Mercurial > dnsbl
comparison xml/dnsbl.in @ 458:6c1c2bd9fb54 stable-6-0-73
ignore dnswl entries if the sender is <>
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Tue, 18 Sep 2018 09:49:21 -0700 |
| parents | f2bc221240e8 |
| children | f3f1ece619ba |
comparison
equal
deleted
inserted
replaced
| 457:0199965a71eb | 458:6c1c2bd9fb54 |
|---|---|
| 23 </para> | 23 </para> |
| 24 </partintro> | 24 </partintro> |
| 25 | 25 |
| 26 <refentry id="@PACKAGE@.1"> | 26 <refentry id="@PACKAGE@.1"> |
| 27 <refentryinfo> | 27 <refentryinfo> |
| 28 <date>2018-06-04</date> | 28 <date>2018-09-18</date> |
| 29 <author> | 29 <author> |
| 30 <firstname>Carl</firstname> | 30 <firstname>Carl</firstname> |
| 31 <surname>Byington</surname> | 31 <surname>Byington</surname> |
| 32 <affiliation><orgname>510 Software Group</orgname></affiliation> | 32 <affiliation><orgname>510 Software Group</orgname></affiliation> |
| 33 <personblurb><para></para></personblurb> | 33 <personblurb><para></para></personblurb> |
| 389 If the answer is black, mail to this recipient is rejected with "no such | 389 If the answer is black, mail to this recipient is rejected with "no such |
| 390 user", and the dns lists are not checked. | 390 user", and the dns lists are not checked. |
| 391 </para></listitem> | 391 </para></listitem> |
| 392 <listitem><para> | 392 <listitem><para> |
| 393 If the answer is white, the mail is not from localhost, | 393 If the answer is white, the mail is not from localhost, |
| 394 and the envelope from domain name is | 394 and the envelope from domain name is listed in the current (or parents) |
| 395 listed in the current (or parents) filtering contexts dkim_from with | 395 filtering contexts dkim_from with "required_signed" or "unsigned_black", |
| 396 "required_signed" or "unsigned_black", we downgrade this white answer to unknown. | 396 we downgrade this white answer to unknown. If the answer is still white, |
| 397 If the answer is still white, mail to this recipient is accepted and the dns | 397 mail to this recipient is accepted and the dns lists are not checked. |
| 398 lists are not checked. | |
| 399 </para></listitem> | 398 </para></listitem> |
| 400 <listitem><para> | 399 <listitem><para> |
| 401 If the answer is unknown, we don't reject yet, but the dns lists will be | 400 If the answer is unknown, we don't reject yet, but the dns lists will be |
| 402 checked, and the content may be scanned. | 401 checked, and the content may be scanned. |
| 403 </para></listitem> | 402 </para></listitem> |
| 411 expression, then we check the envelope from value against that regex. | 410 expression, then we check the envelope from value against that regex. |
| 412 The mail is accepted if the envelope from value matches the specified regular | 411 The mail is accepted if the envelope from value matches the specified regular |
| 413 expression. | 412 expression. |
| 414 </para></listitem> | 413 </para></listitem> |
| 415 <listitem><para> | 414 <listitem><para> |
| 416 If the mail has not been accepted or rejected yet, the dns white lists | 415 If the mail has not been accepted or rejected yet, and the envelope from |
| 416 email address is not empty, the dns white lists | |
| 417 specified in the filtering context are checked and the mail is accepted | 417 specified in the filtering context are checked and the mail is accepted |
| 418 if any list has an A record for the standard dns based lookup scheme | 418 if any list has an A record for the standard dns based lookup scheme |
| 419 (reversed octets of the client followed by the dns suffix) with a final | 419 (reversed octets of the client followed by the dns suffix) with a final |
| 420 octet greater than or equal to the level specified for that dnswl. | 420 octet greater than or equal to the level specified for that dnswl. |
| 421 </para></listitem> | 421 </para></listitem> |
| 456 </para></listitem> | 456 </para></listitem> |
| 457 </orderedlist> | 457 </orderedlist> |
| 458 <para> | 458 <para> |
| 459 For each recipient that was accepted, we search for an autowhite entry | 459 For each recipient that was accepted, we search for an autowhite entry |
| 460 starting in the reply filtering context. If an autowhite entry is found, | 460 starting in the reply filtering context. If an autowhite entry is found, |
| 461 and the local part of the recipient address is shorter than 35 characters, | |
| 461 we add the recipient to that auto whitelist file. This will prevent reply | 462 we add the recipient to that auto whitelist file. This will prevent reply |
| 462 messages from being blocked by the dnsbl or content filtering. | 463 messages from being blocked by the dnsbl or content filtering. |
| 463 </para> | 464 </para> |
| 464 <para> | 465 <para> |
| 465 If the mail is from localhost we skip the following dkim checks, since | 466 If the mail is from localhost we skip the following dkim checks, since |
| 492 <para> | 493 <para> |
| 493 If the header from domain maps to unsigned_black then: | 494 If the header from domain maps to unsigned_black then: |
| 494 If any of the message signers are in that list, or if | 495 If any of the message signers are in that list, or if |
| 495 the source ip address passes a strong spf check for the header from | 496 the source ip address passes a strong spf check for the header from |
| 496 domain, processing continues. Otherwise, the message is rejected. | 497 domain, processing continues. Otherwise, the message is rejected. |
| 498 This is very close to enforcing DMARC for the header from domain. | |
| 497 </para> | 499 </para> |
| 498 <para> | 500 <para> |
| 499 If any of the message signers are blacklisted, the message is rejected. | 501 If any of the message signers are blacklisted, the message is rejected. |
| 500 </para> | 502 </para> |
| 501 <para> | 503 <para> |
| 783 </refentry> | 785 </refentry> |
| 784 | 786 |
| 785 | 787 |
| 786 <refentry id="@PACKAGE@.conf.5"> | 788 <refentry id="@PACKAGE@.conf.5"> |
| 787 <refentryinfo> | 789 <refentryinfo> |
| 788 <date>2018-06-04</date> | 790 <date>2018-09-18</date> |
| 789 <author> | 791 <author> |
| 790 <firstname>Carl</firstname> | 792 <firstname>Carl</firstname> |
| 791 <surname>Byington</surname> | 793 <surname>Byington</surname> |
| 792 <affiliation><orgname>510 Software Group</orgname></affiliation> | 794 <affiliation><orgname>510 Software Group</orgname></affiliation> |
| 793 <personblurb><para></para></personblurb> | 795 <personblurb><para></para></personblurb> |
| 960 # | 962 # |
| 961 # anything signed by this is accepted. | 963 # anything signed by this is accepted. |
| 962 accounts.google.com white; | 964 accounts.google.com white; |
| 963 }; | 965 }; |
| 964 dkim_from { | 966 dkim_from { |
| 967 # | |
| 968 # dmarc enforcement | |
| 969 aim.com unsigned_black "aim.com,mx.aim.com"; | |
| 970 aol.com unsigned_black "aol.com,mx.aol.com"; | |
| 971 yahoo.co.uk unsigned_black yahoo.co.uk; | |
| 972 yahoo.com unsigned_black yahoo.com; | |
| 973 yahoo.in unsigned_black yahoo.in; | |
| 965 # | 974 # |
| 966 # white/blacklisting based on presence of valid signatures | 975 # white/blacklisting based on presence of valid signatures |
| 967 credit.paypal.com require_signed credit.paypal.com; | 976 credit.paypal.com require_signed credit.paypal.com; |
| 968 paypal.com require_signed paypal.com; | 977 paypal.com require_signed paypal.com; |
| 969 dhl.com require_signed dhl.com; | 978 dhl.com require_signed dhl.com; |