Mercurial > dnsbl

comparison xml/dnsbl.in @ 278:368572c57013

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add limits on unique ip addresses per hour per authenticated user
author Carl Byington <carl@five-ten-sg.com>
date Tue, 17 Dec 2013 15:35:23 -0800
parents 19ff60eaab74
children 896b9393d3f0
comparison
equal deleted inserted replaced
277:7163e9b04bdb 278:368572c57013
610 <para> 610 <para>
611 Look for href="hostname/path" strings that are missing the required 611 Look for href="hostname/path" strings that are missing the required
612 http:// protocol header. Such references are still clickable in common 612 http:// protocol header. Such references are still clickable in common
613 mail software. 613 mail software.
614 </para> 614 </para>
615 <para>
616 Add trusted_spf list of domains for which we trust their spf data. Mail
617 from their listed ip addresses from their domain will be whitelisted.
618 </para>
615 </refsect1> 619 </refsect1>
616 620
617 <refsect1 id='copyright.1'> 621 <refsect1 id='copyright.1'>
618 <title>Copyright</title> 622 <title>Copyright</title>
619 <para> 623 <para>
732 736
733 ENV_FROM = "env_from" [DEFAULT] "{" {(FROM-ADDR | DCC-FROM)}+ "}" 737 ENV_FROM = "env_from" [DEFAULT] "{" {(FROM-ADDR | DCC-FROM)}+ "}"
734 FROM-ADDR = ADDRESS VALUE [";"] 738 FROM-ADDR = ADDRESS VALUE [";"]
735 DCC-FROM = "dcc_from" "{" DCCINCLUDEFILE "}" ";" 739 DCC-FROM = "dcc_from" "{" DCCINCLUDEFILE "}" ";"
736 740
737 RATE-LIMIT = "rate_limit" [DEFAULT_LIMIT [DAILY_MULTIPLE]] "{" (RATE)+ "}" 741 RATE-LIMIT = "rate_limit" DEFAULT_RCPT_LIMIT DAILY_MULTIPLE_RCPT
738 RATE = USER LIMIT [";"] 742 DEFAULT_IP_LIMIT DAILY_MULTIPLE_IP "{" (RATE)+ "}"
739 LIMIT = INTEGER 743 RATE = USER RCPTLIMIT IPLIMIT ";"
740 DEFAULT_LIMIT = INTEGER 744 RCPTLIMIT = INTEGER
741 DAILY_MULTIPLE = INTEGER 745 DEFAULT_RCPT_LIMIT = INTEGER
746 DAILY_MULTIPLE_RCPT = INTEGER
747 DEFAULT_IP_LIMIT = INTEGER
748 DAILY_MULTIPLE_IP = INTEGER
742 749
743 DEFAULT = ("white" | "black" | "unknown" | "inherit" | "") 750 DEFAULT = ("white" | "black" | "unknown" | "inherit" | "")
744 ADDRESS = (USER@ | DOMAIN | USER@DOMAIN) 751 ADDRESS = (USER@ | DOMAIN | USER@DOMAIN)
745 VALUE = ("white" | "black" | "unknown" | "inherit" | CHILD-CONTEXT-NAME)]]></literallayout> 752 VALUE = ("white" | "black" | "unknown" | "inherit" | CHILD-CONTEXT-NAME)]]></literallayout>
746 </refsect1> 753 </refsect1>
770 require_match yes; 777 require_match yes;
771 dcc_greylist yes; 778 dcc_greylist yes;
772 dcc_bulk_threshold 50; 779 dcc_bulk_threshold 50;
773 }; 780 };
774 781
775 // backscatter prevention - don't send bounces for mail that we accepted but could not forward 782 // backscatter prevention - do not send bounces for mail that we accepted but could not forward
776 // we only send bounces to our own customers 783 // we only send bounces to our own customers
777 env_from unknown { 784 env_from unknown {
778 "<>" black; 785 "<>" black;
779 }; 786 };
780 787
781 // hourly recipient rate limit by smtp auth client id, 788 // hourly recipient rate limit by smtp auth client id, or unauthenticated mail from address
782 // or unauthenticated mail from address 789 // hourly unique ip addresses by smtp auth client id, or unauthenticated mail from address
783 // default hourly limit is 30 790 // default hourly rate limit is 30
784 // daily limits are 4 times the hourly limit 791 // daily rate limits are 4 times the hourly limit
785 rate_limit 30 4 { // default 792 // default hourly unique ip addresses is 5
786 #fred 100; // override default limits 793 // daily unique ip addresses are 4 times the hourly limit
787 #joe 10; // "" 794 rate_limit 30 4 5 4 { // default
788 #"sam@somedomain.tld" 500; 795 fred 100 10; // override default limits
789 #"@otherdomain.tld" 100; 796 joe 10 2; // ""
797 "sam@somedomain.tld" 500 2;
798 "@otherdomain.tld" 100 2;
790 }; 799 };
791 }; 800 };
792 801
793 context main { 802 context main {
794 dnsbl localp partial.blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; 803 dnsbl localp partial.blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";