Mercurial > dnsbl
comparison xml/dnsbl.in @ 270:f92f24950bd3 stable-6-0-35
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Mon, 09 Sep 2013 15:15:53 -0700 |
| parents | f941563c2a95 |
| children | 19ff60eaab74 |
comparison
equal
deleted
inserted
replaced
| 269:6d2a11f0ae41 | 270:f92f24950bd3 |
|---|---|
| 17 | 17 |
| 18 </partintro> | 18 </partintro> |
| 19 | 19 |
| 20 <refentry id="@PACKAGE@.1"> | 20 <refentry id="@PACKAGE@.1"> |
| 21 <refentryinfo> | 21 <refentryinfo> |
| 22 <date>2012-07-21</date> | 22 <date>2013-05-22</date> |
| 23 <author> | 23 <author> |
| 24 <firstname>Carl</firstname> | 24 <firstname>Carl</firstname> |
| 25 <surname>Byington</surname> | 25 <surname>Byington</surname> |
| 26 <affiliation><orgname>510 Software Group</orgname></affiliation> | 26 <affiliation><orgname>510 Software Group</orgname></affiliation> |
| 27 </author> | 27 </author> |
| 454 <configurable> ignore list, the mail is rejected. | 454 <configurable> ignore list, the mail is rejected. |
| 455 </para> | 455 </para> |
| 456 <para> | 456 <para> |
| 457 If the content uribl DNSBL is defined, and any of those host names are | 457 If the content uribl DNSBL is defined, and any of those host names are |
| 458 on that DNSBL, and the host name is not on the <configurable> | 458 on that DNSBL, and the host name is not on the <configurable> |
| 459 ignore list, the mail is rejected. Note that the Spamhaus DBL is not (yet) | 459 ignore list, the mail is rejected. There are three lists that are suitable |
| 460 suitable here, since we currently pass ip addresses to the uribl checker, | 460 here, uribl, surbl, and dbl. |
| 461 and the DBL lists all such bare ip addresses. | |
| 462 </para> | 461 </para> |
| 463 <para> | 462 <para> |
| 464 If any non-whitelisted recipient has a filtering context with a non-zero | 463 If any non-whitelisted recipient has a filtering context with a non-zero |
| 465 spamassassin limit, then the message is passed thru spamassassin (via | 464 spamassassin limit, then the message is passed thru spamassassin (via |
| 466 spamc), and the message is rejected for those recipients with spamassassin | 465 spamc), and the message is rejected for those recipients with spamassassin |
| 592 <title>TODO</title> | 591 <title>TODO</title> |
| 593 <para> | 592 <para> |
| 594 The following ideas are under consideration. | 593 The following ideas are under consideration. |
| 595 </para> | 594 </para> |
| 596 <para> | 595 <para> |
| 596 Add white/unknown to config for smtp authenticated connections. Currently | |
| 597 any authenticated connection is fully whitelisted. This would allow normal | |
| 598 spam controls to be applied even to authenticated connections. Add | |
| 599 context/authenticated_dnsbl_list and context/content/authenticated. | |
| 600 </para> | |
| 601 <para> | |
| 602 Add an optional list of domains to be enforced on the env_from value for | |
| 603 authenticated connections. User abc could be restricted to envelope from | |
| 604 values of a.com and b.com, user def could be restricted to envelope from | |
| 605 values of dd.com and ee.com. | |
| 606 </para> | |
| 607 <para> | |
| 597 Look for href="hostname/path" strings that are missing the required | 608 Look for href="hostname/path" strings that are missing the required |
| 598 http:// protocol header. Such references are still clickable in common | 609 http:// protocol header. Such references are still clickable in common |
| 599 mail software. | 610 mail software. |
| 600 </para> | |
| 601 <para> | |
| 602 Add the ability to use the DBL for content filtering. We need to avoid | |
| 603 checking bare ip addresses against that list. | |
| 604 </para> | 611 </para> |
| 605 </refsect1> | 612 </refsect1> |
| 606 | 613 |
| 607 <refsect1 id='copyright.1'> | 614 <refsect1 id='copyright.1'> |
| 608 <title>Copyright</title> | 615 <title>Copyright</title> |
| 631 </refentry> | 638 </refentry> |
| 632 | 639 |
| 633 | 640 |
| 634 <refentry id="@PACKAGE@.conf.5"> | 641 <refentry id="@PACKAGE@.conf.5"> |
| 635 <refentryinfo> | 642 <refentryinfo> |
| 636 <date>2012-07-21</date> | 643 <date>2013-05-22</date> |
| 637 <author> | 644 <author> |
| 638 <firstname>Carl</firstname> | 645 <firstname>Carl</firstname> |
| 639 <surname>Byington</surname> | 646 <surname>Byington</surname> |
| 640 <affiliation><orgname>510 Software Group</orgname></affiliation> | 647 <affiliation><orgname>510 Software Group</orgname></affiliation> |
| 641 </author> | 648 </author> |
| 683 LEVEL = INTEGER | 690 LEVEL = INTEGER |
| 684 | 691 |
| 685 REQUIRERDNS = "require_rdns" ("yes" | "no") | 692 REQUIRERDNS = "require_rdns" ("yes" | "no") |
| 686 | 693 |
| 687 CONTENT = "content" ("on" | "off") "{" {CONTENT-ST}+ "}" | 694 CONTENT = "content" ("on" | "off") "{" {CONTENT-ST}+ "}" |
| 688 CONTENT-ST = (FILTER | URIBL | IGNORE | TLD | CCTLD | HTML-TAGS | | 695 CONTENT-ST = (FILTER | URIBL | IGNORE | TLD | HTML-TAGS | HTML-LIMIT | |
| 689 HTML-LIMIT | HOST-LIMIT | SPAMASS | REQUIRE | DCCGREY | | 696 HOST-LIMIT | SPAMASS | REQUIRE | DCCGREY | DCCBULK) ";" |
| 690 DCCBULK) ";" | |
| 691 FILTER = "filter" DNSPREFIX ERROR-MSG2 | 697 FILTER = "filter" DNSPREFIX ERROR-MSG2 |
| 692 URIBL = "uribl" DNSPREFIX ERROR-MSG3 | 698 URIBL = "uribl" DNSPREFIX ERROR-MSG3 |
| 693 IGNORE = "ignore" "{" {HOSTNAME [";"]}+ "}" | 699 IGNORE = "ignore" "{" {HOSTNAME [";"]}+ "}" |
| 694 TLD = "tld" "{" {TLD [";"]}+ "}" | 700 TLD = "tld" "{" {TLD [";"]}+ "}" |
| 695 CCTLD = "cctld" "{" {TLD [";"]}+ "}" | |
| 696 HTML-TAGS = "html_tags" "{" {HTMLTAG [";"]}+ "}" | 701 HTML-TAGS = "html_tags" "{" {HTMLTAG [";"]}+ "}" |
| 697 ERROR-MSG1 = string containing exactly two %s replacement tokens | 702 ERROR-MSG1 = string containing exactly two %s replacement tokens |
| 698 both are replaced with the client ip address | 703 both are replaced with the client ip address |
| 699 ERROR-MSG2 = string containing exactly two %s replacement tokens | 704 ERROR-MSG2 = string containing exactly two %s replacement tokens |
| 700 the first is replaced with the hostname, and the second | 705 the first is replaced with the hostname, and the second |
| 746 dnsbl_list sbl; | 751 dnsbl_list sbl; |
| 747 | 752 |
| 748 // outbound content filtering to prevent our own customers from sending spam | 753 // outbound content filtering to prevent our own customers from sending spam |
| 749 content on { | 754 content on { |
| 750 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; | 755 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; |
| 751 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s"; | 756 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.surbl.org/surbl-analysis?d=%s"; |
| 752 #uribl multi.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s"; | 757 #uribl multi.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s"; |
| 758 #uribl dbl.spamhaus.org "Mail containing %s rejected - dbl; see http://www.spamhaus.org/query/domain?domain=%s"; | |
| 753 ignore { include "hosts-ignore.conf"; }; | 759 ignore { include "hosts-ignore.conf"; }; |
| 754 tld { include "tld.conf"; }; | 760 tld { include "tld.conf"; }; |
| 755 cctld { include "cctld.conf"; }; | |
| 756 html_tags { include "html-tags.conf"; }; | 761 html_tags { include "html-tags.conf"; }; |
| 757 html_limit on 20 "Mail containing excessive bad html tags rejected"; | 762 html_limit on 20 "Mail containing excessive bad html tags rejected"; |
| 758 html_limit off; | 763 html_limit off; |
| 759 host_limit on 20 "Mail containing excessive host names rejected"; | 764 host_limit on 20 "Mail containing excessive host names rejected"; |
| 760 host_limit soft 20; | 765 host_limit soft 20; |
| 792 dnswl_list dnswl.org; | 797 dnswl_list dnswl.org; |
| 793 require_rdns yes; | 798 require_rdns yes; |
| 794 | 799 |
| 795 content on { | 800 content on { |
| 796 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; | 801 filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; |
| 797 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s"; | 802 uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.surbl.org/surbl-analysis?d=%s"; |
| 798 #uribl multi.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s"; | 803 #uribl multi.uribl.com "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s"; |
| 804 #uribl dbl.spamhaus.org "Mail containing %s rejected - dbl; see http://www.spamhaus.org/query/domain?domain=%s"; | |
| 799 ignore { include "hosts-ignore.conf"; }; | 805 ignore { include "hosts-ignore.conf"; }; |
| 800 tld { include "tld.conf"; }; | 806 tld { include "tld.conf"; }; |
| 801 cctld { include "cctld.conf"; }; | |
| 802 html_tags { include "html-tags.conf"; }; | 807 html_tags { include "html-tags.conf"; }; |
| 803 html_limit off; | 808 html_limit off; |
| 804 host_limit soft 20; | 809 host_limit soft 20; |
| 805 spamassassin 5; | 810 spamassassin 5; |
| 806 require_match yes; | 811 require_match yes; |