comparison xml/dnsbl.in @ 284:896b9393d3f0 stable-6-0-39

Fix segfault caused by freeing unallocated memory
author Carl Byington <carl@five-ten-sg.com>
date Tue, 31 Dec 2013 10:44:15 -0800
parents 368572c57013
children 1f40b1b0ad31
comparison
equal deleted inserted replaced
283:7438f79afeb0 284:896b9393d3f0
198 the connection does not use SMTP AUTH, the rate limits 198 the connection does not use SMTP AUTH, the rate limits
199 may be specified by the mail from email address or 199 may be specified by the mail from email address or
200 domain. 200 domain.
201 </para> 201 </para>
202 <para> 202 <para>
203 This milter can also impose hourly and daily limits on the number of
204 different ip addresses used for SMTP AUTH connections. If a single
205 user is connecting from too many different ip addresses, we presume that
206 their authentication credentials have been discovered, and block their
207 outgoing mail.
208 </para>
209 <para>
203 Consider the case of a message from A to B passing thru this milter. If 210 Consider the case of a message from A to B passing thru this milter. If
204 that message is not blocked, then we might eventually see a reply 211 that message is not blocked, then we might eventually see a reply
205 message from B to A. If the filtering context for A includes an 212 message from B to A. If the filtering context for A includes an
206 autowhite entry, and that context does <emphasis>not</emphasis> cover B 213 autowhite entry, and that context does <emphasis>not</emphasis> cover B
207 as a recipient, then this milter will add an entry in that file to 214 as a recipient, then this milter will add an entry in that file to
332 such a reply message would be blocked, we also block the original 339 such a reply message would be blocked, we also block the original
333 outgoing message. This prevents folks from sending mail to recipients 340 outgoing message. This prevents folks from sending mail to recipients
334 that are unable to reply. 341 that are unable to reply.
335 </para> 342 </para>
336 <para> 343 <para>
337 If the client has authenticated with sendmail, the rate limits are 344 If the client has authenticated with sendmail, the recipient rate limits
345 and connection ip address limits are
338 checked. If the authenticated user has not exceeded the hourly or daily rate 346 checked. If the authenticated user has not exceeded the hourly or daily rate
339 limits, then the mail is accepted, the filtering contexts are not used, 347 limits, then the mail is accepted, the filtering contexts are not used,
340 the dns lists are not checked, and the body content is not scanned. If 348 the dns lists are not checked, and the body content is not scanned. These
349 rate limits can also be applied to unauthenticated connections, in which case
350 the envelope from value is used as the authentication id for lookup purposes.
351 If
341 the client has not authenticated with sendmail, we follow these steps 352 the client has not authenticated with sendmail, we follow these steps
342 for each recipient. 353 for each recipient.
343 </para> 354 </para>
344 <orderedlist> 355 <orderedlist>
345 <listitem><para> 356 <listitem><para>
455 </para> 466 </para>
456 <para> 467 <para>
457 If the content uribl DNSBL is defined, and any of those host names are 468 If the content uribl DNSBL is defined, and any of those host names are
458 on that DNSBL, and the host name is not on the &lt;configurable&gt; 469 on that DNSBL, and the host name is not on the &lt;configurable&gt;
459 ignore list, the mail is rejected. There are three lists that are suitable 470 ignore list, the mail is rejected. There are three lists that are suitable
460 here, uribl, surbl, and dbl. 471 here, URIBL, SURBL, and DBL.
461 </para> 472 </para>
462 <para> 473 <para>
463 If any non-whitelisted recipient has a filtering context with a non-zero 474 If any non-whitelisted recipient has a filtering context with a non-zero
464 spamassassin limit, then the message is passed thru spamassassin (via 475 spamassassin limit, then the message is passed thru spamassassin (via
465 spamc), and the message is rejected for those recipients with spamassassin 476 spamc), and the message is rejected for those recipients with spamassassin
595 <para> 606 <para>
596 Add config switch to require the HELO argument to resolve to an ip address. 607 Add config switch to require the HELO argument to resolve to an ip address.
597 </para> 608 </para>
598 <para> 609 <para>
599 Add white/unknown to config for smtp authenticated connections. Currently 610 Add white/unknown to config for smtp authenticated connections. Currently
600 any authenticated connection is fully whitelisted. This would allow normal 611 any authenticated connection is fully whitelisted. The only spam control
612 on those connections is rate limiting. This feature would allow content based
601 spam controls to be applied even to authenticated connections. Add 613 spam controls to be applied even to authenticated connections. Add
602 context/authenticated_dnsbl_list and context/content/authenticated. 614 context/authenticated_dnsbl_list and context/content/authenticated.
603 </para> 615 </para>
604 <para> 616 <para>
605 Add an optional list of domains to be enforced on the env_from value for 617 Add an optional list of domains to be enforced on the env_from value for
611 Look for href="hostname/path" strings that are missing the required 623 Look for href="hostname/path" strings that are missing the required
612 http:// protocol header. Such references are still clickable in common 624 http:// protocol header. Such references are still clickable in common
613 mail software. 625 mail software.
614 </para> 626 </para>
615 <para> 627 <para>
616 Add trusted_spf list of domains for which we trust their spf data. Mail 628 Add spf to the white/black/unknown values in env_from blocks. This
617 from their listed ip addresses from their domain will be whitelisted. 629 results in whitelisting that envelope from value as long as the connection
630 is made from an ip address listed in the domain spf txt record.
618 </para> 631 </para>
619 </refsect1> 632 </refsect1>
620 633
621 <refsect1 id='copyright.1'> 634 <refsect1 id='copyright.1'>
622 <title>Copyright</title> 635 <title>Copyright</title>
785 "<>" black; 798 "<>" black;
786 }; 799 };
787 800
788 // hourly recipient rate limit by smtp auth client id, or unauthenticated mail from address 801 // hourly recipient rate limit by smtp auth client id, or unauthenticated mail from address
789 // hourly unique ip addresses by smtp auth client id, or unauthenticated mail from address 802 // hourly unique ip addresses by smtp auth client id, or unauthenticated mail from address
790 // default hourly rate limit is 30 803 // default hourly recipient rate limit is 30
791 // daily rate limits are 4 times the hourly limit 804 // daily recipient rate limits are 4 times the hourly limit
792 // default hourly unique ip addresses is 5 805 // default hourly unique ip addresses is 5
793 // daily unique ip addresses are 4 times the hourly limit 806 // daily unique ip addresses are 4 times the hourly limit
794 rate_limit 30 4 5 4 { // default 807 rate_limit 30 4 5 4 { // default
795 fred 100 10; // override default limits 808 fred 100 10; // override default limits
796 joe 10 2; // "" 809 joe 10 2; // ""