Mercurial > dnsbl

comparison xml/dnsbl.in @ 249:15bf4f68a0b2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add dnswl support
author Carl Byington <carl@five-ten-sg.com>
date Sun, 08 Apr 2012 11:42:59 -0700
parents 8b0f16abee53
children 2d6ecd03bbbe
comparison
equal deleted inserted replaced
248:b0738685bf51 249:15bf4f68a0b2
296 </para> 296 </para>
297 <para> 297 <para>
298 DNSBL-LIST - a named list of DNSBLs that will be used for specific 298 DNSBL-LIST - a named list of DNSBLs that will be used for specific
299 recipients or recipient domains. 299 recipients or recipient domains.
300 </para> 300 </para>
301 <para>
302 DNSWL - a named DNS based white list is defined by a dns suffix (e.g.
303 list.dnswl.org) and an integer level. If the level is greater than or
304 equal to x in the 127.0.z.x return code from the white list, then the
305 ip address is considered to match, and the message will be whitelisted.
306 The names of these DNSWLs will be used to define the DNSWL-LISTs.
307 </para>
308 <para>
309 DNSWL-LIST - a named list of DNSWLs that will be used for specific
310 recipients or recipient domains.
311 </para>
301 </refsect1> 312 </refsect1>
302 313
303 <refsect1 id='filtering.1'> 314 <refsect1 id='filtering.1'>
304 <title>Filtering Procedure</title> 315 <title>Filtering Procedure</title>
305 <para> 316 <para>
369 expression, then we check the envelope from value against that regex. 380 expression, then we check the envelope from value against that regex.
370 The mail is accepted if the envelope from value matches the specified regular 381 The mail is accepted if the envelope from value matches the specified regular
371 expression. 382 expression.
372 </para></listitem> 383 </para></listitem>
373 <listitem><para> 384 <listitem><para>
374 If the mail has not been accepted or rejected yet, the dns lists 385 If the mail has not been accepted or rejected yet, the dns white lists
386 specified in the filtering context are checked and the mail is accepted
387 if any list has an A record for the standard dns based lookup scheme
388 (reversed octets of the client followed by the dns suffix) with a final
389 octet greater than or equal to the level specified for that dnswl.
390 </para></listitem>
391 <listitem><para>
392 If the mail has not been accepted or rejected yet, the dns black lists
375 specified in the filtering context are checked and the mail is rejected 393 specified in the filtering context are checked and the mail is rejected
376 if any list has an A record for the standard dns based lookup scheme 394 if any list has an A record for the standard dns based lookup scheme
377 (reversed octets of the client followed by the dns suffix). 395 (reversed octets of the client followed by the dns suffix).
378 </para></listitem> 396 </para></listitem>
379 <listitem><para> 397 <listitem><para>
422 &lt;configurable&gt; ignore list, the mail is rejected. 440 &lt;configurable&gt; ignore list, the mail is rejected.
423 </para> 441 </para>
424 <para> 442 <para>
425 If the content uribl DNSBL is defined, and any of those host names are 443 If the content uribl DNSBL is defined, and any of those host names are
426 on that DNSBL, and the host name is not on the &lt;configurable&gt; 444 on that DNSBL, and the host name is not on the &lt;configurable&gt;
427 ignore list, the mail is rejected. 445 ignore list, the mail is rejected. Note that the Spamhaus DBL is not (yet)
446 suitable here, since we currently pass ip addresses to the uribl checker,
447 and the DBL lists all such bare ip addresses.
428 </para> 448 </para>
429 <para> 449 <para>
430 If any non-whitelisted recipient has a filtering context with a non-zero 450 If any non-whitelisted recipient has a filtering context with a non-zero
431 spamassassin limit, then the message is passed thru spamassassin (via 451 spamassassin limit, then the message is passed thru spamassassin (via
432 spamc), and the message is rejected for those recipients with spamassassin 452 spamc), and the message is rejected for those recipients with spamassassin
562 <para> 582 <para>
563 Look for href="hostname/path" strings that are missing the required 583 Look for href="hostname/path" strings that are missing the required
564 http:// protocol header. Such references are still clickable in common 584 http:// protocol header. Such references are still clickable in common
565 mail software. 585 mail software.
566 </para> 586 </para>
587 <para>
588 Add the ability to use the DBL for content filtering. We need to avoid
589 checking bare ip addresses against that list.
590 </para>
591 <para>
592 Add daily recipient limits based on some fixed multiple (perhaps 3?)
593 of the hourly limit.
594 </para>
567 </refsect1> 595 </refsect1>
568 596
569 <refsect1 id='copyright.1'> 597 <refsect1 id='copyright.1'>
570 <title>Copyright</title> 598 <title>Copyright</title>
571 <para> 599 <para>
626 </para> 654 </para>
627 655
628 <literallayout class="monospaced"><![CDATA[ 656 <literallayout class="monospaced"><![CDATA[
629 CONFIG = {CONTEXT ";"}+ 657 CONFIG = {CONTEXT ";"}+
630 CONTEXT = "context" NAME "{" {STATEMENT}+ "}" 658 CONTEXT = "context" NAME "{" {STATEMENT}+ "}"
631 STATEMENT = (DNSBL | DNSBLLIST | CONTENT | ENV-TO | VERIFY | GENERIC 659 STATEMENT = (DNSBL | DNSBLLIST | DNSWL | DNSWLLIST | CONTENT | ENV-TO
632 | W_REGEX | AUTOWHITE | CONTEXT | ENV-FROM | RATE-LIMIT) ";" 660 | VERIFY | GENERIC | W_REGEX | AUTOWHITE | CONTEXT | ENV-FROM
661 | RATE-LIMIT) ";"
633 662
634 DNSBL = "dnsbl" NAME DNSPREFIX ERROR-MSG1 663 DNSBL = "dnsbl" NAME DNSPREFIX ERROR-MSG1
635
636 DNSBLLIST = "dnsbl_list" {NAME}+ 664 DNSBLLIST = "dnsbl_list" {NAME}+
665
666 DNSWL = "dnswl" NAME DNSPREFIX INTEGER
667 DNSWLLIST = "dnswl_list" {NAME}+
637 668
638 CONTENT = "content" ("on" | "off") "{" {CONTENT-ST}+ "}" 669 CONTENT = "content" ("on" | "off") "{" {CONTENT-ST}+ "}"
639 CONTENT-ST = (FILTER | URIBL | IGNORE | TLD | CCTLD | HTML-TAGS | 670 CONTENT-ST = (FILTER | URIBL | IGNORE | TLD | CCTLD | HTML-TAGS |
640 HTML-LIMIT | HOST-LIMIT | SPAMASS | REQUIRE | DCCGREY | 671 HTML-LIMIT | HOST-LIMIT | SPAMASS | REQUIRE | DCCGREY |
641 DCCBULK) ";" 672 DCCBULK) ";"
728 context main { 759 context main {
729 dnsbl localp partial.blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; 760 dnsbl localp partial.blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
730 dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; 761 dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
731 dnsbl sbl zen.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; 762 dnsbl sbl zen.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
732 dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s"; 763 dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
764 dnswl dnswl.org list.dnswl.org 2;
733 dnsbl_list local sbl; 765 dnsbl_list local sbl;
766 dnswl_list dnswl.org;
734 767
735 content on { 768 content on {
736 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; 769 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
737 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s"; 770 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s";
738 #uribl black.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s"; 771 #uribl black.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s";