Mercurial > dnsbl
comparison xml/dnsbl.in @ 5:793ac9cc114d stable-1-0
updates to use dcc conf files
| author | carl |
|---|---|
| date | Wed, 21 Apr 2004 16:09:07 -0700 |
| parents | 15a7e942adec |
| children | cea50d98a6cf |
comparison
equal
deleted
inserted
replaced
| 4:15a7e942adec | 5:793ac9cc114d |
|---|---|
| 26 href="http://www.rhyolite.com/anti-spam/dcc/">DCC</a> milter, there are | 26 href="http://www.rhyolite.com/anti-spam/dcc/">DCC</a> milter, there are |
| 27 a few considerations. You may need to whitelist senders from the DCC | 27 a few considerations. You may need to whitelist senders from the DCC |
| 28 bulk detector, or from the DNS based lists. Those are two very | 28 bulk detector, or from the DNS based lists. Those are two very |
| 29 different reasons for whitelisting. The former is done thru the DCC | 29 different reasons for whitelisting. The former is done thru the DCC |
| 30 whiteclnt config file, the later is done thru the DNSBL milter config | 30 whiteclnt config file, the later is done thru the DNSBL milter config |
| 31 file. There is an option to reference the DCC whiteclnt file (via an | 31 file. |
| 32 include_dcc line) in the DNSBL milter config. This will import the | |
| 33 (env_to, env_from, and substitute mail_host) entries from the DCC config | |
| 34 into the DNSBL config. This allows using the DCC config as the single | |
| 35 point for white/blacklisting. | |
| 36 | 32 |
| 37 <p>You may want to blacklist some specific senders or sending domains. | 33 <p>You may want to blacklist some specific senders or sending domains. |
| 38 This could be done thru either the DCC (on a global basis, or for a | 34 This could be done thru either the DCC (on a global basis, or for a |
| 39 specific single recipient). We prefer to do such blacklisting via the | 35 specific single recipient). We prefer to do such blacklisting via the |
| 40 DNSBL milter config, since it can be done for an entire recipient mail | 36 DNSBL milter config, since it can be done for an entire recipient mail |
| 41 domain. The DCC approach has the feature that you can capture the | 37 domain. The DCC approach has the feature that you can capture the |
| 42 entire message in the DCC log files. The DNSBL milter approach has the | 38 entire message in the DCC log files. The DNSBL milter approach has the |
| 43 feature that the mail is rejected earlier (at RCPT TO time), and the | 39 feature that the mail is rejected earlier (at RCPT TO time), and the |
| 44 sending machine just gets a generic "550 5.7.1 no such user" message. | 40 sending machine just gets a generic "550 5.7.1 no such user" message. |
| 41 | |
| 42 <p>There is an option to reference the DCC whiteclnt file (via an | |
| 43 include_dcc line) in the DNSBL milter config. This will import the | |
| 44 (env_to, env_from, and substitute mail_host) entries from the DCC config | |
| 45 into the DNSBL config. This allows using the DCC config as the single | |
| 46 point for white/blacklisting. | |
| 47 | |
| 48 <p>Consider the case where you have multiple clients, each with their | |
| 49 own mail servers, and each running their own DCC milters. Each client | |
| 50 is using the DCC facilities for envelope from/to white/blacklisting. | |
| 51 Presumably you can use rsync or scp to fetch copies of these clients DCC | |
| 52 whiteclnt files on a regular basis. Your mail server, acting as a | |
| 53 backup MX for your clients, can use the DNSBL milter, and include those | |
| 54 client DCC config files. The envelope to white/blacklisting will be | |
| 55 global for your system, but the envelope from white/blacklisting will be | |
| 56 appropriately tagged and used only for the domains controlled by each of | |
| 57 those clients. | |
| 45 | 58 |
| 46 <p>Definitions: | 59 <p>Definitions: |
| 47 | 60 |
| 48 <p>DNSBL - a named DNS based blocking list is defined by a dns suffix | 61 <p>DNSBL - a named DNS based blocking list is defined by a dns suffix |
| 49 (e.g. sbl-xbl.spamhaus.org) and a message string that is used to | 62 (e.g. sbl-xbl.spamhaus.org) and a message string that is used to |