dnsbl: xml/dnsbl.in comparison

comparison xml/dnsbl.in @ 268:f941563c2a95 stable-6-0-34

Add require_rdns checking

author	Carl Byington <carl@five-ten-sg.com>
date	Wed, 22 May 2013 11:29:44 -0700
parents	e118fd2c6af0
children	f92f24950bd3

comparison

equal deleted inserted replaced

-:db12f6028f8b
+:f941563c2a95
 outgoing message.  This prevents folks from sending mail to recipients
 that are unable to reply.
 </para>
 <para>
 If the client has authenticated with sendmail, the rate limits are
-checked.  If the authenticated user has not exceeded the hourly rate
+checked.  If the authenticated user has not exceeded the hourly or daily rate
-limit, then the mail is accepted, the filtering contexts are not used,
+limits, then the mail is accepted, the filtering contexts are not used,
 the dns lists are not checked, and the body content is not scanned.  If
 the client has not authenticated with sendmail, we follow these steps
 for each recipient.
 </para>
 <orderedlist>
 <listitem><para>
 If the mail has not been accepted or rejected yet, the dns black lists
 specified in the filtering context are checked and the mail is rejected
 if any list has an A record for the standard dns based lookup scheme
 (reversed octets of the client followed by the dns suffix).
+</para></listitem>
+<listitem><para>
+If the mail has not been accepted or rejected yet, and the filtering
+context (or any ancestor context) requires matching reverse dns client
+name, the mail is rejected if the client name is empty or forged.
 </para></listitem>
 <listitem><para>
 If the mail has not been accepted or rejected yet, and the filtering
 context (or any ancestor context) specifies a non-empty generic regular
 expression, then we check the fully qualified client name (obtained via
 </para>
 <para>
 Add the ability to use the DBL for content filtering. We need to avoid
 checking bare ip addresses against that list.
 </para>
-<para>
-Add daily recipient limits based on some fixed multiple (perhaps 3?)
-of the hourly limit.
-</para>
 </refsect1>
 <refsect1 id='copyright.1'>
 <title>Copyright</title>
 <para>
 <literallayout class="monospaced"><![CDATA[
 CONFIG     = {CONTEXT ";"}+
 CONTEXT    = "context" NAME "{" {STATEMENT}+ "}"
 STATEMENT  = (DNSBL    | DNSBLLIST | DNSWL   | DNSWLLIST | CONTENT | ENV-TO
 | VERIFY  | GENERIC   | W_REGEX | AUTOWHITE | CONTEXT | ENV-FROM
-| RATE-LIMIT) ";"
+| RATE-LIMIT | REQUIRERDNS) ";"
 DNSBL      = "dnsbl" NAME DNSPREFIX ERROR-MSG1
 DNSBLLIST  = "dnsbl_list" {NAME}*
 DNSWL      = "dnswl" NAME DNSPREFIX LEVEL
 DNSWLLIST  = "dnswl_list" {NAME}*
 LEVEL      = INTEGER
+REQUIRERDNS = "require_rdns" ("yes" | "no")
 CONTENT    = "content" ("on" | "off") "{" {CONTENT-ST}+ "}"
 CONTENT-ST = (FILTER | URIBL | IGNORE | TLD     | CCTLD   | HTML-TAGS |
 HTML-LIMIT | HOST-LIMIT | SPAMASS | REQUIRE | DCCGREY   |
 DCCBULK) ";"
 dnsbl   sbl     zen.spamhaus.org            "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
 dnsbl   xbl     xbl.spamhaus.org            "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
 dnswl   dnswl.org  list.dnswl.org   2;
 dnsbl_list  local sbl;
 dnswl_list  dnswl.org;
+require_rdns    yes;
 content on {
 filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
 uribl     multi.surbl.org             "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s";
 #uribl    multi.uribl.com             "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s";

Mercurial > dnsbl

comparison xml/dnsbl.in @ 268:f941563c2a95 stable-6-0-34