Mercurial > dnsbl

comparison xml/dnsbl.in @ 13:2752e512fd32 stable-2-1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
finish documentation
author carl
date Sun, 25 Apr 2004 11:36:08 -0700
parents 6ac6d6b822ce
children 443aa0e8c6fa
comparison
equal deleted inserted replaced
12:6ac6d6b822ce 13:2752e512fd32
39 file. 39 file.
40 40
41 <p>You may want to blacklist some specific senders or sending domains. 41 <p>You may want to blacklist some specific senders or sending domains.
42 This could be done thru either the DCC (on a global basis, or for a 42 This could be done thru either the DCC (on a global basis, or for a
43 specific single recipient). We prefer to do such blacklisting via the 43 specific single recipient). We prefer to do such blacklisting via the
44 DNSBL milter config, since it can be done for an entire recipient mail 44 DNSBL milter config, since it can be done for a collection of recipient
45 domain. The DCC approach has the feature that you can capture the 45 mail domains. The DCC approach has the feature that you can capture the
46 entire message in the DCC log files. The DNSBL milter approach has the 46 entire message in the DCC log files. The DNSBL milter approach has the
47 feature that the mail is rejected earlier (at RCPT TO time), and the 47 feature that the mail is rejected earlier (at RCPT TO time), and the
48 sending machine just gets a generic "550 5.7.1 no such user" message. 48 sending machine just gets a generic "550 5.7.1 no such user" message.
49 49
50 <p>There is an option to reference the DCC whiteclnt file (via an 50 <p>There is an option to reference the DCC whiteclnt file (via an
51 include_dcc line) in the DNSBL milter config. This will import the 51 include_dcc line) in the DNSBL milter config. This will import the
52 (env_to, env_from, and substitute mail_host) entries from the DCC config 52 (env_to, env_from, and substitute mail_host) entries from the DCC config
53 into the DNSBL config. This allows using the DCC config as the single 53 into the DNSBL config. This allows using the DCC config as the single
54 point for white/blacklisting. 54 point for white/blacklisting. When used in this manner, the whitelist
55 env_to entries from the DCC config become global whitelist entries in
56 the DNSBL config.
55 57
56 <p>Consider the case where you have multiple clients, each with their 58 <p>Consider the case where you have multiple clients, each with their
57 own mail servers, and each running their own DCC milters. Each client 59 own mail servers, and each running their own DCC milters. Each client
58 is using the DCC facilities for envelope from/to white/blacklisting. 60 is using the DCC facilities for envelope from/to white/blacklisting.
59 Presumably you can use rsync or scp to fetch copies of your clients DCC 61 Presumably you can use rsync or scp to fetch copies of your clients DCC
124 192.168.4 OK 126 192.168.4 OK
125 192.168.17 OK 127 192.168.17 OK
126 </pre> 128 </pre>
127 129
128 <p>to allow those clients to smarthost thru your mail server. Now if 130 <p>to allow those clients to smarthost thru your mail server. Now if
129 one of those clients happens get infected with a virus that turns into 131 one of those clients happens get infected with a virus that turns a
130 an open proxy, and their 192.168.4.45 lands on the SBL-XBL, you will 132 machine into an open proxy, and their 192.168.4.45 lands on the SBL-XBL,
131 still wind up allowing that infected machine to smarthost thru your mail 133 you will still wind up allowing that infected machine to smarthost thru
132 servers. 134 your mail servers.
133 135
134 <p>With this DNSBL milter, the sendmail access database cannot override 136 <p>With this DNSBL milter, the sendmail access database cannot override
135 the dnsbl checks, so that machine won't be able to send mail to or thru 137 the dnsbl checks, so that machine won't be able to send mail to or thru
136 your smarthost machine. 138 your smarthost mail server.
137 139
138 <hr> 140 <hr> <center>Installation and configuration</center> <p>Usage: Note
139 <center>Installation and configuration</center> 141 that this has ONLY been tested on Linux, specifically RedHat Linux. In
140 <p>Usage: Note that this has ONLY been tested on Linux, specifically 142 particular, this milter makes no attempt to understand IPv6. Your
141 RedHat Linux. Your mileage will vary. In particular, this milter makes no 143 mileage will vary. You will need at a minimum a C++ compiler with a
142 attempt to understand IPv6. 144 minimally thread safe STL implementation. The distribution includes a
145 test.cpp program. If it fails this milter won't work. If it passes,
146 this milter might work.
143 147
144 Fetch <a href="http://www.five-ten-sg.com/util/dnsbl.tar.gz">dnsbl.tar.gz</a> 148 Fetch <a href="http://www.five-ten-sg.com/util/dnsbl.tar.gz">dnsbl.tar.gz</a>
145 and 149 and
146 150
147 <pre> 151 <pre>
159 </pre> 163 </pre>
160 164
161 Read the sample <a 165 Read the sample <a
162 href="http://www.five-ten-sg.com/dnsbl.conf">var/dnsbl/dnsbl.conf</a> 166 href="http://www.five-ten-sg.com/dnsbl.conf">var/dnsbl/dnsbl.conf</a>
163 file and modify it to fit your configuration. You can test your 167 file and modify it to fit your configuration. You can test your
164 configuration files, and see a readable internal dump of them on stderr 168 configuration files, and see a readable internal dump of them on stdout
165 with 169 with
166 170
167 <pre> 171 <pre>
168 cd /var/dnsbl 172 cd /var/dnsbl
169 ./dnsbl -c 173 ./dnsbl -c