Mercurial > dnsbl
comparison xml/dnsbl.in @ 11:2c206836b4cc
integration work on url scanner
| author | carl |
|---|---|
| date | Thu, 22 Apr 2004 20:19:01 -0700 |
| parents | cea50d98a6cf |
| children | 6ac6d6b822ce |
comparison
equal
deleted
inserted
replaced
| 10:9ca440c8d187 | 11:2c206836b4cc |
|---|---|
| 15 primary mail server. We present here a mechanism whereby the backup | 15 primary mail server. We present here a mechanism whereby the backup |
| 16 mail server can use the correct set of DNSBLs for each message. As a | 16 mail server can use the correct set of DNSBLs for each message. As a |
| 17 side-effect, it gives us the ability to customize the set of DNSBLs on a | 17 side-effect, it gives us the ability to customize the set of DNSBLs on a |
| 18 per-recipient basis, so that fred@example.com could use SPEWS and the | 18 per-recipient basis, so that fred@example.com could use SPEWS and the |
| 19 SBL, where all other users @example.com use only the SBL. | 19 SBL, where all other users @example.com use only the SBL. |
| 20 | |
| 21 <p>This milter will also decode (base64, mime, html entity) and scan | |
| 22 for HTTP URLs in the body of the mail. If any of those host names | |
| 23 have A records on the SBL (or a single configurable list), the mail | |
| 24 will be rejected unless previously whitelisted. | |
| 20 | 25 |
| 21 <p>The DNSBL milter reads a text configuration file (dnsbl.conf) on | 26 <p>The DNSBL milter reads a text configuration file (dnsbl.conf) on |
| 22 startup, and whenever the config file (or any of the referenced include | 27 startup, and whenever the config file (or any of the referenced include |
| 23 files) is changed. The entire configuration file is case insensitive. | 28 files) is changed. The entire configuration file is case insensitive. |
| 24 | 29 |
| 96 the mail is accepted. Otherwise, the dns lists are checked and the mail | 101 the mail is accepted. Otherwise, the dns lists are checked and the mail |
| 97 is rejected if any list has an A record for the standard dns based | 102 is rejected if any list has an A record for the standard dns based |
| 98 lookup scheme (reversed octets of the client followed by the dns | 103 lookup scheme (reversed octets of the client followed by the dns |
| 99 suffix). | 104 suffix). |
| 100 | 105 |
| 106 <li>If the mail has not been accepted or rejected yet, the body content | |
| 107 is scanned for HTTP URLs (after base64, mime and html entity decoding), | |
| 108 and the first 20 host names are checked for their presence on the SBL. | |
| 109 If any host name is on the SBL, the mail is rejected. | |
| 110 | |
| 101 </ol> | 111 </ol> |
| 102 | 112 |
| 103 | 113 |
| 104 <p>Usage: Note that this has ONLY been tested on Linux, specifically | 114 <p>Usage: Note that this has ONLY been tested on Linux, specifically |
| 105 RedHat Linux. Your mileage will vary. In particular, this milter makes no | 115 RedHat Linux. Your mileage will vary. In particular, this milter makes no |
| 117 run it. It may not be suitable for your system. Modify your | 127 run it. It may not be suitable for your system. Modify your |
| 118 sendmail.mc by removing all the "FEATURE(dnsbl" lines, add the following | 128 sendmail.mc by removing all the "FEATURE(dnsbl" lines, add the following |
| 119 line in your sendmail.mc and rebuild the .cf file | 129 line in your sendmail.mc and rebuild the .cf file |
| 120 | 130 |
| 121 <pre> | 131 <pre> |
| 122 INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=S:30s;R:30s;E:30s') | 132 INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=C:30s;S:2m;R:2m;E:5m') |
| 123 </pre> | 133 </pre> |
| 124 | 134 |
| 125 Read the sample <a | 135 Read the sample <a |
| 126 href="http://www.five-ten-sg.com/dnsbl.conf">var/dnsbl/dnsbl.conf</a> | 136 href="http://www.five-ten-sg.com/dnsbl.conf">var/dnsbl/dnsbl.conf</a> |
| 127 file and modify it to fit your configuration. You can test your | 137 file and modify it to fit your configuration. You can test your |