dnsbl: xml/sample.conf annotate

annotate xml/sample.conf @ 12:6ac6d6b822ce stable-2-0

fix memory leak with duplicate url host names, document differences from sendmail.mc feature

author	carl
date	Fri, 23 Apr 2004 22:45:10 -0700
parents	9ca440c8d187
children	443aa0e8c6fa

rev	line source
4 15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	1 # $Id$
0 96a9758165cd Initial revision carl parents: diff changeset	2 #
96a9758165cd Initial revision carl parents: diff changeset	3 # lines start with a command token, following by argument tokens
96a9758165cd Initial revision carl parents: diff changeset	4 # tokens are separated by spaces or tabs
96a9758165cd Initial revision carl parents: diff changeset	5 #
96a9758165cd Initial revision carl parents: diff changeset	6 #
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	7 # content:
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	8 # second token is the dns suffix used for the actual lookups
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	9 # third token? is a string enclosed in single quotes, so it
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	10 # is not really a token. This is the error message, with
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	11 # up to two %s parameters for the url and the client ip
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	12 # address.
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	13 #
0 96a9758165cd Initial revision carl parents: diff changeset	14 # dnsbl:
96a9758165cd Initial revision carl parents: diff changeset	15 # second token is the name of this dnsbl
96a9758165cd Initial revision carl parents: diff changeset	16 # third token is the dns suffix used for the actual lookups
96a9758165cd Initial revision carl parents: diff changeset	17 # fourth token? is a string enclosed in single quotes, so it
96a9758165cd Initial revision carl parents: diff changeset	18 # is not really a token. This is the error message, with
96a9758165cd Initial revision carl parents: diff changeset	19 # up to two %s parameters for the client ip address.
96a9758165cd Initial revision carl parents: diff changeset	20 #
96a9758165cd Initial revision carl parents: diff changeset	21 # dnsbl_list:
96a9758165cd Initial revision carl parents: diff changeset	22 # second token is the name of this list of dnsbls
96a9758165cd Initial revision carl parents: diff changeset	23 # subsequent tokes are the names of the previously defined dnsbls
96a9758165cd Initial revision carl parents: diff changeset	24 #
96a9758165cd Initial revision carl parents: diff changeset	25 # env_from:
96a9758165cd Initial revision carl parents: diff changeset	26 # second token is the name of this envelope-from-map. There will
96a9758165cd Initial revision carl parents: diff changeset	27 # generally be multiple lines with the same name.
96a9758165cd Initial revision carl parents: diff changeset	28 # third token is the envelope from value from the smtp conversation,
96a9758165cd Initial revision carl parents: diff changeset	29 # or just the domain part that follows the @ symbol.
96a9758165cd Initial revision carl parents: diff changeset	30 # fourth token is BLACK, WHITE, or the name of a previously defined
96a9758165cd Initial revision carl parents: diff changeset	31 # envelope-from-map. BLACK causes mail from this sender to be
96a9758165cd Initial revision carl parents: diff changeset	32 # rejected with "no such user". WHITE causes mail to be accepted
96a9758165cd Initial revision carl parents: diff changeset	33 # and the dns based lists are ignored. DEFAULT may be used to override
96a9758165cd Initial revision carl parents: diff changeset	34 # the contents of other maps that are copied into this map, and
96a9758165cd Initial revision carl parents: diff changeset	35 # set that sender back to the default (not white or black listed,
96a9758165cd Initial revision carl parents: diff changeset	36 # and subject to dnsbl lookups).
96a9758165cd Initial revision carl parents: diff changeset	37 #
96a9758165cd Initial revision carl parents: diff changeset	38 # env_to:
96a9758165cd Initial revision carl parents: diff changeset	39 # second token is the envelope recipient value from the smtp conversation,
96a9758165cd Initial revision carl parents: diff changeset	40 # or just the domain part that follows the @ symbol.
96a9758165cd Initial revision carl parents: diff changeset	41 # third token is the name of a dnsbl-list, or WHITE or BLACK.
96a9758165cd Initial revision carl parents: diff changeset	42 # fourth token is the name of an envelope-from-map, or WHITE or BLACK.
96a9758165cd Initial revision carl parents: diff changeset	43 #
96a9758165cd Initial revision carl parents: diff changeset	44 # If either one is BLACK, mail to this recipient is rejected with
96a9758165cd Initial revision carl parents: diff changeset	45 # "no such user", and the dns lists are not checked.
96a9758165cd Initial revision carl parents: diff changeset	46 #
96a9758165cd Initial revision carl parents: diff changeset	47 # If the envelope-from-map name is WHITE, mail to this recipient is accepted
96a9758165cd Initial revision carl parents: diff changeset	48 # and the dns lists are not checked.
96a9758165cd Initial revision carl parents: diff changeset	49 #
96a9758165cd Initial revision carl parents: diff changeset	50 # If the envelope-from-map exists, the map is checked for the presence
96a9758165cd Initial revision carl parents: diff changeset	51 # of the sender. A WHITE or BLACK answer is definitive and the dns lists
96a9758165cd Initial revision carl parents: diff changeset	52 # are not checked.
96a9758165cd Initial revision carl parents: diff changeset	53 #
96a9758165cd Initial revision carl parents: diff changeset	54 # If the dnsbl-list name is WHITE, the dns lists are not checked and the
96a9758165cd Initial revision carl parents: diff changeset	55 # mail is accepted. Otherwise, the dns lists are checked and the mail
96a9758165cd Initial revision carl parents: diff changeset	56 # is rejected if any list has an A record for the standard dns based
96a9758165cd Initial revision carl parents: diff changeset	57 # lookup scheme (reversed octets of the client followed by the dns suffix).
96a9758165cd Initial revision carl parents: diff changeset	58 #
96a9758165cd Initial revision carl parents: diff changeset	59 #
4 15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	60 # include:
15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	61 # second token is the path name of the dnsbl milter config file to be
15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	62 # included.
15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	63 #
15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	64 #
15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	65 # include_dcc:
15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	66 # second token is the name of an envelope-from-map (EMAP below).
15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	67 # third token is the path name of the dcc whiteclnt config file to be
15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	68 # included.
15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	69 # entries from the dcc config are mapped as:
10 9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	70 # ok -> WHITE (TAG below)
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	71 # many -> BLACK (TAG below)
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	72 # env_to -> env_to xxx TAG
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	73 # env_from -> env_from EMAP xxx TAG TAG
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	74 # substitute mail_host -> env_from EMAP xxx TAG TAG
4 15a7e942adec updates to use dcc conf files carl parents: 0 diff changeset	75 #
0 96a9758165cd Initial revision carl parents: diff changeset	76 #
96a9758165cd Initial revision carl parents: diff changeset	77 #
96a9758165cd Initial revision carl parents: diff changeset	78 ##############################################
96a9758165cd Initial revision carl parents: diff changeset	79 # define the dnsbls to use
96a9758165cd Initial revision carl parents: diff changeset	80 #
96a9758165cd Initial revision carl parents: diff changeset	81 #
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	82 content sbl-xbl.spamhaus.org 'Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s'
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	83 #
0 96a9758165cd Initial revision carl parents: diff changeset	84 dnsbl LOCAL blackholes.five-ten-sg.com 'Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s'
96a9758165cd Initial revision carl parents: diff changeset	85 dnsbl SPEWS blackholes.spews.org 'Mail from %s rejected - spews; see http://www.spews.org/ask.cgi?x=%s'
96a9758165cd Initial revision carl parents: diff changeset	86 dnsbl SBL sbl-xbl.spamhaus.org 'Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s'
96a9758165cd Initial revision carl parents: diff changeset	87
96a9758165cd Initial revision carl parents: diff changeset	88
96a9758165cd Initial revision carl parents: diff changeset	89 ##############################################
96a9758165cd Initial revision carl parents: diff changeset	90 # define the (default and other) lists of dnsbls to use
96a9758165cd Initial revision carl parents: diff changeset	91 #
96a9758165cd Initial revision carl parents: diff changeset	92 dnsbl_list DEFAULT LOCAL SPEWS SBL
96a9758165cd Initial revision carl parents: diff changeset	93 dnsbl_list SIMPLE SBL
96a9758165cd Initial revision carl parents: diff changeset	94 dnsbl_list CUST1 SBL
96a9758165cd Initial revision carl parents: diff changeset	95 dnsbl_list CUST2 SPEWS SBL
96a9758165cd Initial revision carl parents: diff changeset	96
96a9758165cd Initial revision carl parents: diff changeset	97
96a9758165cd Initial revision carl parents: diff changeset	98 ##############################################
96a9758165cd Initial revision carl parents: diff changeset	99 # define the (default and other) env_from maps
96a9758165cd Initial revision carl parents: diff changeset	100 #
96a9758165cd Initial revision carl parents: diff changeset	101 env_from DEFAULT spammer@example.com BLACK
96a9758165cd Initial revision carl parents: diff changeset	102 env_from DEFAULT yahoo.com BLACK
96a9758165cd Initial revision carl parents: diff changeset	103
96a9758165cd Initial revision carl parents: diff changeset	104 # special list for the vp
96a9758165cd Initial revision carl parents: diff changeset	105 env_from TEST dummy-token DEFAULT # inherit the currently defined DEFAULT env_from mapping
96a9758165cd Initial revision carl parents: diff changeset	106 env_from TEST nai.com BLACK # the vp does not like nai
10 9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	107 env_from TEST yahoo.com DEFAULT # override the blacklisting of yahoo
0 96a9758165cd Initial revision carl parents: diff changeset	108 env_from TEST mother@spammyisp.com WHITE # suppresses dnsbl checking
96a9758165cd Initial revision carl parents: diff changeset	109
96a9758165cd Initial revision carl parents: diff changeset	110
96a9758165cd Initial revision carl parents: diff changeset	111 ##############################################
96a9758165cd Initial revision carl parents: diff changeset	112 # specify dnsbl_lists and env_from maps to use for specific recipients
96a9758165cd Initial revision carl parents: diff changeset	113 #
96a9758165cd Initial revision carl parents: diff changeset	114 env_to abuse@mydomain.com WHITE WHITE # no dnsbl, no env_from map
96a9758165cd Initial revision carl parents: diff changeset	115 env_to sales@mydomain.com SIMPLE NULL # sbl only, no env_from map
96a9758165cd Initial revision carl parents: diff changeset	116 env_to vp@mydomain.com DEFAULT TEST # allow mail from mom
96a9758165cd Initial revision carl parents: diff changeset	117 env_to old-emp@mydomain.com BLACK BLACK # return no such user even from backup mx machines
96a9758165cd Initial revision carl parents: diff changeset	118
10 9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	119
0 96a9758165cd Initial revision carl parents: diff changeset	120 ##############################################
96a9758165cd Initial revision carl parents: diff changeset	121 # specify dnsbl_lists and env_from maps to use for clients domains
96a9758165cd Initial revision carl parents: diff changeset	122 #
96a9758165cd Initial revision carl parents: diff changeset	123 env_to mydomain.com DEFAULT DEFAULT
10 9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	124 env_to customer1.com CUST1 CUST1 # all customer 1 domains use just sbl
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	125 env_to customer1a.com CUST1 CUST1
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	126 env_to customer1b.com CUST1 CUST1
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	127 env_to customer2.com CUST2 CUST2 # all customer 2 domains use spews and sbl
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	128 env_to customer2a.com CUST2 CUST2
0 96a9758165cd Initial revision carl parents: diff changeset	129
96a9758165cd Initial revision carl parents: diff changeset	130
96a9758165cd Initial revision carl parents: diff changeset	131 ##############################################
96a9758165cd Initial revision carl parents: diff changeset	132 # you can also include nested config files
96a9758165cd Initial revision carl parents: diff changeset	133 # file names are single tokens, no embedded blanks
96a9758165cd Initial revision carl parents: diff changeset	134 #
96a9758165cd Initial revision carl parents: diff changeset	135 include dnsbl.conf # this will generate a recursive include file syslog error message
5 793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	136
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	137
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	138 ##############################################
10 9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	139 #
5 793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	140 # fetch the normal dcc whitelist file and put the entries into the DEFAULT
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	141 # envelope-from-map. The ok/many tags in the DCC file turn into
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	142 # WHITE/BLACK entries when imported. The env_to entries from the DCC
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	143 # config turn into env_to entries here, and are therefore global to all
10 9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	144 # domains. The assumption is that a client will only have whitelist
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	145 # env_to entries for their own domains, in their own dcc config file. The
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	146 # env_from and substitute mail_host entries turn into env_from entries in
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	147 # the named (DEFAULT in this case) envelope-from-map.
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	148 #
5 793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	149 #
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	150 include_dcc DEFAULT /var/dcc/whitecommon
10 9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	151 include_dcc CUST1 /var/dcc/whitecommon.cust1
9ca440c8d187 integration work on url scanner carl parents: 8 diff changeset	152 include_dcc CUST2 /var/dcc/whitecommon.cust2

Mercurial > dnsbl

annotate xml/sample.conf @ 12:6ac6d6b822ce stable-2-0