dnsbl: xml/dnsbl.in annotate

annotate xml/dnsbl.in @ 128:9ab51896447f stable-5-18

don't do uribl lookups on rfc1918 address space

author	carl
date	Thu, 27 Apr 2006 10:05:43 -0700
parents	2b1a4701e856
children	f4746d8a12a3

rev	line source
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	1 <reference>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	2 <title>@PACKAGE@ Sendmail milter - Version @VERSION@</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	3 <partintro>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	4 <title>Packages</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	5 <para>The various source and binary packages are available at <ulink
114 f4f5fb263072 cleanup list of tlds, add trailing / on http package directory reference carl parents: 111 diff changeset	6 url="http://www.five-ten-sg.com/@PACKAGE@/packages/">http://www.five-ten-sg.com/@PACKAGE@/packages/</ulink>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	7 The most recent documentation is available at <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	8 url="http://www.five-ten-sg.com/@PACKAGE@/">http://www.five-ten-sg.com/@PACKAGE@/</ulink>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	9 </para>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	10
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	11 </partintro>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	12
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	13 <refentry id="@PACKAGE@.1">
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	14 <refentryinfo>
115 07e5d4721213 use larger resolver buffer carl parents: 114 diff changeset	15 <date>2006-01-08</date>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	16 </refentryinfo>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	17
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	18 <refmeta>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	19 <refentrytitle>@PACKAGE@</refentrytitle>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	20 <manvolnum>1</manvolnum>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	21 <refmiscinfo>@PACKAGE@ @VERSION@</refmiscinfo>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	22 </refmeta>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	23
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	24 <refnamediv id='name.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	25 <refname>@PACKAGE@</refname>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	26 <refpurpose>a sendmail milter with per-user dnsbl filtering</refpurpose>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	27 </refnamediv>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	28
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	29 <refsynopsisdiv id='synopsis.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	30 <title>Synopsis</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	31 <cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	32 <command>@PACKAGE@</command>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	33 <arg><option>-c</option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	34 <arg><option>-s</option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	35 <arg><option>-d <replaceable class="parameter">n</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	36 <arg><option>-e <replaceable class="parameter">from\|to</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	37 <arg><option>-r <replaceable class="parameter">local-domain-socket</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	38 <arg><option>-p <replaceable class="parameter">sendmail-socket</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	39 <arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	40 </cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	41 </refsynopsisdiv>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	42
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	43 <refsect1 id='options.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	44 <title>Options</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	45 <variablelist>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	46 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	47 <term>-c</term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	48 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	49 Load the configuration file, print a cannonical form
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	50 of the configuration on stdout, and exit.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	51 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	52 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	53 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	54 <term>-s</term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	55 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	56 Stress test the configuration loading code by repeating
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	57 the load/free cycle in an infinite loop.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	58 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	59 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	60 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	61 <term>-d <replaceable class="parameter">n</replaceable></term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	62 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	63 Set the debug level to <replaceable class="parameter">n</replaceable>.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	64 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	65 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	66 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	67 <term>-e <replaceable class="parameter">from\|to</replaceable></term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	68 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	69 Print the results of looking up the from and to addresses in the
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	70 current configuration. The \| character is used to separate the from and to
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	71 addresses in the argument to the -e switch.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	72 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	73 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	74 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	75 <term>-r <replaceable class="parameter">local-domain-socket</replaceable></term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	76 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	77 Set the local socket used for the connection to our own dns resolver processes.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	78 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	79 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	80 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	81 <term>-p <replaceable class="parameter">sendmail-socket</replaceable></term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	82 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	83 Set the socket used for the milter connection to sendmail. This is either
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	84 "inet:port@ip-address" or "local:local-domain-socket-file-name".
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	85 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	86 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	87 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	88 <term>-t <replaceable class="parameter">timeout</replaceable></term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	89 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	90 Set the timeout in seconds used for communication with sendmail.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	91 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	92 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	93 </variablelist>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	94 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	95
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	96 <refsect1 id='usage.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	97 <title>Usage</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	98 <para><command>@PACKAGE@</command> -c</para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	99 <para><command>@PACKAGE@</command> -s</para>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	100 <para><command>@PACKAGE@</command> -e 'someone@aol.com\|localname@mydomain.tld'</para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	101 <para><command>@PACKAGE@</command> -d 10 -r resolver.sock -p local:dnsbl.sock</para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	102 </refsect1>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	103
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	104 <refsect1 id='installation.1'>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	105 <title>Installation</title>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	106 <para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	107 This is now a standard GNU autoconf/automake installation, so the normal
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	108 "./configure; make; su; make install" works. "make chkconfig" will
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	109 setup the init.d runlevel scripts. Alternatively, you can use the
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	110 source or binary RPMs at <ulink
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	111 url="http://www.five-ten-sg.com/@PACKAGE@/packages">http://www.five-ten-sg.com/@PACKAGE@/packages</ulink>.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	112 </para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	113 <para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	114 Note that this has ONLY been tested on Linux, specifically RedHat Linux.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	115 In particular, this milter makes no attempt to understand IPv6. Your
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	116 mileage will vary. You will need at a minimum a C++ compiler with a
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	117 minimally thread safe STL implementation. The distribution includes a
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	118 test.cpp program. If it fails this milter won't work. If it passes,
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	119 this milter might work.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	120 </para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	121 <para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	122 Modify your sendmail.mc by removing all the "FEATURE(dnsbl" lines, add
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	123 the following line in your sendmail.mc and rebuild the .cf file
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	124 </para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	125 <para><screen>INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=C:30s;S:5m;R:5m;E:5m')</screen></para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	126 <para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	127 Modify the default <citerefentry>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	128 <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	129 </citerefentry> configuration.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	130 </para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	131 </refsect1>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	132
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	133 <refsect1 id='configuration.1'>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	134 <title>Configuration</title>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	135 <para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	136 The configuration file is documented in <citerefentry>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	137 <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	138 </citerefentry>. Any change to the config file, or any file included
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	139 from that config file, will cause it to be reloaded within three
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	140 minutes.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	141 </para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	142 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	143
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	144 <refsect1 id='introduction.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	145 <title>Introduction</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	146 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	147 Consider the case of a mail server that is acting as secondary MX for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	148 collection of clients, each of which has a collection of mail domains.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	149 Each client may use their own collection of DNSBLs on their primary mail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	150 server. We present here a mechanism whereby the backup mail server can
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	151 use the correct set of DNSBLs for each recipient for each message. As a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	152 side-effect, it gives us the ability to customize the set of DNSBLs on a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	153 per-recipient basis, so that fred@example.com could use SPEWS and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	154 SBL, where all other users @example.com use only the SBL.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	155 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	156 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	157 This milter can also verify the envelope from/recipient pairs with the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	158 primary MX server. This allows the backup mail servers to properly
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	159 reject mail sent to invalid addresses. Otherwise, the backup mail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	160 servers will accept that mail, and then generate a bounce message when
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	161 the message is forwarded to the primary server (and rejected there with
127 2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	162 no such user). These rejections are the primary cause of such backscatter.
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	163 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	164 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	165 This milter will also decode (uuencode, base64, mime, html entity, url
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	166 encodings) and scan for HTTP and HTTPS URLs and bare hostnames in the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	167 body of the mail. If any of those host names have A or NS records on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	168 the SBL (or a single configurable DNSBL), the mail will be rejected
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	169 unless previously whitelisted. This milter also counts the number of
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	170 invalid HTML tags, and can reject mail if that count exceeds your
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	171 specified limit.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	172 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	173 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	174 The DNSBL milter reads a text configuration file (dnsbl.conf) on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	175 startup, and whenever the config file (or any of the referenced include
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	176 files) is changed. The entire configuration file is case insensitive.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	177 If the configuration cannot be loaded due to a syntax error, the milter
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	178 will log the error and quit. If the configuration cannot be reloaded
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	179 after being modified, the milter will log the error and send an email to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	180 root from dnsbl@$hostname. You probably want to added dnsbl@$hostname
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	181 to your /etc/mail/virtusertable since otherwise sendmail will reject
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	182 that message.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	183 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	184 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	185
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	186 <refsect1 id='dcc.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	187 <title>DCC Issues</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	188 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	189 If you are also using the <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	190 url="http://www.rhyolite.com/anti-spam/dcc/">DCC</ulink> milter, there
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	191 are a few considerations. You may need to whitelist senders from the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	192 DCC bulk detector, or from the DNS based lists. Those are two very
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	193 different reasons for whitelisting. The former is done thru the DCC
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	194 whiteclnt config file, the later is done thru the DNSBL milter config
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	195 file.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	196 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	197 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	198 You may want to blacklist some specific senders or sending domains.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	199 This could be done thru either the DCC (on a global basis, or for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	200 specific single recipient). We prefer to do such blacklisting via the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	201 DNSBL milter config, since it can be done for a collection of recipient
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	202 mail domains. The DCC approach has the feature that you can capture the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	203 entire message in the DCC log files. The DNSBL milter approach has the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	204 feature that the mail is rejected earlier (at RCPT TO time), and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	205 sending machine just gets a generic "550 5.7.1 no such user" message.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	206 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	207 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	208 The DCC whiteclnt file can be included in the DNSBL milter config by the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	209 dcc_to and dcc_from statements. This will import the (env_to, env_from,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	210 and substitute mail_host) entries from the DCC config into the DNSBL
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	211 config. This allows using the DCC config as the single point for
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	212 white/blacklisting.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	213 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	214 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	215 Consider the case where you have multiple clients, each with their own
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	216 mail servers, and each running their own DCC milters. Each client is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	217 using the DCC facilities for envelope from/to white/blacklisting.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	218 Presumably you can use rsync or scp to fetch copies of your clients DCC
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	219 whiteclnt files on a regular basis. Your mail server, acting as a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	220 backup MX for your clients, can use the DNSBL milter, and include those
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	221 client DCC config files. The envelope from/to white/blacklisting will
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	222 be appropriately tagged and used only for the domains controlled by each
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	223 of those clients.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	224 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	225 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	226
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	227 <refsect1 id='definitions.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	228 <title>Definitions</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	229 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	230 CONTEXT - a collection of parameters that defines the filtering context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	231 to be used for a collection of envelope recipient addresses. The
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	232 context includes such things as the list of DNSBLs to be used, and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	233 various content filtering parameters.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	234 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	235 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	236 DNSBL - a named DNS based blocking list is defined by a dns suffix (e.g.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	237 sbl-xbl.spamhaus.org) and a message string that is used to generate the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	238 "550 5.7.1" smtp error return code. The names of these DNSBLs will be
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	239 used to define the DNSBL-LISTs.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	240 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	241 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	242 DNSBL-LIST - a named list of DNSBLs that will be used for specific
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	243 recipients or recipient domains.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	244 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	245 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	246
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	247 <refsect1 id='filtering.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	248 <title>Filtering Procedure</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	249 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	250 If the client has authenticated with sendmail, the mail is accepted, the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	251 filtering contexts are not used, the dns lists are not checked, and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	252 body content is not scanned. Otherwise, we follow these steps for each
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	253 recipient.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	254 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	255 <orderedlist>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	256 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	257 The envelope to email address is used to find an initial filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	258 context. We first look for a context that specified the full email
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	259 address in the env_to statement. If that is not found, we look for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	260 context that specified the entire domain name of the envelope recipient
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	261 in the env_to statement. If that is not found, we look for a context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	262 that specified the user@ part of the envelope recipient in the env_to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	263 statement. If that is not found, we use the first top level context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	264 defined in the config file.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	265 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	266 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	267 The initial filtering context may redirect to a child context based on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	268 the values in the initial context's env_from statement. We look for [1)
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	269 the full envelope from email address, 2) the domain name part of the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	270 envelope from address, 3) the user@ part of the envelope from address]
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	271 in that context's env_from statement, with values that point to a child
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	272 context. If such an entry is found, we switch to that child filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	273 context.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	274 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	275 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	276 We lookup [1) the full envelope from email address, 2) the domain name
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	277 part of the envelope from address, 3) the user@ part of the envelope
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	278 from address] in the filtering context env_from statement. That results
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	279 in one of (white, black, unknown, inherit).
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	280 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	281 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	282 If the answer is black, mail to this recipient is rejected with "no such
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	283 user", and the dns lists are not checked.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	284 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	285 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	286 If the answer is white, mail to this recipient is accepted and the dns
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	287 lists are not checked.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	288 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	289 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	290 If the answer is unknown, we don't reject yet, but the dns lists will be
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	291 checked, and the content may be scanned.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	292 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	293 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	294 If the answer is inherit, we repeat the envelope from search in the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	295 parent context.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	296 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	297 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	298 The dns lists specified in the filtering context are checked and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	299 mail is rejected if any list has an A record for the standard dns based
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	300 lookup scheme (reversed octets of the client followed by the dns
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	301 suffix).
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	302 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	303 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	304 If the mail has not been accepted or rejected yet, we look for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	305 verification context, which is the closest ancestor of the filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	306 context that both specifies a verification host, and which covers the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	307 envelope to address. If we find such a verification context, and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	308 verification host is not our own hostname, we open an smtp conversation
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	309 with that verification host. The current envelope from and recipient to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	310 values are passed to that verification host. If we receive a 5xy
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	311 response those commands, we reject the current recipient with "no such
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	312 user".
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	313 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	314 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	315 If the mail has not been accepted or rejected yet, and the filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	316 context enables content filtering, and this is the first such recipient
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	317 in this smtp transaction, we set the content filtering parameters from
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	318 this context, and enable content filtering for the body of this message.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	319 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	320 </orderedlist>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	321 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	322 If content filtering is enabled for this body, the mail text is decoded
119 d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	323 (uuencode, base64, mime, html entity, url encodings), and scanned for HTTP
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	324 and HTTPS URLs or bare host names. Hostnames must be either ip address
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	325 literals, or must end in a string defined by the TLD list. The first
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	326 <configurable> host names are checked as follows.
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	327 </para>
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	328 <para>
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	329 The only known list that is suitable for the content filter DNSBL is the
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	330 SBL. If the content filter DNSBL is defined, and any of those host
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	331 names resolve to ip addresses that are on that DNSBL (or have
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	332 nameservers that are on that list), and the host name is not on the
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	333 <configurable> ignore list, the mail is rejected.
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	334 </para>
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	335 <para>
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	336 If the content uribl DNSBL is defined, and any of those host names are
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	337 on that DNSBL, and the host name is not on the <configurable>
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	338 ignore list, the mail is rejected.
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	339 </para>
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	340 <para>
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	341 We also scan for excessive bad html tags, and if a <configurable>
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	342 limit is exceeded, the mail is rejected.
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	343 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	344 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	345
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	346 <refsect1 id='access.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	347 <title>Sendmail access vs. DNSBL</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	348 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	349 With the standard sendmail.mc dnsbl FEATURE, the dnsbl checks may be
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	350 suppressed by entries in the /etc/mail/access database. For example,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	351 suppose you control a /18 of address space, and have allocated some /24s
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	352 to some clients. You have access entries like
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	353 <literallayout class="monospaced"><![CDATA[
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	354 192.168.4 OK
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	355 192.168.17 OK]]></literallayout>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	356 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	357 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	358 to allow those clients to smarthost thru your mail server. Now if one
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	359 of those clients happens get infected with a virus that turns a machine
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	360 into an open proxy, and their 192.168.4.45 lands on the SBL-XBL, you
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	361 will still wind up allowing that infected machine to smarthost thru your
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	362 mail servers.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	363 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	364 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	365 With this DNSBL milter, the sendmail access database cannot override the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	366 dnsbl checks, so that machine won't be able to send mail to or thru your
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	367 smarthost mail server (unless the virus/proxy can use smtp-auth).
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	368 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	369 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	370 Using the standard sendmail features, you would add access entries to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	371 allow hosts on your local network to relay thru your mail server. Those
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	372 OK entries in the sendmail access database will override all the dnsbl
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	373 checks. With this DNSBL milter, you will need to have the local users
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	374 authenticate with smtp-auth to get the same effect. You might find
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	375 <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	376 url="http://www.ists.dartmouth.edu/classroom/sendmail-ssl-how-to.php">
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	377 these directions</ulink> helpful for setting up smtp-auth if you are on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	378 RH Linux.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	379 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	380 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	381
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	382 <refsect1 id='performance.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	383 <title>Performance Issues</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	384 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	385 Consider a high volume high performance machine running sendmail. Each
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	386 sendmail process can do its own dns resolution. Typically, such dns
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	387 resolver libraries are not thread safe, and so must be protected by some
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	388 sort of mutex in a threaded environment. When we add a milter to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	389 sendmail, we now have a collection of sendmail processes, and a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	390 collection of milter threads.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	391 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	392 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	393 We will be doing a lot of dns lookups per mail message, and at least
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	394 some of those will take many tens of seconds. If all this dns work is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	395 serialized inside the milter, we have an upper limit of about 25K mail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	396 messages per day. That is clearly not sufficient for many sites.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	397 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	398 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	399 Since we want to do parallel dns resolution across those milter threads,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	400 we add another collection of dns resolver processes. Each sendmail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	401 process is talking to a milter thread over a socket, and each milter
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	402 thread is talking to a dns resolver process over another socket.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	403 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	404 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	405 Suppose we are processing 20 messages per second, and each message
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	406 requires 20 seconds of dns work. Then we will have 400 sendmail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	407 processes, 400 milter threads, and 400 dns resolver processes. Of
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	408 course that steady state is very unlikely to happen.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	409 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	410 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	411
e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	412
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	413 <refsect1 id='rejected.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	414 <title>Rejected Ideas</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	415 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	416 The following ideas have been considered and rejected.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	417 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	418 <para>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	419 Add max_recipients setting to the context configuration. Recipients in
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	420 excess of that limit will be rejected, and all the non-whitelisted
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	421 recipients will be removed. Current spammers very rarely send more
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	422 than ten recipients in a single smtp transaction, so this won't stop any
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	423 significant amount of spam.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	424 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	425 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	426 Add poison addresses to the configuration. If any recipient is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	427 poison, all recipients are rejected even if they would be whitelisted,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	428 and the data is rejected if sent. I have a collection of spam trap
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	429 addresses that would be suitable for such use. Based on my log files,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	430 any mail to those spam trap addresses is rejected based on either dnsbl
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	431 lookups or the DCC. So this won't result in blocking any additional
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	432 spam.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	433 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	434 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	435 Add an option to only allow one recipient if the return path is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	436 empty. Based on my log files, there is no mail that violates this
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	437 check.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	438 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	439 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	440 Reject the mail if the envelope from domain name contains any MX
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	441 records pointing to 127.0.0.0/8. I don't see any significant amount of
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	442 spam sent with such domain names.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	443 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	444 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	445
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	446 <refsect1 id='todo.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	447 <title>TODO</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	448 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	449 The following ideas are under consideration.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	450 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	451 <para>
127 2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	452 Add mail volume limits based on smtp auth accounts, to prevent
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	453 customers from sending too much mail. This should catch customers
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	454 that get infected with malware that knows about smtp auth.
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	455 </para>
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	456 <para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	457 Add a per-context option to reject mail if the number of digits in
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	458 the reverse dns client name exceeds some threshold.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	459 </para>
115 07e5d4721213 use larger resolver buffer carl parents: 114 diff changeset	460 <para>
07e5d4721213 use larger resolver buffer carl parents: 114 diff changeset	461 Look for href="hostname/path" strings that are missing the required
07e5d4721213 use larger resolver buffer carl parents: 114 diff changeset	462 http:// protocol header. Such references are still clickable in common
07e5d4721213 use larger resolver buffer carl parents: 114 diff changeset	463 mail software.
07e5d4721213 use larger resolver buffer carl parents: 114 diff changeset	464 </para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	465 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	466
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	467 <refsect1 id='copyright.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	468 <title>Copyright</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	469 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	470 Copyright (C) 2005 by 510 Software Group <carl@five-ten-sg.com>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	471 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	472 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	473 This program is free software; you can redistribute it and/or modify it
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	474 under the terms of the GNU General Public License as published by the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	475 Free Software Foundation; either version 2, or (at your option) any
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	476 later version.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	477 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	478 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	479 You should have received a copy of the GNU General Public License along
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	480 with this program; see the file COPYING. If not, please write to the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	481 Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	482 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	483 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	484
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	485 <refsect1 id='version.1'>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	486 <title>CVS Version</title>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	487 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	488 $Id$
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	489 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	490 </refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	491 </refentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	492
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	493
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	494 <refentry id="@PACKAGE@.conf.5">
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	495 <refentryinfo>
115 07e5d4721213 use larger resolver buffer carl parents: 114 diff changeset	496 <date>2006-01-08</date>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	497 </refentryinfo>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	498
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	499 <refmeta>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	500 <refentrytitle>@PACKAGE@.conf</refentrytitle>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	501 <manvolnum>5</manvolnum>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	502 <refmiscinfo>@PACKAGE@ @VERSION@</refmiscinfo>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	503 </refmeta>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	504
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	505 <refnamediv id='name.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	506 <refname>@PACKAGE@.conf</refname>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	507 <refpurpose>configuration file for @PACKAGE@ sendmail milter</refpurpose>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	508 </refnamediv>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	509
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	510 <refsynopsisdiv id='synopsis.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	511 <title>Synopsis</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	512 <cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	513 <command>@PACKAGE@.conf</command>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	514 </cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	515 </refsynopsisdiv>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	516
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	517 <refsect1 id='description.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	518 <title>Description</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	519 <para>The <command>@PACKAGE@.conf</command> configuration file is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	520 specified by this partial bnf description.</para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	521
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	522 <literallayout class="monospaced"><![CDATA[
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	523 CONFIG = {CONTEXT ";"}+
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	524 CONTEXT = "context" NAME "{" {STATEMENT}+ "}"
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	525 STATEMENT = (DNSBL \| DNSBLLIST \| CONTENT \| ENV-TO \| VERIFY \|
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	526 CONTEXT \| ENV-FROM) ";"
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	527
124 ea6f9c812faa put hostname in smtp message for uribl style lookups carl parents: 122 diff changeset	528 DNSBL = "dnsbl" NAME DNSPREFIX ERROR-MSG1
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	529
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	530 DNSBLLIST = "dnsbl_list" {NAME}+
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	531
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	532 CONTENT = "content" ("on" \| "off") "{" {CONTENT-ST}+ "}"
119 d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	533 CONTENT-ST = (FILTER \| URIBL \| IGNORE \| TLD \| CCTLD \| HTML-TAGS \|
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	534 HTML-LIMIT \| HOST-LIMIT) ";"
124 ea6f9c812faa put hostname in smtp message for uribl style lookups carl parents: 122 diff changeset	535 FILTER = "filter" DNSPREFIX ERROR-MSG2
ea6f9c812faa put hostname in smtp message for uribl style lookups carl parents: 122 diff changeset	536 URIBL = "uribl" DNSPREFIX ERROR-MSG3
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	537 IGNORE = "ignore" "{" {HOSTNAME [";"]}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	538 TLD = "tld" "{" {TLD [";"]}+ "}"
119 d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	539 CCTLD = "cctld" "{" {TLD [";"]}+ "}"
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	540 HTML-TAGS = "html_tags" "{" {HTMLTAG [";"]}+ "}"
124 ea6f9c812faa put hostname in smtp message for uribl style lookups carl parents: 122 diff changeset	541 ERROR-MSG1 = string containing exactly two %s replacement tokens
ea6f9c812faa put hostname in smtp message for uribl style lookups carl parents: 122 diff changeset	542 both are replaced with the client ip address
ea6f9c812faa put hostname in smtp message for uribl style lookups carl parents: 122 diff changeset	543 ERROR-MSG2 = string containing exactly two %s replacement tokens
ea6f9c812faa put hostname in smtp message for uribl style lookups carl parents: 122 diff changeset	544 the first is replaced with the hostname, and the second
ea6f9c812faa put hostname in smtp message for uribl style lookups carl parents: 122 diff changeset	545 is replaced with the ip address
ea6f9c812faa put hostname in smtp message for uribl style lookups carl parents: 122 diff changeset	546 ERROR-MSG3 = string containing exactly two %s replacement tokens
ea6f9c812faa put hostname in smtp message for uribl style lookups carl parents: 122 diff changeset	547 both are replaced with the hostname
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	548
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	549 HTML-LIMIT = "html_limit" ("on" INTEGER ERROR-MSG \| "off")
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	550
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	551 HOST-LIMIT = "host_limit" ("on" INTEGER ERROR-MSG \| "off" \|
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	552 "soft" INTEGER)
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	553
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	554 ENV-TO = "env_to" "{" {(TO-ADDR \| DCC-TO)}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	555 TO-ADDR = ADDRESS [";"]
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	556 DCC-TO = "dcc_to" ("ok" \| "many") "{" DCCINCLUDEFILE "}" ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	557
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	558 VERIFY = "verify" HOSTNAME ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	559
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	560 ENV_FROM = "env_from" [DEFAULT] "{" {(FROM-ADDR \| DCC-FROM)}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	561 FROM-ADDR = ADDRESS VALUE [";"]
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	562 DCC-FROM = "dcc_from" "{" DCCINCLUDEFILE "}" ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	563 DEFAULT = ("white" \| "black" \| "unknown" \| "inherit" \| "")
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	564 ADDRESS = (USER@ \| DOMAIN \| USER@DOMAIN)
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	565 VALUE = ("white" \| "black" \| "unknown" \| CHILD-CONTEXT-NAME)]]></literallayout>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	566 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	567
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	568 <refsect1 id='sample.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	569 <title>Sample</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	570 <literallayout class="monospaced"><![CDATA[
127 2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	571 context main-default {
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	572 // outbound dnsbl filtering to catch our own customers that end up on the sbl
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	573 dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	574 dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	575 dnsbl dul dul.dnsbl.sorbs.net "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	576 dnsbl_list local sbl dul;
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	577
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	578 // outbound content filtering to prevent our own customers from sending spam
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	579 content on {
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	580 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	581 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s";
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	582 #uribl black.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s";
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	583 ignore { include "hosts-ignore.conf"; };
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	584 tld { include "tld.conf"; };
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	585 cctld { include "cctld.conf"; };
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	586 html_tags { include "html-tags.conf"; };
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	587 html_limit on 20 "Mail containing excessive bad html tags rejected";
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	588 html_limit off;
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	589 host_limit on 20 "Mail containing excessive host names rejected";
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	590 host_limit soft 20;
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	591 };
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	592
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	593 // backscatter prevention - don't send bounces for mail that we accepted but could not forward
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	594 // we only send bounces to our own customers
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	595 env_from unknown {
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	596 "<>" black;
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	597 };
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	598 };
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes carl parents: 124 diff changeset	599
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	600 context sample {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	601 dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	602 dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	603 dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	604 dnsbl dul dul.dnsbl.sorbs.net "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	605 dnsbl_list local sbl dul;
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	606
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	607 content on {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	608 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
122 e8971c595845 fix typo in multi.surbl.org name carl parents: 119 diff changeset	609 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s";
119 d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	610 #uribl black.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s";
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	611 ignore { include "hosts-ignore.conf"; };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	612 tld { include "tld.conf"; };
119 d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com> carl parents: 115 diff changeset	613 cctld { include "cctld.conf"; };
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	614 html_tags { include "html-tags.conf"; };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	615 html_limit on 20 "Mail containing excessive bad html tags rejected";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	616 html_limit off;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	617 host_limit on 20 "Mail containing excessive host names rejected";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	618 host_limit soft 20;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	619 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	620
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	621 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	622 # child contexts are not allowed to specify recipient addresses outside these domains
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	623 # leave this outer global context env_to empty to allow arbitrary recipients in child contexts
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	624 mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	625 customer1.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	626 customer1a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	627 customer1b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	628 customer2.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	629 customer2a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	630 customer2b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	631 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	632
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	633 context whitelist {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	634 content off {};
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	635 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	636 # dcc_to ok { include "/var/dcc/whitecommon"; }; # copy the dcc OK values (env_to) into this context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	637 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	638 env_from white {}; # white forces all unmatched from addresses (everyone in this case) to be whitelisted
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	639 # so all mail TO these env_to addresses is accepted
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	640 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	641
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	642 context abuse {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	643 dnsbl_list xbl;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	644 content off {};
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	645 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	646 abuse@; # no content filtering on abuse reports
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	647 postmaster@; # ""
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	648 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	649 env_from unknown {}; # ignore all parent white/black listing
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	650 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	651
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	652 context minimal {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	653 dnsbl_list sbl dul;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	654 content on {};
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	655 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	656 sales@mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	657 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	658 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	659
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	660 context blacklist {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	661 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	662 dcc_to many { include "/var/dcc/whitecommon"; }; # copy the dcc MANY values (env_to) into this context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	663 old-employee@mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	664 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	665 env_from black {}; # black forces all unmatched from addresses (everyone in this case) to be blacklisted
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	666 # so all mail TO these env_to addresses is rejected
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	667 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	668
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	669 context vp { # special context for the vp
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	670 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	671 vp@mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	672 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	673 env_from inherit {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	674 nai.com black; # the vp does not like nai
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	675 yahoo.com unknown; # override parent context blacklisting
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	676 mother@spammyisp.com white; # suppress dnsbl checking
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	677 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	678 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	679
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	680 context customer1 {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	681 dnsbl_list sbl dul;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	682 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	683 customer1.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	684 customer1a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	685 customer1b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	686 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	687
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	688 verify mail.customer1.com;
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	689
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	690 context customer1a {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	691 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	692 customer1a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	693 }
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	694 env_from black { # blacklist everything
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	695 first@acceptable.com unknown; # except these specific envelope senders
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	696 second@another.com unknown;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	697 yahoo.com inherit; # delegate to the parent
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	698 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	699 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	700
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	701 env_from { # default value of the default is inherit
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	702 yahoo.com black; # no mail from yahoo
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	703 first@yahoo.com unknown; # except this one
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	704 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	705 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	706
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	707 context customer2 {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	708 dnsbl_list sbl;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	709 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	710 customer2.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	711 customer2a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	712 customer2b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	713 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	714 };
104 586d5b58040a move to autoconf/automake/docbook carl parents: 103 diff changeset	715
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	716 env_from unknown {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	717 dcc_from { include "/var/dcc/whitecommon"; }; # copy the dcc OK/MANY values (env_from, substitute mail_host) into this context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	718 abuse@ abuse; # replies to abuse reports use the abuse context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	719 yahoo.com black; # don't take mail from yahoo
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	720 spammer@example.com black;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	721 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	722 };]]></literallayout>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	723 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	724
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	725 <refsect1 id='version.5'>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	726 <title>CVS Version</title>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	727 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	728 $Id$
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	729 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	730 </refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	731
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	732 </refentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	733 </reference>

Mercurial > dnsbl

annotate xml/dnsbl.in @ 128:9ab51896447f stable-5-18