Mercurial > dnsbl
comparison xml/dnsbl.in @ 127:2b1a4701e856
sendmail no longer guarantees <> wrapper on envelopes
| author | carl |
|---|---|
| date | Sat, 08 Apr 2006 10:06:09 -0700 |
| parents | ea6f9c812faa |
| children | f4746d8a12a3 |
comparison
equal
deleted
inserted
replaced
| 126:05ae49d37896 | 127:2b1a4701e856 |
|---|---|
| 157 This milter can also verify the envelope from/recipient pairs with the | 157 This milter can also verify the envelope from/recipient pairs with the |
| 158 primary MX server. This allows the backup mail servers to properly | 158 primary MX server. This allows the backup mail servers to properly |
| 159 reject mail sent to invalid addresses. Otherwise, the backup mail | 159 reject mail sent to invalid addresses. Otherwise, the backup mail |
| 160 servers will accept that mail, and then generate a bounce message when | 160 servers will accept that mail, and then generate a bounce message when |
| 161 the message is forwarded to the primary server (and rejected there with | 161 the message is forwarded to the primary server (and rejected there with |
| 162 no such user). | 162 no such user). These rejections are the primary cause of such backscatter. |
| 163 </para> | 163 </para> |
| 164 <para> | 164 <para> |
| 165 This milter will also decode (uuencode, base64, mime, html entity, url | 165 This milter will also decode (uuencode, base64, mime, html entity, url |
| 166 encodings) and scan for HTTP and HTTPS URLs and bare hostnames in the | 166 encodings) and scan for HTTP and HTTPS URLs and bare hostnames in the |
| 167 body of the mail. If any of those host names have A or NS records on | 167 body of the mail. If any of those host names have A or NS records on |
| 445 | 445 |
| 446 <refsect1 id='todo.1'> | 446 <refsect1 id='todo.1'> |
| 447 <title>TODO</title> | 447 <title>TODO</title> |
| 448 <para> | 448 <para> |
| 449 The following ideas are under consideration. | 449 The following ideas are under consideration. |
| 450 </para> | |
| 451 <para> | |
| 452 Add mail volume limits based on smtp auth accounts, to prevent | |
| 453 customers from sending too much mail. This should catch customers | |
| 454 that get infected with malware that knows about smtp auth. | |
| 450 </para> | 455 </para> |
| 451 <para> | 456 <para> |
| 452 Add a per-context option to reject mail if the number of digits in | 457 Add a per-context option to reject mail if the number of digits in |
| 453 the reverse dns client name exceeds some threshold. | 458 the reverse dns client name exceeds some threshold. |
| 454 </para> | 459 </para> |
| 561 </refsect1> | 566 </refsect1> |
| 562 | 567 |
| 563 <refsect1 id='sample.5'> | 568 <refsect1 id='sample.5'> |
| 564 <title>Sample</title> | 569 <title>Sample</title> |
| 565 <literallayout class="monospaced"><![CDATA[ | 570 <literallayout class="monospaced"><![CDATA[ |
| 566 context sample { | 571 context main-default { |
| 572 // outbound dnsbl filtering to catch our own customers that end up on the sbl | |
| 567 dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; | 573 dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; |
| 568 dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; | 574 dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; |
| 569 dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s"; | |
| 570 dnsbl dul dul.dnsbl.sorbs.net "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s"; | 575 dnsbl dul dul.dnsbl.sorbs.net "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s"; |
| 571 dnsbl_list local sbl dul; | 576 dnsbl_list local sbl dul; |
| 572 | 577 |
| 578 // outbound content filtering to prevent our own customers from sending spam | |
| 573 content on { | 579 content on { |
| 574 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; | 580 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; |
| 575 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s"; | 581 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s"; |
| 576 #uribl black.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s"; | 582 #uribl black.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s"; |
| 577 ignore { include "hosts-ignore.conf"; }; | 583 ignore { include "hosts-ignore.conf"; }; |
| 582 html_limit off; | 588 html_limit off; |
| 583 host_limit on 20 "Mail containing excessive host names rejected"; | 589 host_limit on 20 "Mail containing excessive host names rejected"; |
| 584 host_limit soft 20; | 590 host_limit soft 20; |
| 585 }; | 591 }; |
| 586 | 592 |
| 593 // backscatter prevention - don't send bounces for mail that we accepted but could not forward | |
| 594 // we only send bounces to our own customers | |
| 595 env_from unknown { | |
| 596 "<>" black; | |
| 597 }; | |
| 598 }; | |
| 599 | |
| 600 context sample { | |
| 601 dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; | |
| 602 dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; | |
| 603 dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s"; | |
| 604 dnsbl dul dul.dnsbl.sorbs.net "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s"; | |
| 605 dnsbl_list local sbl dul; | |
| 606 | |
| 607 content on { | |
| 608 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; | |
| 609 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s"; | |
| 610 #uribl black.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s"; | |
| 611 ignore { include "hosts-ignore.conf"; }; | |
| 612 tld { include "tld.conf"; }; | |
| 613 cctld { include "cctld.conf"; }; | |
| 614 html_tags { include "html-tags.conf"; }; | |
| 615 html_limit on 20 "Mail containing excessive bad html tags rejected"; | |
| 616 html_limit off; | |
| 617 host_limit on 20 "Mail containing excessive host names rejected"; | |
| 618 host_limit soft 20; | |
| 619 }; | |
| 620 | |
| 587 env_to { | 621 env_to { |
| 588 # child contexts are not allowed to specify recipient addresses outside these domains | 622 # child contexts are not allowed to specify recipient addresses outside these domains |
| 589 # leave this outer global context env_to empty to allow arbitrary recipients in child contexts | 623 # leave this outer global context env_to empty to allow arbitrary recipients in child contexts |
| 590 mydomain.com; | 624 mydomain.com; |
| 591 customer1.com; | 625 customer1.com; |