Mercurial > dnsbl

comparison xml/dnsbl.in @ 160:b3ed72ee6564

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
allow manual updates to auto whitelist files
author carl
date Tue, 10 Jul 2007 11:20:23 -0700
parents ca4f178f9064
children d384df37491f
comparison
equal deleted inserted replaced
159:ea7c57a4a2d1 160:b3ed72ee6564
178 <para> 178 <para>
179 Consider the case of a message from A to B passing thru this milter. 179 Consider the case of a message from A to B passing thru this milter.
180 If that message is not blocked, then we might eventually see a reply 180 If that message is not blocked, then we might eventually see a reply
181 message from B to A. If the filtering context for A includes an 181 message from B to A. If the filtering context for A includes an
182 autowhite entry, then this milter will add an entry in that file to 182 autowhite entry, then this milter will add an entry in that file to
183 whitelist such replies. Note that manually editing such autowhite files 183 whitelist such replies for a configurable time period. Such autowhite
184 is not supported. Also, such autowhite files need to be writeable by the 184 files need to be writeable by the dnsbl user, where all the other dnsbl
185 dnsbl user, where all the other dnsbl configuration files only need 185 configuration files only need to be readable by the dnsbl user.
186 to be readable by the dnsbl user.
187 </para> 186 </para>
188 <para> 187 <para>
189 The DNSBL milter reads a text configuration file (dnsbl.conf) on 188 The DNSBL milter reads a text configuration file (dnsbl.conf) on
190 startup, and whenever the config file (or any of the referenced include 189 startup, and whenever the config file (or any of the referenced include
191 files) is changed. The entire configuration file is case insensitive. 190 files) is changed. The entire configuration file is case insensitive.
262 <refsect1 id='filtering.1'> 261 <refsect1 id='filtering.1'>
263 <title>Filtering Procedure</title> 262 <title>Filtering Procedure</title>
264 <para> 263 <para>
265 The SMTP envelope 'from' and 'to' values are used in various checks. 264 The SMTP envelope 'from' and 'to' values are used in various checks.
266 The first check is to see if a reply message (swapping the env_from and 265 The first check is to see if a reply message (swapping the env_from and
267 env_to values) would be blocked. That check is similar to the main 266 env_to values) would be unconditionally blocked (just based on the
268 check described below, but there is no body content to be scanned, and 267 envelope from address). That check is similar to the main check
269 there is no client connection ip address to be checked against DNSBLs. 268 described below, but there is no body content to be scanned, and there
270 This prevents folks from sending mail to recipients that are unable to 269 is no client connection ip address to be checked against DNSBLs. If
271 reply. 270 such a reply message would be blocked, we also block the original
271 outgoing message. This prevents folks from sending mail to recipients
272 that are unable to reply.
272 </para> 273 </para>
273 <para> 274 <para>
274 If the client has authenticated with sendmail, the rate limits are 275 If the client has authenticated with sendmail, the rate limits are
275 checked. If the authenticated user has not exceeded the hourly rate 276 checked. If the authenticated user has not exceeded the hourly rate
276 limit, then the mail is accepted, the filtering contexts are not used, 277 limit, then the mail is accepted, the filtering contexts are not used,
343 in this smtp transaction, we set the content filtering parameters from 344 in this smtp transaction, we set the content filtering parameters from
344 this context, and enable content filtering for the body of this message. 345 this context, and enable content filtering for the body of this message.
345 </para></listitem> 346 </para></listitem>
346 </orderedlist> 347 </orderedlist>
347 <para> 348 <para>
349 For each recipient that was accepted, we search for an autowhite entry
350 starting in the reply filtering context. If an autowhite entry is found,
351 we add the recipient to that auto whitelist file. This will prevent reply
352 messages from being blocked by the dnsbl or content filtering.
353 </para>
354 <para>
348 If content filtering is enabled for this body, the mail text is decoded 355 If content filtering is enabled for this body, the mail text is decoded
349 (uuencode, base64, mime, html entity, url encodings), and scanned for HTTP 356 (uuencode, base64, mime, html entity, url encodings), and scanned for HTTP
350 and HTTPS URLs or bare host names. Hostnames must be either ip address 357 and HTTPS URLs or bare host names. Hostnames must be either ip address
351 literals, or must end in a string defined by the TLD list. The first 358 literals, or must end in a string defined by the TLD list. The first
352 &lt;configurable&gt; host names are checked as follows. 359 &lt;configurable&gt; host names are checked as follows.
491 Copyright (C) 2005 by 510 Software Group &lt;carl@five-ten-sg.com&gt; 498 Copyright (C) 2005 by 510 Software Group &lt;carl@five-ten-sg.com&gt;
492 </para> 499 </para>
493 <para> 500 <para>
494 This program is free software; you can redistribute it and/or modify it 501 This program is free software; you can redistribute it and/or modify it
495 under the terms of the GNU General Public License as published by the 502 under the terms of the GNU General Public License as published by the
496 Free Software Foundation; either version 2, or (at your option) any 503 Free Software Foundation; either version 3, or (at your option) any
497 later version. 504 later version.
498 </para> 505 </para>
499 <para> 506 <para>
500 You should have received a copy of the GNU General Public License along 507 You should have received a copy of the GNU General Public License along
501 with this program; see the file COPYING. If not, please write to the 508 with this program; see the file COPYING. If not, please write to the