Mercurial > dnsbl

comparison xml/dnsbl.in @ 451:f2bc221240e8 stable-6-0-70

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add unsigned_black for enforcement of dmarc policy
author Carl Byington <carl@five-ten-sg.com>
date Mon, 04 Jun 2018 16:25:06 -0700
parents 7b072e16bd69
children 6c1c2bd9fb54
comparison
equal deleted inserted replaced
450:a0293ef794a7 451:f2bc221240e8
23 </para> 23 </para>
24 </partintro> 24 </partintro>
25 25
26 <refentry id="@PACKAGE@.1"> 26 <refentry id="@PACKAGE@.1">
27 <refentryinfo> 27 <refentryinfo>
28 <date>2017-11-03</date> 28 <date>2018-06-04</date>
29 <author> 29 <author>
30 <firstname>Carl</firstname> 30 <firstname>Carl</firstname>
31 <surname>Byington</surname> 31 <surname>Byington</surname>
32 <affiliation><orgname>510 Software Group</orgname></affiliation> 32 <affiliation><orgname>510 Software Group</orgname></affiliation>
33 <personblurb><para></para></personblurb> 33 <personblurb><para></para></personblurb>
391 </para></listitem> 391 </para></listitem>
392 <listitem><para> 392 <listitem><para>
393 If the answer is white, the mail is not from localhost, 393 If the answer is white, the mail is not from localhost,
394 and the envelope from domain name is 394 and the envelope from domain name is
395 listed in the current (or parents) filtering contexts dkim_from with 395 listed in the current (or parents) filtering contexts dkim_from with
396 "required_signed", we downgrade this white answer to unknown. 396 "required_signed" or "unsigned_black", we downgrade this white answer to unknown.
397 If the answer is still white, mail to this recipient is accepted and the dns 397 If the answer is still white, mail to this recipient is accepted and the dns
398 lists are not checked. 398 lists are not checked.
399 </para></listitem> 399 </para></listitem>
400 <listitem><para> 400 <listitem><para>
401 If the answer is unknown, we don't reject yet, but the dns lists will be 401 If the answer is unknown, we don't reject yet, but the dns lists will be
472 signers of this message from the header added by the dkim-milter. If any 472 signers of this message from the header added by the dkim-milter. If any
473 of the message signers are whitelisted, the message is accepted. 473 of the message signers are whitelisted, the message is accepted.
474 </para> 474 </para>
475 <para> 475 <para>
476 If the header from domain maps to required_signed then: 476 If the header from domain maps to required_signed then:
477 If any of the message signers are in that list, the message is accepted. 477 If any of the message signers are in that list, or if
478 If the source ip address passes a strong spf check for the header from 478 the source ip address passes a strong spf check for the header from
479 domain, the message is accepted. Otherwise, the message is rejected. 479 domain, the message is accepted. Otherwise, the message is rejected.
480 </para> 480 </para>
481 <para> 481 <para>
482 If the header from domain maps to signed_white then: 482 If the header from domain maps to signed_white then:
483 If any of the message signers are in that list, the message is accepted. 483 If any of the message signers are in that list, or if
484 If the source ip address passes a strong spf check for the header from 484 the source ip address passes a strong spf check for the header from
485 domain, the message is accepted. Otherwise, processing continues. 485 domain, the message is accepted. Otherwise, processing continues.
486 </para> 486 </para>
487 <para> 487 <para>
488 If the header from domain maps to signed_black then: 488 If the header from domain maps to signed_black then:
489 If any of the message signers are in that list, the message is rejected. 489 If any of the message signers are in that list, the message is rejected.
490 Otherwise, processing continues. 490 Otherwise, processing continues.
491 </para>
492 <para>
493 If the header from domain maps to unsigned_black then:
494 If any of the message signers are in that list, or if
495 the source ip address passes a strong spf check for the header from
496 domain, processing continues. Otherwise, the message is rejected.
491 </para> 497 </para>
492 <para> 498 <para>
493 If any of the message signers are blacklisted, the message is rejected. 499 If any of the message signers are blacklisted, the message is rejected.
494 </para> 500 </para>
495 <para> 501 <para>
777 </refentry> 783 </refentry>
778 784
779 785
780 <refentry id="@PACKAGE@.conf.5"> 786 <refentry id="@PACKAGE@.conf.5">
781 <refentryinfo> 787 <refentryinfo>
782 <date>2017-11-03</date> 788 <date>2018-06-04</date>
783 <author> 789 <author>
784 <firstname>Carl</firstname> 790 <firstname>Carl</firstname>
785 <surname>Byington</surname> 791 <surname>Byington</surname>
786 <affiliation><orgname>510 Software Group</orgname></affiliation> 792 <affiliation><orgname>510 Software Group</orgname></affiliation>
787 <personblurb><para></para></personblurb> 793 <personblurb><para></para></personblurb>
857 DCCGREY = "dcc_greylist" ("yes" | "no") 863 DCCGREY = "dcc_greylist" ("yes" | "no")
858 DCCBULK = "dcc_bulk_threshold" (INTEGER | "many" | "off") 864 DCCBULK = "dcc_bulk_threshold" (INTEGER | "many" | "off")
859 865
860 DKIMSIGNER = "dkim_signer" "{" {SIGNING_DOMAIN DEF [";"]}+ "}" 866 DKIMSIGNER = "dkim_signer" "{" {SIGNING_DOMAIN DEF [";"]}+ "}"
861 DKIMFROM = "dkim_from" "{" {HEADER_FROM_DOMAIN DKIMVALUE SIGNERS [";"]}+ "}" 867 DKIMFROM = "dkim_from" "{" {HEADER_FROM_DOMAIN DKIMVALUE SIGNERS [";"]}+ "}"
862 DKIMVALUE = "signed_white" | "signed_black" | "require_signed" 868 DKIMVALUE = "signed_white" | "signed_black" | "require_signed" | "unsigned_black"
863 SIGNERS = quoted comma separated SIGNING_DOMAINs no whitespace 869 SIGNERS = quoted comma separated SIGNING_DOMAINs no whitespace
864 870
865 ENV-TO = "env_to" "{" {(TO-ADDR | DCC-TO)}+ "}" 871 ENV-TO = "env_to" "{" {(TO-ADDR | DCC-TO)}+ "}"
866 TO-ADDR = ADDRESS [";"] 872 TO-ADDR = ADDRESS [";"]
867 DCC-TO = "dcc_to" ("ok" | "many") "{" DCCINCLUDEFILE "}" ";" 873 DCC-TO = "dcc_to" ("ok" | "many") "{" DCCINCLUDEFILE "}" ";"