dnsbl: xml/dnsbl.in annotate

annotate xml/dnsbl.in @ 111:d0dad5610980

move to autoconf/automake/docbook

author	carl
date	Sun, 18 Dec 2005 15:16:25 -0800
parents	1c7677042b78
children	f4f5fb263072

rev	line source
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	1 <reference>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	2 <title>@PACKAGE@ Sendmail milter - Version @VERSION@</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	3 <partintro>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	4 <title>Packages</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	5 <para>The various source and binary packages are available at <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	6 url="http://www.five-ten-sg.com/@PACKAGE@/packages">http://www.five-ten-sg.com/@PACKAGE@/packages</ulink>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	7 The most recent documentation is available at <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	8 url="http://www.five-ten-sg.com/@PACKAGE@/">http://www.five-ten-sg.com/@PACKAGE@/</ulink>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	9 </para>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	10
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	11 </partintro>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	12
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	13 <refentry id="@PACKAGE@.1">
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	14 <refentryinfo>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	15 <date>2005-12-18</date>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	16 </refentryinfo>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	17
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	18 <refmeta>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	19 <refentrytitle>@PACKAGE@</refentrytitle>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	20 <manvolnum>1</manvolnum>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	21 <refmiscinfo>@PACKAGE@ @VERSION@</refmiscinfo>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	22 </refmeta>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	23
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	24 <refnamediv id='name.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	25 <refname>@PACKAGE@</refname>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	26 <refpurpose>a sendmail milter with per-user dnsbl filtering</refpurpose>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	27 </refnamediv>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	28
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	29 <refsynopsisdiv id='synopsis.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	30 <title>Synopsis</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	31 <cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	32 <command>@PACKAGE@</command>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	33 <arg><option>-c</option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	34 <arg><option>-s</option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	35 <arg><option>-d <replaceable class="parameter">n</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	36 <arg><option>-e <replaceable class="parameter">from\|to</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	37 <arg><option>-r <replaceable class="parameter">local-domain-socket</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	38 <arg><option>-p <replaceable class="parameter">sendmail-socket</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	39 <arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	40 </cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	41 </refsynopsisdiv>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	42
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	43 <refsect1 id='options.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	44 <title>Options</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	45 <variablelist>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	46 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	47 <term>-c</term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	48 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	49 Load the configuration file, print a cannonical form
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	50 of the configuration on stdout, and exit.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	51 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	52 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	53 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	54 <term>-s</term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	55 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	56 Stress test the configuration loading code by repeating
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	57 the load/free cycle in an infinite loop.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	58 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	59 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	60 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	61 <term>-d <replaceable class="parameter">n</replaceable></term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	62 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	63 Set the debug level to <replaceable class="parameter">n</replaceable>.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	64 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	65 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	66 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	67 <term>-e <replaceable class="parameter">from\|to</replaceable></term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	68 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	69 Print the results of looking up the from and to addresses in the
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	70 current configuration. The \| character is used to separate the from and to
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	71 addresses in the argument to the -e switch.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	72 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	73 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	74 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	75 <term>-r <replaceable class="parameter">local-domain-socket</replaceable></term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	76 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	77 Set the local socket used for the connection to our own dns resolver processes.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	78 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	79 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	80 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	81 <term>-p <replaceable class="parameter">sendmail-socket</replaceable></term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	82 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	83 Set the socket used for the milter connection to sendmail. This is either
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	84 "inet:port@ip-address" or "local:local-domain-socket-file-name".
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	85 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	86 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	87 <varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	88 <term>-t <replaceable class="parameter">timeout</replaceable></term>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	89 <listitem><para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	90 Set the timeout in seconds used for communication with sendmail.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	91 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	92 </varlistentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	93 </variablelist>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	94 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	95
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	96 <refsect1 id='usage.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	97 <title>Usage</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	98 <para><command>@PACKAGE@</command> -c</para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	99 <para><command>@PACKAGE@</command> -s</para>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	100 <para><command>@PACKAGE@</command> -e 'someone@aol.com\|localname@mydomain.tld'</para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	101 <para><command>@PACKAGE@</command> -d 10 -r resolver.sock -p local:dnsbl.sock</para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	102 </refsect1>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	103
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	104 <refsect1 id='installation.1'>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	105 <title>Installation</title>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	106 <para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	107 This is now a standard GNU autoconf/automake installation, so the normal
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	108 "./configure; make; su; make install" works. "make chkconfig" will
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	109 setup the init.d runlevel scripts. Alternatively, you can use the
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	110 source or binary RPMs at <ulink
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	111 url="http://www.five-ten-sg.com/@PACKAGE@/packages">http://www.five-ten-sg.com/@PACKAGE@/packages</ulink>.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	112 </para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	113 <para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	114 Note that this has ONLY been tested on Linux, specifically RedHat Linux.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	115 In particular, this milter makes no attempt to understand IPv6. Your
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	116 mileage will vary. You will need at a minimum a C++ compiler with a
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	117 minimally thread safe STL implementation. The distribution includes a
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	118 test.cpp program. If it fails this milter won't work. If it passes,
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	119 this milter might work.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	120 </para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	121 <para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	122 Modify your sendmail.mc by removing all the "FEATURE(dnsbl" lines, add
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	123 the following line in your sendmail.mc and rebuild the .cf file
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	124 </para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	125 <para><screen>INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=C:30s;S:5m;R:5m;E:5m')</screen></para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	126 <para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	127 Modify the default <citerefentry>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	128 <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	129 </citerefentry> configuration.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	130 </para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	131 </refsect1>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	132
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	133 <refsect1 id='configuration.1'>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	134 <title>Configuration</title>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	135 <para>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	136 The configuration file is documented in <citerefentry>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	137 <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	138 </citerefentry>. Any change to the config file, or any file included
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	139 from that config file, will cause it to be reloaded within three
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	140 minutes.
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	141 </para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	142 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	143
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	144 <refsect1 id='introduction.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	145 <title>Introduction</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	146 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	147 Consider the case of a mail server that is acting as secondary MX for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	148 collection of clients, each of which has a collection of mail domains.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	149 Each client may use their own collection of DNSBLs on their primary mail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	150 server. We present here a mechanism whereby the backup mail server can
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	151 use the correct set of DNSBLs for each recipient for each message. As a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	152 side-effect, it gives us the ability to customize the set of DNSBLs on a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	153 per-recipient basis, so that fred@example.com could use SPEWS and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	154 SBL, where all other users @example.com use only the SBL.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	155 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	156 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	157 This milter can also verify the envelope from/recipient pairs with the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	158 primary MX server. This allows the backup mail servers to properly
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	159 reject mail sent to invalid addresses. Otherwise, the backup mail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	160 servers will accept that mail, and then generate a bounce message when
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	161 the message is forwarded to the primary server (and rejected there with
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	162 no such user).
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	163 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	164 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	165 This milter will also decode (uuencode, base64, mime, html entity, url
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	166 encodings) and scan for HTTP and HTTPS URLs and bare hostnames in the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	167 body of the mail. If any of those host names have A or NS records on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	168 the SBL (or a single configurable DNSBL), the mail will be rejected
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	169 unless previously whitelisted. This milter also counts the number of
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	170 invalid HTML tags, and can reject mail if that count exceeds your
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	171 specified limit.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	172 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	173 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	174 The DNSBL milter reads a text configuration file (dnsbl.conf) on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	175 startup, and whenever the config file (or any of the referenced include
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	176 files) is changed. The entire configuration file is case insensitive.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	177 If the configuration cannot be loaded due to a syntax error, the milter
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	178 will log the error and quit. If the configuration cannot be reloaded
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	179 after being modified, the milter will log the error and send an email to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	180 root from dnsbl@$hostname. You probably want to added dnsbl@$hostname
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	181 to your /etc/mail/virtusertable since otherwise sendmail will reject
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	182 that message.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	183 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	184 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	185
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	186 <refsect1 id='dcc.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	187 <title>DCC Issues</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	188 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	189 If you are also using the <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	190 url="http://www.rhyolite.com/anti-spam/dcc/">DCC</ulink> milter, there
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	191 are a few considerations. You may need to whitelist senders from the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	192 DCC bulk detector, or from the DNS based lists. Those are two very
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	193 different reasons for whitelisting. The former is done thru the DCC
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	194 whiteclnt config file, the later is done thru the DNSBL milter config
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	195 file.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	196 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	197 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	198 You may want to blacklist some specific senders or sending domains.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	199 This could be done thru either the DCC (on a global basis, or for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	200 specific single recipient). We prefer to do such blacklisting via the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	201 DNSBL milter config, since it can be done for a collection of recipient
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	202 mail domains. The DCC approach has the feature that you can capture the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	203 entire message in the DCC log files. The DNSBL milter approach has the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	204 feature that the mail is rejected earlier (at RCPT TO time), and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	205 sending machine just gets a generic "550 5.7.1 no such user" message.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	206 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	207 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	208 The DCC whiteclnt file can be included in the DNSBL milter config by the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	209 dcc_to and dcc_from statements. This will import the (env_to, env_from,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	210 and substitute mail_host) entries from the DCC config into the DNSBL
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	211 config. This allows using the DCC config as the single point for
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	212 white/blacklisting.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	213 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	214 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	215 Consider the case where you have multiple clients, each with their own
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	216 mail servers, and each running their own DCC milters. Each client is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	217 using the DCC facilities for envelope from/to white/blacklisting.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	218 Presumably you can use rsync or scp to fetch copies of your clients DCC
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	219 whiteclnt files on a regular basis. Your mail server, acting as a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	220 backup MX for your clients, can use the DNSBL milter, and include those
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	221 client DCC config files. The envelope from/to white/blacklisting will
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	222 be appropriately tagged and used only for the domains controlled by each
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	223 of those clients.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	224 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	225 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	226
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	227 <refsect1 id='definitions.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	228 <title>Definitions</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	229 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	230 CONTEXT - a collection of parameters that defines the filtering context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	231 to be used for a collection of envelope recipient addresses. The
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	232 context includes such things as the list of DNSBLs to be used, and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	233 various content filtering parameters.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	234 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	235 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	236 DNSBL - a named DNS based blocking list is defined by a dns suffix (e.g.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	237 sbl-xbl.spamhaus.org) and a message string that is used to generate the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	238 "550 5.7.1" smtp error return code. The names of these DNSBLs will be
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	239 used to define the DNSBL-LISTs.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	240 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	241 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	242 DNSBL-LIST - a named list of DNSBLs that will be used for specific
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	243 recipients or recipient domains.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	244 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	245 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	246
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	247 <refsect1 id='filtering.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	248 <title>Filtering Procedure</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	249 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	250 If the client has authenticated with sendmail, the mail is accepted, the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	251 filtering contexts are not used, the dns lists are not checked, and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	252 body content is not scanned. Otherwise, we follow these steps for each
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	253 recipient.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	254 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	255 <orderedlist>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	256 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	257 The envelope to email address is used to find an initial filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	258 context. We first look for a context that specified the full email
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	259 address in the env_to statement. If that is not found, we look for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	260 context that specified the entire domain name of the envelope recipient
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	261 in the env_to statement. If that is not found, we look for a context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	262 that specified the user@ part of the envelope recipient in the env_to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	263 statement. If that is not found, we use the first top level context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	264 defined in the config file.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	265 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	266 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	267 The initial filtering context may redirect to a child context based on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	268 the values in the initial context's env_from statement. We look for [1)
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	269 the full envelope from email address, 2) the domain name part of the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	270 envelope from address, 3) the user@ part of the envelope from address]
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	271 in that context's env_from statement, with values that point to a child
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	272 context. If such an entry is found, we switch to that child filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	273 context.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	274 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	275 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	276 We lookup [1) the full envelope from email address, 2) the domain name
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	277 part of the envelope from address, 3) the user@ part of the envelope
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	278 from address] in the filtering context env_from statement. That results
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	279 in one of (white, black, unknown, inherit).
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	280 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	281 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	282 If the answer is black, mail to this recipient is rejected with "no such
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	283 user", and the dns lists are not checked.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	284 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	285 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	286 If the answer is white, mail to this recipient is accepted and the dns
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	287 lists are not checked.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	288 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	289 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	290 If the answer is unknown, we don't reject yet, but the dns lists will be
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	291 checked, and the content may be scanned.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	292 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	293 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	294 If the answer is inherit, we repeat the envelope from search in the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	295 parent context.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	296 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	297 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	298 The dns lists specified in the filtering context are checked and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	299 mail is rejected if any list has an A record for the standard dns based
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	300 lookup scheme (reversed octets of the client followed by the dns
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	301 suffix).
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	302 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	303 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	304 If the mail has not been accepted or rejected yet, we look for a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	305 verification context, which is the closest ancestor of the filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	306 context that both specifies a verification host, and which covers the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	307 envelope to address. If we find such a verification context, and the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	308 verification host is not our own hostname, we open an smtp conversation
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	309 with that verification host. The current envelope from and recipient to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	310 values are passed to that verification host. If we receive a 5xy
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	311 response those commands, we reject the current recipient with "no such
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	312 user".
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	313 </para></listitem>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	314 <listitem><para>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	315 If the mail has not been accepted or rejected yet, and the filtering
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	316 context enables content filtering, and this is the first such recipient
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	317 in this smtp transaction, we set the content filtering parameters from
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	318 this context, and enable content filtering for the body of this message.
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	319 </para></listitem>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	320 </orderedlist>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	321 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	322 If content filtering is enabled for this body, the mail text is decoded
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	323 (uuencode, base64, mime, html entity, url encodings), scanned for HTTP
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	324 and HTTPS URLs, and the first <configurable> host names are
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	325 checked for their presence on the single <configurable> DNSBL.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	326 The only known list that is suitable for this purpose is the SBL. If
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	327 any of those host names are on that DNSBL (or have nameservers that are
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	328 on that list), and it is not on the <configurable> ignore list,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	329 the mail is rejected. We also scan for excessive bad html tags, and if
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	330 a <configurable> limit is exceeded, the mail is rejected.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	331 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	332 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	333
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	334 <refsect1 id='access.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	335 <title>Sendmail access vs. DNSBL</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	336 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	337 With the standard sendmail.mc dnsbl FEATURE, the dnsbl checks may be
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	338 suppressed by entries in the /etc/mail/access database. For example,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	339 suppose you control a /18 of address space, and have allocated some /24s
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	340 to some clients. You have access entries like
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	341 <literallayout class="monospaced"><![CDATA[
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	342 192.168.4 OK
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	343 192.168.17 OK]]></literallayout>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	344 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	345 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	346 to allow those clients to smarthost thru your mail server. Now if one
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	347 of those clients happens get infected with a virus that turns a machine
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	348 into an open proxy, and their 192.168.4.45 lands on the SBL-XBL, you
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	349 will still wind up allowing that infected machine to smarthost thru your
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	350 mail servers.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	351 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	352 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	353 With this DNSBL milter, the sendmail access database cannot override the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	354 dnsbl checks, so that machine won't be able to send mail to or thru your
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	355 smarthost mail server (unless the virus/proxy can use smtp-auth).
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	356 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	357 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	358 Using the standard sendmail features, you would add access entries to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	359 allow hosts on your local network to relay thru your mail server. Those
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	360 OK entries in the sendmail access database will override all the dnsbl
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	361 checks. With this DNSBL milter, you will need to have the local users
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	362 authenticate with smtp-auth to get the same effect. You might find
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	363 <ulink
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	364 url="http://www.ists.dartmouth.edu/classroom/sendmail-ssl-how-to.php">
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	365 these directions</ulink> helpful for setting up smtp-auth if you are on
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	366 RH Linux.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	367 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	368 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	369
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	370 <refsect1 id='performance.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	371 <title>Performance Issues</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	372 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	373 Consider a high volume high performance machine running sendmail. Each
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	374 sendmail process can do its own dns resolution. Typically, such dns
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	375 resolver libraries are not thread safe, and so must be protected by some
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	376 sort of mutex in a threaded environment. When we add a milter to
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	377 sendmail, we now have a collection of sendmail processes, and a
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	378 collection of milter threads.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	379 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	380 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	381 We will be doing a lot of dns lookups per mail message, and at least
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	382 some of those will take many tens of seconds. If all this dns work is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	383 serialized inside the milter, we have an upper limit of about 25K mail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	384 messages per day. That is clearly not sufficient for many sites.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	385 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	386 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	387 Since we want to do parallel dns resolution across those milter threads,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	388 we add another collection of dns resolver processes. Each sendmail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	389 process is talking to a milter thread over a socket, and each milter
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	390 thread is talking to a dns resolver process over another socket.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	391 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	392 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	393 Suppose we are processing 20 messages per second, and each message
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	394 requires 20 seconds of dns work. Then we will have 400 sendmail
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	395 processes, 400 milter threads, and 400 dns resolver processes. Of
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	396 course that steady state is very unlikely to happen.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	397 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	398 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	399
e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	400
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	401 <refsect1 id='rejected.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	402 <title>Rejected Ideas</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	403 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	404 The following ideas have been considered and rejected.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	405 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	406 <para>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	407 Add max_recipients setting to the context configuration. Recipients in
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	408 excess of that limit will be rejected, and all the non-whitelisted
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	409 recipients will be removed. Current spammers very rarely send more
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	410 than ten recipients in a single smtp transaction, so this won't stop any
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	411 significant amount of spam.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	412 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	413 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	414 Add poison addresses to the configuration. If any recipient is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	415 poison, all recipients are rejected even if they would be whitelisted,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	416 and the data is rejected if sent. I have a collection of spam trap
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	417 addresses that would be suitable for such use. Based on my log files,
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	418 any mail to those spam trap addresses is rejected based on either dnsbl
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	419 lookups or the DCC. So this won't result in blocking any additional
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	420 spam.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	421 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	422 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	423 Add an option to only allow one recipient if the return path is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	424 empty. Based on my log files, there is no mail that violates this
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	425 check.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	426 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	427 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	428 Reject the mail if the envelope from domain name contains any MX
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	429 records pointing to 127.0.0.0/8. I don't see any significant amount of
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	430 spam sent with such domain names.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	431 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	432 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	433
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	434 <refsect1 id='todo.1'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	435 <title>TODO</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	436 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	437 The following ideas are under consideration.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	438 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	439 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	440 Add a per-context option to reject mail if the number of digits in
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	441 the reverse dns client name exceeds some threshold.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	442 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	443 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	444
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	445 <refsect1 id='copyright.1'>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	446 <title>Copyright</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	447 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	448 Copyright (C) 2005 by 510 Software Group <carl@five-ten-sg.com>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	449 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	450 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	451 This program is free software; you can redistribute it and/or modify it
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	452 under the terms of the GNU General Public License as published by the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	453 Free Software Foundation; either version 2, or (at your option) any
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	454 later version.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	455 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	456 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	457 You should have received a copy of the GNU General Public License along
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	458 with this program; see the file COPYING. If not, please write to the
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	459 Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	460 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	461 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	462
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	463 <refsect1 id='version.1'>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	464 <title>CVS Version</title>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	465 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	466 $Id$
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	467 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	468 </refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	469 </refentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	470
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	471
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	472 <refentry id="@PACKAGE@.conf.5">
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	473 <refentryinfo>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	474 <date>2005-12-18</date>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	475 </refentryinfo>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	476
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	477 <refmeta>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	478 <refentrytitle>@PACKAGE@.conf</refentrytitle>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	479 <manvolnum>5</manvolnum>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	480 <refmiscinfo>@PACKAGE@ @VERSION@</refmiscinfo>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	481 </refmeta>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	482
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	483 <refnamediv id='name.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	484 <refname>@PACKAGE@.conf</refname>
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	485 <refpurpose>configuration file for @PACKAGE@ sendmail milter</refpurpose>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	486 </refnamediv>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	487
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	488 <refsynopsisdiv id='synopsis.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	489 <title>Synopsis</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	490 <cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	491 <command>@PACKAGE@.conf</command>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	492 </cmdsynopsis>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	493 </refsynopsisdiv>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	494
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	495 <refsect1 id='description.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	496 <title>Description</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	497 <para>The <command>@PACKAGE@.conf</command> configuration file is
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	498 specified by this partial bnf description.</para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	499
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	500 <literallayout class="monospaced"><![CDATA[
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	501 CONFIG = {CONTEXT ";"}+
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	502 CONTEXT = "context" NAME "{" {STATEMENT}+ "}"
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	503 STATEMENT = (DNSBL \| DNSBLLIST \| CONTENT \| ENV-TO \| VERIFY \|
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	504 CONTEXT \| ENV-FROM) ";"
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	505
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	506 DNSBL = "dnsbl" NAME DNSPREFIX ERROR-MSG
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	507
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	508 DNSBLLIST = "dnsbl_list" {NAME}+
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	509
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	510 CONTENT = "content" ("on" \| "off") "{" {CONTENT-ST}+ "}"
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	511 CONTENT-ST = (FILTER \| IGNORE \| TLD \| HTML-TAGS \| HTML-LIMIT \|
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	512 HOST-LIMIT) ";"
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	513 FILTER = "filter" DNSPREFIX ERROR-MSG
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	514 IGNORE = "ignore" "{" {HOSTNAME [";"]}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	515 TLD = "tld" "{" {TLD [";"]}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	516 HTML-TAGS = "html_tags" "{" {HTMLTAG [";"]}+ "}"
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	517 ERROR-MSG = string containing exactly two %s replacement tokens
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	518 for the client ip address
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	519
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	520 HTML-LIMIT = "html_limit" ("on" INTEGER ERROR-MSG \| "off")
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	521
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	522 HOST-LIMIT = "host_limit" ("on" INTEGER ERROR-MSG \| "off" \|
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	523 "soft" INTEGER)
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	524
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	525 ENV-TO = "env_to" "{" {(TO-ADDR \| DCC-TO)}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	526 TO-ADDR = ADDRESS [";"]
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	527 DCC-TO = "dcc_to" ("ok" \| "many") "{" DCCINCLUDEFILE "}" ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	528
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	529 VERIFY = "verify" HOSTNAME ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	530
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	531 ENV_FROM = "env_from" [DEFAULT] "{" {(FROM-ADDR \| DCC-FROM)}+ "}"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	532 FROM-ADDR = ADDRESS VALUE [";"]
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	533 DCC-FROM = "dcc_from" "{" DCCINCLUDEFILE "}" ";"
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	534 DEFAULT = ("white" \| "black" \| "unknown" \| "inherit" \| "")
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	535 ADDRESS = (USER@ \| DOMAIN \| USER@DOMAIN)
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	536 VALUE = ("white" \| "black" \| "unknown" \| CHILD-CONTEXT-NAME)]]></literallayout>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	537 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	538
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	539 <refsect1 id='sample.5'>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	540 <title>Sample</title>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	541 <literallayout class="monospaced"><![CDATA[
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	542 context sample {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	543 dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	544 dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	545 dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	546 dnsbl dul dul.dnsbl.sorbs.net "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	547 dnsbl_list local sbl dul;
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	548
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	549 content on {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	550 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	551 ignore { include "hosts-ignore.conf"; };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	552 tld { include "tld.conf"; };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	553 html_tags { include "html-tags.conf"; };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	554 html_limit on 20 "Mail containing excessive bad html tags rejected";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	555 html_limit off;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	556 host_limit on 20 "Mail containing excessive host names rejected";
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	557 host_limit soft 20;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	558 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	559
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	560 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	561 # child contexts are not allowed to specify recipient addresses outside these domains
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	562 # leave this outer global context env_to empty to allow arbitrary recipients in child contexts
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	563 mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	564 customer1.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	565 customer1a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	566 customer1b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	567 customer2.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	568 customer2a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	569 customer2b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	570 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	571
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	572 context whitelist {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	573 content off {};
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	574 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	575 # dcc_to ok { include "/var/dcc/whitecommon"; }; # copy the dcc OK values (env_to) into this context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	576 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	577 env_from white {}; # white forces all unmatched from addresses (everyone in this case) to be whitelisted
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	578 # so all mail TO these env_to addresses is accepted
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	579 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	580
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	581 context abuse {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	582 dnsbl_list xbl;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	583 content off {};
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	584 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	585 abuse@; # no content filtering on abuse reports
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	586 postmaster@; # ""
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	587 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	588 env_from unknown {}; # ignore all parent white/black listing
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	589 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	590
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	591 context minimal {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	592 dnsbl_list sbl dul;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	593 content on {};
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	594 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	595 sales@mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	596 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	597 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	598
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	599 context blacklist {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	600 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	601 dcc_to many { include "/var/dcc/whitecommon"; }; # copy the dcc MANY values (env_to) into this context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	602 old-employee@mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	603 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	604 env_from black {}; # black forces all unmatched from addresses (everyone in this case) to be blacklisted
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	605 # so all mail TO these env_to addresses is rejected
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	606 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	607
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	608 context vp { # special context for the vp
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	609 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	610 vp@mydomain.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	611 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	612 env_from inherit {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	613 nai.com black; # the vp does not like nai
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	614 yahoo.com unknown; # override parent context blacklisting
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	615 mother@spammyisp.com white; # suppress dnsbl checking
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	616 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	617 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	618
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	619 context customer1 {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	620 dnsbl_list sbl dul;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	621 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	622 customer1.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	623 customer1a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	624 customer1b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	625 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	626
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	627 verify mail.customer1.com;
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	628
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	629 context customer1a {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	630 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	631 customer1a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	632 }
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	633 env_from black { # blacklist everything
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	634 first@acceptable.com unknown; # except these specific envelope senders
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	635 second@another.com unknown;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	636 yahoo.com inherit; # delegate to the parent
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	637 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	638 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	639
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	640 env_from { # default value of the default is inherit
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	641 yahoo.com black; # no mail from yahoo
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	642 first@yahoo.com unknown; # except this one
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	643 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	644 };
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	645
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	646 context customer2 {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	647 dnsbl_list sbl;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	648 env_to {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	649 customer2.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	650 customer2a.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	651 customer2b.com;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	652 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	653 };
104 586d5b58040a move to autoconf/automake/docbook carl parents: 103 diff changeset	654
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	655 env_from unknown {
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	656 dcc_from { include "/var/dcc/whitecommon"; }; # copy the dcc OK/MANY values (env_from, substitute mail_host) into this context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	657 abuse@ abuse; # replies to abuse reports use the abuse context
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	658 yahoo.com black; # don't take mail from yahoo
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	659 spammer@example.com black;
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	660 };
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	661 };]]></literallayout>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	662 </refsect1>
94 e107ade3b1c0 fix dos line terminators carl parents: 92 diff changeset	663
111 d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	664 <refsect1 id='version.5'>
d0dad5610980 move to autoconf/automake/docbook carl parents: 108 diff changeset	665 <title>CVS Version</title>
108 1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	666 <para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	667 $Id$
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	668 </para>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	669 </refsect1>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	670
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	671 </refentry>
1c7677042b78 move to autoconf/automake/docbook carl parents: 104 diff changeset	672 </reference>

Mercurial > dnsbl

annotate xml/dnsbl.in @ 111:d0dad5610980