Mercurial > dnsbl

comparison xml/dnsbl.in @ 92:505e77188317

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
optimize verification step, cleanup documentation
author carl
date Wed, 21 Sep 2005 08:00:08 -0700
parents 962a1f8f1d9f
children e107ade3b1c0
comparison
equal deleted inserted replaced
91:ca46fafc6621 92:505e77188317
1 <html> 1 <html>
2 2
3 <head> 3 <head>
4 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> 4 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
5 <title>DNSBL Sendmail milter - Version 5.4</title> 5 <title>DNSBL Sendmail milter - Version 5.5</title>
6 </head> 6 </head>
7 7
8 <center>Introduction</center> 8 <center>Introduction</center>
9 <p>This milter is released under the GPL license version 2 included in 9 <p>This milter is released under the GPL license version 2 included in
10 the LICENSE file in the distribution, and also available at 10 the LICENSE file in the distribution, and also available at
16 server. We present here a mechanism whereby the backup mail server can 16 server. We present here a mechanism whereby the backup mail server can
17 use the correct set of DNSBLs for each recipient for each message. As a 17 use the correct set of DNSBLs for each recipient for each message. As a
18 side-effect, it gives us the ability to customize the set of DNSBLs on a 18 side-effect, it gives us the ability to customize the set of DNSBLs on a
19 per-recipient basis, so that fred@example.com could use SPEWS and the 19 per-recipient basis, so that fred@example.com could use SPEWS and the
20 SBL, where all other users @example.com use only the SBL. 20 SBL, where all other users @example.com use only the SBL.
21
22 <p>This milter can also verify the envelope from/recipient pairs with
23 the primary MX server. This allows the backup mail servers to properly
24 reject mail sent to invalid addresses. Otherwise, the backup mail
25 servers will accept that mail, and then generate a bounce message when
26 the message is forwarded to the primary server (and rejected there with
27 no such user).
21 28
22 <p>This milter will also decode (uuencode, base64, mime, html entity, 29 <p>This milter will also decode (uuencode, base64, mime, html entity,
23 url encodings) and scan for HTTP and HTTPS URLs and bare hostnames in 30 url encodings) and scan for HTTP and HTTPS URLs and bare hostnames in
24 the body of the mail. If any of those host names have A or NS records 31 the body of the mail. If any of those host names have A or NS records
25 on the SBL (or a single configurable DNSBL), the mail will be rejected 32 on the SBL (or a single configurable DNSBL), the mail will be rejected
110 part of the envelope from address, 3) the user@ part of the envelope 117 part of the envelope from address, 3) the user@ part of the envelope
111 from address] in that context's env_from statement, with values that 118 from address] in that context's env_from statement, with values that
112 point to a child context. If such an entry is found, we switch to that 119 point to a child context. If such an entry is found, we switch to that
113 child filtering context. 120 child filtering context.
114 121
115 <br><br><li>If the filtering context specifies a verification host, and
116 the envelope to email address is covered by this filtering context, and
117 the verification host is not our own hostname, we open an smtp
118 conversation with that verification host. The current envelope from and
119 recipient to values are passed to that verification host. If we receive
120 anything other than a 250 response those commands, we reject the current
121 recipient with "no such user".
122
123 <br><br><li>We lookup [1) the full envelope from email address, 2) the 122 <br><br><li>We lookup [1) the full envelope from email address, 2) the
124 domain name part of the envelope from address, 3) the user@ part of the 123 domain name part of the envelope from address, 3) the user@ part of the
125 envelope from address] in the filtering context env_from statement. 124 envelope from address] in the filtering context env_from statement.
126 That results in one of (white, black, unknown, inherit). 125 That results in one of (white, black, unknown, inherit).
127 126
141 and the mail is rejected if any list has an A record for the standard 140 and the mail is rejected if any list has an A record for the standard
142 dns based lookup scheme (reversed octets of the client followed by the 141 dns based lookup scheme (reversed octets of the client followed by the
143 dns suffix). 142 dns suffix).
144 143
145 <br><br><li>If the mail has not been accepted or rejected yet, and the 144 <br><br><li>If the mail has not been accepted or rejected yet, and the
145 filtering context specifies a verification host, and the envelope to
146 email address is covered by this filtering context, and the verification
147 host is not our own hostname, we open an smtp conversation with that
148 verification host. The current envelope from and recipient to values
149 are passed to that verification host. If we receive a 5xy response
150 those commands, we reject the current recipient with "no such user".
151
152 <br><br><li>If the mail has not been accepted or rejected yet, and the
146 filtering context enables content filtering, and this is the first such 153 filtering context enables content filtering, and this is the first such
147 recipient in this smtp transaction, we set the content filtering parameters 154 recipient in this smtp transaction, we set the content filtering
148 from this context, and enable content filtering for this body. 155 parameters from this context, and enable content filtering for the body
156 of this message.
149 157
150 </ol> 158 </ol>
151 159
152 <p>If content filtering is enabled for this body, the mail text is 160 <p>If content filtering is enabled for this body, the mail text is
153 decoded (uuencode, base64, mime, html entity, url encodings), scanned 161 decoded (uuencode, base64, mime, html entity, url encodings), scanned