Mercurial > dnsbl
annotate xml/dnsbl.in @ 92:505e77188317
optimize verification step, cleanup documentation
| author | carl |
|---|---|
| date | Wed, 21 Sep 2005 08:00:08 -0700 |
| parents | 962a1f8f1d9f |
| children | e107ade3b1c0 |
| rev | line source |
|---|---|
|
88
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
1 <html> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
2 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
3 <head> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
4 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> |
| 92 | 5 <title>DNSBL Sendmail milter - Version 5.5</title> |
|
88
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
6 </head> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
7 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
8 <center>Introduction</center> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
9 <p>This milter is released under the GPL license version 2 included in |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
10 the LICENSE file in the distribution, and also available at |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
11 <a href="http://www.gnu.org/licenses/gpl.html">http://www.gnu.org/licenses/gpl.html</a> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
12 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
13 <p>Consider the case of a mail server that is acting as secondary MX for |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
14 a collection of clients, each of which has a collection of mail domains. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
15 Each client may use their own collection of DNSBLs on their primary mail |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
16 server. We present here a mechanism whereby the backup mail server can |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
17 use the correct set of DNSBLs for each recipient for each message. As a |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
18 side-effect, it gives us the ability to customize the set of DNSBLs on a |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
19 per-recipient basis, so that fred@example.com could use SPEWS and the |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
20 SBL, where all other users @example.com use only the SBL. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
21 |
| 92 | 22 <p>This milter can also verify the envelope from/recipient pairs with |
| 23 the primary MX server. This allows the backup mail servers to properly | |
| 24 reject mail sent to invalid addresses. Otherwise, the backup mail | |
| 25 servers will accept that mail, and then generate a bounce message when | |
| 26 the message is forwarded to the primary server (and rejected there with | |
| 27 no such user). | |
| 28 | |
|
88
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
29 <p>This milter will also decode (uuencode, base64, mime, html entity, |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
30 url encodings) and scan for HTTP and HTTPS URLs and bare hostnames in |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
31 the body of the mail. If any of those host names have A or NS records |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
32 on the SBL (or a single configurable DNSBL), the mail will be rejected |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
33 unless previously whitelisted. This milter also counts the number of |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
34 invalid HTML tags, and can reject mail if that count exceeds your |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
35 specified limit. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
36 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
37 <p>The DNSBL milter reads a text configuration file (dnsbl.conf) on |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
38 startup, and whenever the config file (or any of the referenced include |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
39 files) is changed. The entire configuration file is case insensitive. |
| 89 | 40 If the configuration cannot be loaded due to a syntax error, the milter |
| 41 will log the error and quit. If the configuration cannot be reloaded | |
| 42 after being modified, the milter will log the error and send an email to | |
| 43 root from dnsbl@$hostname. You probably want to added dnsbl@$hostname | |
| 44 to your /etc/mail/virtusertable since otherwise sendmail will reject | |
| 45 that message. | |
|
88
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
46 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
47 <hr> <center>DCC Issues</center> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
48 <p>If you are also using the <a |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
49 href="http://www.rhyolite.com/anti-spam/dcc/">DCC</a> milter, there are |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
50 a few considerations. You may need to whitelist senders from the DCC |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
51 bulk detector, or from the DNS based lists. Those are two very |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
52 different reasons for whitelisting. The former is done thru the DCC |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
53 whiteclnt config file, the later is done thru the DNSBL milter config |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
54 file. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
55 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
56 <p>You may want to blacklist some specific senders or sending domains. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
57 This could be done thru either the DCC (on a global basis, or for a |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
58 specific single recipient). We prefer to do such blacklisting via the |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
59 DNSBL milter config, since it can be done for a collection of recipient |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
60 mail domains. The DCC approach has the feature that you can capture the |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
61 entire message in the DCC log files. The DNSBL milter approach has the |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
62 feature that the mail is rejected earlier (at RCPT TO time), and the |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
63 sending machine just gets a generic "550 5.7.1 no such user" message. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
64 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
65 <p>The DCC whiteclnt file can be included in the DNSBL milter config by |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
66 the dcc_to and dcc_from statements. This will import the (env_to, |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
67 env_from, and substitute mail_host) entries from the DCC config into the |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
68 DNSBL config. This allows using the DCC config as the single point for |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
69 white/blacklisting. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
70 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
71 <p>Consider the case where you have multiple clients, each with their |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
72 own mail servers, and each running their own DCC milters. Each client |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
73 is using the DCC facilities for envelope from/to white/blacklisting. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
74 Presumably you can use rsync or scp to fetch copies of your clients DCC |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
75 whiteclnt files on a regular basis. Your mail server, acting as a |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
76 backup MX for your clients, can use the DNSBL milter, and include those |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
77 client DCC config files. The envelope from/to white/blacklisting will |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
78 be appropriately tagged and used only for the domains controlled by each |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
79 of those clients. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
80 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
81 <hr> <center>Definitions</center> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
82 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
83 <p>CONTEXT - a collection of parameters that defines the filtering |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
84 context to be used for a collection of envelope recipient addresses. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
85 The context includes such things as the list of DNSBLs to be used, and |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
86 the various content filtering parameters. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
87 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
88 <p>DNSBL - a named DNS based blocking list is defined by a dns suffix |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
89 (e.g. sbl-xbl.spamhaus.org) and a message string that is used to |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
90 generate the "550 5.7.1" smtp error return code. The names of these |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
91 DNSBLs will be used to define the DNSBL-LISTs. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
92 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
93 <p>DNSBL-LIST - a named list of DNSBLs that will be used for specific |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
94 recipients or recipient domains. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
95 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
96 <hr> <center>Filtering Procedure</center> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
97 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
98 <p>If the client has authenticated with sendmail, the mail is accepted, |
|
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
89
diff
changeset
|
99 the filtering contexts are not used, the dns lists are not checked, and |
|
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
89
diff
changeset
|
100 the body content is not scanned. Otherwise, we follow these steps for |
|
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
89
diff
changeset
|
101 each recipient. |
|
88
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
102 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
103 <ol> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
104 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
105 <li>The envelope to email address is used to find an initial filtering |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
106 context. We first look for a context that specified the full email |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
107 address in the env_to statement. If that is not found, we look for a |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
108 context that specified the entire domain name of the envelope recipient |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
109 in the env_to statement. If that is not found, we look for a context |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
110 that specified the user@ part of the envelope recipient in the env_to |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
111 statement. If that is not found, we use the first top level context |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
112 defined in the config file. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
113 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
114 <br><br><li>The initial filtering context may redirect to a child |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
115 context based on the values in the initial context's env_from statement. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
116 We look for [1) the full envelope from email address, 2) the domain name |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
117 part of the envelope from address, 3) the user@ part of the envelope |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
118 from address] in that context's env_from statement, with values that |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
119 point to a child context. If such an entry is found, we switch to that |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
120 child filtering context. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
121 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
122 <br><br><li>We lookup [1) the full envelope from email address, 2) the |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
123 domain name part of the envelope from address, 3) the user@ part of the |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
124 envelope from address] in the filtering context env_from statement. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
125 That results in one of (white, black, unknown, inherit). |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
126 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
127 <br><br><li>If the answer is black, mail to this recipient is rejected |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
128 with "no such user", and the dns lists are not checked. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
129 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
130 <br><br><li>If the answer is white, mail to this recipient is accepted |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
131 and the dns lists are not checked. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
132 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
133 <br><br><li>If the answer is unknown, we don't reject yet, but the dns |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
134 lists will be checked, and the content may be scanned. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
135 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
136 <br><br><li>If the answer is inherit, we repeat the envelope from search |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
137 in the parent context. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
138 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
139 <br><br><li>The dns lists specified in the filtering context are checked |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
140 and the mail is rejected if any list has an A record for the standard |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
141 dns based lookup scheme (reversed octets of the client followed by the |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
142 dns suffix). |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
143 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
144 <br><br><li>If the mail has not been accepted or rejected yet, and the |
| 92 | 145 filtering context specifies a verification host, and the envelope to |
| 146 email address is covered by this filtering context, and the verification | |
| 147 host is not our own hostname, we open an smtp conversation with that | |
| 148 verification host. The current envelope from and recipient to values | |
| 149 are passed to that verification host. If we receive a 5xy response | |
| 150 those commands, we reject the current recipient with "no such user". | |
| 151 | |
| 152 <br><br><li>If the mail has not been accepted or rejected yet, and the | |
|
88
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
153 filtering context enables content filtering, and this is the first such |
| 92 | 154 recipient in this smtp transaction, we set the content filtering |
| 155 parameters from this context, and enable content filtering for the body | |
| 156 of this message. | |
|
88
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
157 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
158 </ol> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
159 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
160 <p>If content filtering is enabled for this body, the mail text is |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
161 decoded (uuencode, base64, mime, html entity, url encodings), scanned |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
162 for HTTP and HTTPS URLs, and the first <configurable> host names |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
163 are checked for their presence on the single <configurable> DNSBL. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
164 The only known list that is suitable for this purpose is the SBL. If |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
165 any of those host names are on that DNSBL (or have nameservers that are |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
166 on that list), and it is not on the <configurable> ignore list, |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
167 the mail is rejected. We also scan for excessive bad html tags, and if |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
168 a <configurable> limit is exceeded, the mail is rejected. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
169 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
170 <hr> <center>Sendmail access vs. DNSBL</center> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
171 <p>With the standard sendmail.mc dnsbl FEATURE, the dnsbl checks may be |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
172 suppressed by entries in the /etc/mail/access database. For example, |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
173 suppose you control a /18 of address space, and have allocated some /24s |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
174 to some clients. You have access entries like |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
175 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
176 <pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
177 192.168.4 OK |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
178 192.168.17 OK |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
179 </pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
180 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
181 <p>to allow those clients to smarthost thru your mail server. Now if |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
182 one of those clients happens get infected with a virus that turns a |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
183 machine into an open proxy, and their 192.168.4.45 lands on the SBL-XBL, |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
184 you will still wind up allowing that infected machine to smarthost thru |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
185 your mail servers. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
186 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
187 <p>With this DNSBL milter, the sendmail access database cannot override |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
188 the dnsbl checks, so that machine won't be able to send mail to or thru |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
189 your smarthost mail server (unless the virus/proxy can use smtp-auth). |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
190 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
191 <p>Using the standard sendmail features, you would add access entries to |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
192 allow hosts on your local network to relay thru your mail server. Those |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
193 OK entries in the sendmail access database will override all the dnsbl |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
194 checks. With this DNSBL milter, you will need to have the local users |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
195 authenticate with smtp-auth to get the same effect. You might find <a |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
196 href="http://www.ists.dartmouth.edu/classroom/sendmail-ssl-how-to.php"> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
197 these directions</a> helpful for setting up smtp-auth if you are on RH |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
198 Linux. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
199 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
200 <hr> <center>Installation and configuration</center> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
201 <p>Usage: Note that this has ONLY been tested on Linux, specifically |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
202 RedHat Linux. In particular, this milter makes no attempt to understand |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
203 IPv6. Your mileage will vary. You will need at a minimum a C++ |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
204 compiler with a minimally thread safe STL implementation. The |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
205 distribution includes a test.cpp program. If it fails this milter won't |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
206 work. If it passes, this milter might work. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
207 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
208 Fetch <a href="http://www.five-ten-sg.com/util/dnsbl.tar.gz">dnsbl.tar.gz</a> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
209 and |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
210 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
211 <pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
212 tar xfvz dnsbl.tar.gz |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
213 bash install.bash |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
214 </pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
215 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
216 Read and understand the contents of that install.bash script before you |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
217 run it. It may not be suitable for your system. Modify your |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
218 sendmail.mc by removing all the "FEATURE(dnsbl" lines, add the following |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
219 line in your sendmail.mc and rebuild the .cf file |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
220 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
221 <pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
222 INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=C:30s;S:5m;R:5m;E:5m') |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
223 </pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
224 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
225 Read the sample <a |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
226 href="http://www.five-ten-sg.com/dnsbl.conf">/etc/dnsbl/dnsbl.conf</a> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
227 file and modify it to fit your configuration. You can test your |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
228 configuration files, and see a readable internal dump of them on stdout |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
229 with |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
230 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
231 <pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
232 cd /etc/dnsbl |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
233 /usr/sbin/dnsbl -c |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
234 </pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
235 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
236 You can check a specific envelope from/to pair with |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
237 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
238 <pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
239 cd /etc/dnsbl |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
240 from="$1" # or your from address |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
241 to="$2" # or your to address |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
242 /usr/sbin/dnsbl -e "$from"'|'"$to" |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
243 </pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
244 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
245 <hr> <center>Performance issues</center> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
246 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
247 <p>Consider a high volume high performance machine running sendmail. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
248 Each sendmail process can do its own dns resolution. Typically, such |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
249 dns resolver libraries are not thread safe, and so must be protected by |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
250 some sort of mutex in a threaded environment. When we add a milter to |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
251 sendmail, we now have a collection of sendmail processes, and a |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
252 collection of milter threads. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
253 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
254 <p>We will be doing a lot of dns lookups per mail message, and at least |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
255 some of those will take many tens of seconds. If all this dns work is |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
256 serialized inside the milter, we have an upper limit of about 25K mail |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
257 messages per day. That is clearly not sufficient for many sites. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
258 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
259 <p>Since we want to do parallel dns resolution across those milter |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
260 threads, we add another collection of dns resolver processes. Each |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
261 sendmail process is talking to a milter thread over a socket, and each |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
262 milter thread is talking to a dns resolver process over another socket. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
263 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
264 <p>Suppose we are processing 20 messages per second, and each message |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
265 requires 20 seconds of dns work. Then we will have 400 sendmail |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
266 processes, 400 milter threads, and 400 dns resolver processes. Of |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
267 course that steady state is very unlikely to happen. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
268 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
269 <hr> <center>Rejected Ideas</center> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
270 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
271 <p>The following ideas have been considered and rejected. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
272 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
273 <p>Add max_recipients for each mail domain to the configuration. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
274 Recipients in excess of that limit will be rejected, and all the |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
275 recipients in that domain will be removed if there are some other |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
276 whitelisted recipients. Current spammers *very* rarely send more than |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
277 ten recipients in a single smtp transaction, so this won't stop |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
278 any significant amount of spam. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
279 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
280 <p>Add poison addresses to the configuration. If any recipient is |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
281 poison, all recipients are rejected even if they would be whitelisted, |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
282 and the data is rejected if sent. I have a collection of spam trap |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
283 addresses that would be suitable for such use. Based on my log files, |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
284 any mail to those spam trap addresses is rejected based on either dnsbl |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
285 lookups or the DCC. So this won't result in blocking any additional |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
286 spam. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
287 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
288 <p>Add an option to only allow one recipient if the return path is |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
289 empty. Based on my log files, there is no mail that violates this |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
290 check. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
291 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
292 <p>Reject the mail if the envelope from domain name contains any MX |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
293 records pointing to 127.0.0.0/8. I don't see any significant amount of spam |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
294 sent with such domain names. |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
295 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
296 |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
297 <pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
298 $Id$ |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
299 </pre> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
300 </body> |
|
7245c45cef7a
fix for missing default return value in CONTEXT::acceptable_content()
carl
parents:
87
diff
changeset
|
301 </html> |