
125 # | |
126 ############################################## | |
24 | 127 # content scanning parameters |
128 # | |
129 content sbl-xbl.spamhaus.org 'Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s' | |
27
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
130 host_limit 20 'Mail containing too many host names rejected' |
44 | 131 host_soft_limit 20 |
27
43a4f6b3e668
add configurable host name limit and bad html tag limits.
carl
parents:
24
diff
changeset
|
132 html_limit 20 'Mail containing excessive bad html tags rejected' |
57 | 133 include hosts-ignore.conf |
24 | 134 include html-tags.conf |
28 | 135 include tld.conf |
24 | 136 |
137 | |
138 ############################################## | |
0 | 139 # define the dnsbls to use |
140 # | |
141 dnsbl LOCAL blackholes.five-ten-sg.com 'Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s' | |
142 dnsbl SPEWS blackholes.spews.org 'Mail from %s rejected - spews; see http://www.spews.org/ask.cgi?x=%s' | |
143 dnsbl SBL sbl-xbl.spamhaus.org 'Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s' | |
144 | |
145 | |
146 ############################################## | |
147 # define the (default and other) lists of dnsbls to use | |
148 # | |
149 dnsbl_list DEFAULT LOCAL SPEWS SBL | |
150 dnsbl_list SIMPLE SBL | |
151 dnsbl_list CUST1 SBL | |
152 dnsbl_list CUST2 SPEWS SBL | |
153 | |
154 | |
155 ############################################## | |
156 # define the (default and other) env_from maps | |
157 # | |
158 env_from DEFAULT spammer@example.com BLACK | |
159 env_from DEFAULT yahoo.com BLACK | |
160 | |
161 # special list for the vp | |
162 env_from TEST dummy-token DEFAULT # inherit the currently defined DEFAULT env_from mapping | |
163 env_from TEST nai.com BLACK # the vp does not like nai | |
14 | 164 env_from TEST yahoo.com DEFAULT # |
0 | 165 env_from TEST mother@spammyisp.com WHITE # suppresses dnsbl checking |
166 | |
167 | |
168 ############################################## | |
169 # specify dnsbl_lists and env_from maps to use for specific recipients | |
170 # | |
171 env_to abuse@mydomain.com WHITE WHITE # no dnsbl, no env_from map | |
172 env_to sales@mydomain.com SIMPLE NULL # sbl only, no env_from map | |
173 env_to vp@mydomain.com DEFAULT TEST # allow mail from mom | |
174 env_to old-emp@mydomain.com BLACK BLACK # return no such user even from backup mx machines | |
175 | |
176 ############################################## | |
177 # specify dnsbl_lists and env_from maps to use for clients domains | |
178 # | |
179 env_to mydomain.com DEFAULT DEFAULT | |
14 | 180 env_to customer1.com CUST1 DEFAULT # all customer 1 domains use just sbl |
181 env_to customer1a.com CUST1 DEFAULT | |
182 env_to customer1b.com CUST1 DEFAULT | |
183 env_to customer2.com CUST2 DEFAULT # all customer 2 domains use spews and sbl | |
184 env_to customer2a.com CUST2 DEFAULT | |
0 | 185 |
186 | |
187 ############################################## | |
188 # you can also include nested config files | |
189 # file names are single tokens, no embedded blanks | |
190 # | |
191 include dnsbl.conf # this will generate a recursive include file syslog error message | |
14 | 192 include_dcc DEFAULT /var/dcc/whitecommon # this includes the default dcc whitelist file |