diff xml/sample.conf @ 75:1142e46be550

start coding on new config syntax
author carl
date Wed, 13 Jul 2005 23:04:14 -0700
parents 419e00901570
children 81f1e400e8ab
line wrap: on
line diff
--- a/xml/sample.conf	Sun Jul 10 14:19:00 2005 -0700
+++ b/xml/sample.conf	Wed Jul 13 23:04:14 2005 -0700
@@ -1,192 +1,153 @@
 # $Id$
 #
-# lines start with a command token, following by argument tokens
-# tokens are separated by spaces or tabs
-#
-#
-# tld:
-#   second token is the tld suffix - com, net, org, etc
-#
-#
-# content:
-#   second token is the dns suffix used for the actual lookups
-#   third  token? is a string enclosed in single quotes, so it
-#       is not really a token. This is the error message, with
-#       up to two %s parameters for the offending host name and
-#       client ip address respectively.
-#
-#   If this command is not present, there is no body scanning
-#   for host names or bad html tags.
-#
-#
-# ignore:
-#   second token is a host name that is allowed in the body even
-#   if it would otherwise be rejected by the content scanning
-#   above.
-#
-#
-# host_limit:
-#   second token is the integer count of the number of host names
-#       or urls that are allowed in any one mail body. Zero is
-#       unlimited. If the actual number of host names in the message
-#       is larger than this limit, the message is rejected.
-#   third  token? is a string enclosed in single quotes, so it
-#       is not really a token. This is the error message supplied
-#       to the smtp client.
-#
-#
-# host_soft_limit:
-#   second token is the integer count of the number of host names
-#       or urls that are checked in any one mail body. Zero is
-#       unlimited. If the actual number of host names in the message
-#       is larger than this limit, only a random selection of them
-#       are checked against the dnsbl.
-#
-#
-# html_limit:
-#   second token is the integer count of the number of bad html tags
-#       that are allowed in any one mail body. Zero is unlimited.
-#   third  token? is a string enclosed in single quotes, so it
-#       is not really a token. This is the error message supplied
-#       to the smtp client.
-#
-#
-# html_tag:
-#   second token is a valid html tag, that is added to the list
-#       of valid tags. Any html tag seen in the mail bodies that
-#       that is not in this list is presumed to be invalid.
-#
-#
-# dnsbl:
-#   second token is the name of this dnsbl
-#   third  token is the dns suffix used for the actual lookups
-#   fourth token? is a string enclosed in single quotes, so it
-#       is not really a token. This is the error message, with
-#       up to two %s parameters for the client ip address.
-#
+
+# partial bnf description of this configuration language
 #
-# dnsbl_list:
-#   second token is the name of this list of dnsbls
-#   subsequent tokes are the names of the previously defined dnsbls
-#
-#
-# env_from:
-#   second token is the name of this envelope-from-map. There will
-#       generally be multiple lines with the same name.
-#   third token is the envelope from value from the smtp conversation,
-#       or just the domain part that follows the @ symbol.
-#   fourth token is BLACK, WHITE, or the name of a previously defined
-#       envelope-from-map. BLACK causes mail from this sender to be
-#       rejected with "no such user". WHITE causes mail to be accepted
-#       and the dns based lists are ignored. DEFAULT may be used to override
-#       the contents of other maps that are copied into this map, and
-#       set that sender back to the default (not white or black listed,
-#       and subject to dnsbl lookups).
-#
-#
-# env_to:
-#   second token is the envelope recipient value from the smtp conversation,
-#       or just the domain part that follows the @ symbol.
-#   third token is the name of a dnsbl-list, or WHITE or BLACK.
-#   fourth token is the name of an envelope-from-map, or WHITE or BLACK.
-#
-#   If either one is BLACK, mail to this recipient is rejected with
-#   "no such user", and the dns lists are not checked.
-#
-#   If the envelope-from-map name is WHITE, mail to this recipient is accepted
-#   and the dns lists are not checked.
-#
-#   If the envelope-from-map exists, the map is checked for the presence
-#   of the sender. A WHITE or BLACK answer is definitive and the dns lists
-#   are not checked.
-#
-#   If the dnsbl-list name is WHITE, the dns lists are not checked and the
-#   mail is accepted. Otherwise, the dns lists are checked and the mail
-#   is rejected if any list has an A record for the standard dns based
-#   lookup scheme (reversed octets of the client followed by the dns suffix).
-#
-#
-# include:
-#   second token is the path name of the dnsbl milter config file to be
-#   included.
-#
-#
-# include_dcc:
-#   second token is the name of an envelope-from-map (EMAP below).
-#   third token is the path name of the dcc whiteclnt config file to be
-#       included. Entries from the dcc config are mapped as:
-#           ok -> WHITE
-#           many -> BLACK
-#           env_from -> env_from EMAP xxx
-#           env_to   -> env_to
-#           substitute mail_host -> env_from EMAP xxx
-#
-#
-#
-##############################################
-# content scanning parameters
-#
-content         sbl-xbl.spamhaus.org        'Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s'
-host_limit      20                          'Mail containing too many host names rejected'
-host_soft_limit 20
-html_limit      20                          'Mail containing excessive bad html tags rejected'
-include hosts-ignore.conf
-include html-tags.conf
-include tld.conf
+# CONFIG            = {CONTEXT ";"}+
+# CONTEXT           = "context" NAME "{" {STATEMENT}+ "}"
+# STATEMENT         = (DNSBL | DNSBLLIST | CONTENT | ENV-TO | CONTEXT | ENV-FROM) ";"
+
+# DNSBL             = "dnsbl" NAME DNSPREFIX ERROR-MSG
+
+# DNSBLLIST         = "dnsbl_list" {NAME}+
+
+# CONTENT           = "content" ("on" | "off") "{" {CONTENT-STATEMENT}+ "}"
+# CONTENT-STATEMENT = (FILTER | IGNORE | TLD | HTML-TAGS | HTML-LIMIT | HOST-LIMIT) ";"
+# FILTER            = "filter" DNSPREFIX ERROR-MSG
+# IGNORE            = "ignore"     "{" {HOSTNAME [";"]}+ "}"
+# TLD               = "tld"        "{" {TLD      [";"]}+ "}"
+# HTML-TAGS         = "html_tags"  "{" {HTMLTAG  [";"]}+ "}"
+# ERROR-MSG         = string containing exactly two %s replacement tokens for the client ip address
+
+# HTML-LIMIT        = "html_limit" ("on" INTEGER ERROR-MSG | "off")
+
+# HOST-LIMIT        = "host_limit" ("on" INTEGER ERROR-MSG | "off" | "soft" INTEGER)
+
+# ENV-TO            = "env_to"     "{" {(TO-ADDR | DCC-TO)}+ "}"
+# TO-ADDR           = ADDRESS [";"]
+# DCC-TO            = "dcc_to" ("ok" | "many") "{" DCCINCLUDEFILE "}" ";"
+
+# ENV_FROM          = "env_from" DEFAULT "{" {(FROM-ADDR | DCC-FROM)}+ "}"
+# FROM-ADDR         = ADDRESS VALUE [";"]
+# DCC-FROM          = "dcc_from" "{" DCCINCLUDEFILE "}" ";"
+# DEFAULT           = ("white" | "black" | "unknown" | "inherit" | "")
+# ADDRESS           = (USER@ | DOMAIN | USER@DOMAIN)
+# VALUE             = ("white" | "black" | "unknown" | CHILD-CONTEXT-NAME
 
 
-##############################################
-# define the dnsbls to use
-#
-dnsbl   LOCAL   blackholes.five-ten-sg.com  'Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s'
-dnsbl   SPEWS   blackholes.spews.org        'Mail from %s rejected - spews; see http://www.spews.org/ask.cgi?x=%s'
-dnsbl   SBL     sbl-xbl.spamhaus.org        'Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s'
+context sample {
+    dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
+    dnsbl   spews   blackholes.spews.org        "Mail from %s rejected - spews; see http://www.spews.org/ask.cgi?x=%s";
+    dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
+    dnsbl   xbl     xbl.spamhaus.org            "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
+    dnsbl_list  local sbl;
 
+    content on {
+        filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
+        ignore    { include "hosts-ignore.conf"; };
+        tld       { include "tld.conf"; };
+        html_tags { include "html-tags.conf"; };
+        html_limit off;
+        host_limit on 20 "Mail containing excessive bad html tags rejected";
+        host_limit soft 20;
+    };
+
+    env_to {
+        mydomain.com;   # child contexts are not allowed to specify recipient addresses outside these domains
+        customer1.com;
+        customer1a.com;
+        customer1b.com;
+        customer2.com;
+        customer2a.com;
+        customer2b.com;
+    };
 
-##############################################
-# define the (default and other) lists of dnsbls to use
-#
-dnsbl_list  DEFAULT LOCAL SPEWS SBL
-dnsbl_list  SIMPLE  SBL
-dnsbl_list  CUST1   SBL
-dnsbl_list  CUST2   SPEWS SBL
+    context whitelist {
+        content off {};
+        env_to {
+            # dcc_to ok { include "/var/dcc/whitecommon"; };
+        };
+        env_from white {};      # white forces all unmatched from addresses (everyone in this case) to be whitelisted
+                                # so all mail TO these env_to addresses is accepted
+    };
 
+    context abuse {
+        dnsbl_list xbl;
+        content off {};
+        env_to {
+            abuse@;             # no content filtering on abuse reports
+            postmaster@;        # ""
+        };
+        env_from unknown {};    # ignore all parent white/black listing
+    };
 
-##############################################
-# define the (default and other) env_from maps
-#
-env_from    DEFAULT spammer@example.com     BLACK
-env_from    DEFAULT yahoo.com               BLACK
+    context minimal {
+        dnsbl_list sbl;
+        content on {};
+        env_to {
+            sales@mydomain.com;
+        };
+    };
 
-# special list for the vp
-env_from    TEST    dummy-token             DEFAULT # inherit the currently defined DEFAULT env_from mapping
-env_from    TEST    nai.com                 BLACK   # the vp does not like nai
-env_from    TEST    yahoo.com               DEFAULT #
-env_from    TEST    mother@spammyisp.com    WHITE   # suppresses dnsbl checking
-
+    context blacklist {
+        env_to {
+            dcc_to many { include "/var/dcc/whitecommon"; };
+            old-employee@mydomain.com;
+        };
+        env_from black {};      # black forces all unmatched from addresses (everyone in this case) to be blacklisted
+                                # so all mail TO these env_to addresses is rejected
+    };
 
-##############################################
-# specify dnsbl_lists and env_from maps to use for specific recipients
-#
-env_to      abuse@mydomain.com      WHITE   WHITE       # no dnsbl, no env_from map
-env_to      sales@mydomain.com      SIMPLE  NULL        # sbl only, no env_from map
-env_to      vp@mydomain.com         DEFAULT TEST        # allow mail from mom
-env_to      old-emp@mydomain.com    BLACK   BLACK       # return no such user even from backup mx machines
+    context vp {    # special context for the vp
+        env_to {
+            vp@mydomain.com;
+        };
+        env_from inherit {
+            nai.com                 black;      # the vp does not like nai
+            yahoo.com               unknown;    # override parent context blacklisting
+            mother@spammyisp.com    white;      # suppress dnsbl checking
+        };
+    };
+
+    context customer1 {
+        dnsbl_list sbl;
+        env_to {
+            customer1.com;
+            customer1a.com;
+            customer1b.com;
+        };
 
-##############################################
-# specify dnsbl_lists and env_from maps to use for clients domains
-#
-env_to      mydomain.com            DEFAULT DEFAULT
-env_to      customer1.com           CUST1   DEFAULT     # all customer 1 domains use just sbl
-env_to      customer1a.com          CUST1   DEFAULT
-env_to      customer1b.com          CUST1   DEFAULT
-env_to      customer2.com           CUST2   DEFAULT     # all customer 2 domains use spews and sbl
-env_to      customer2a.com          CUST2   DEFAULT
+        context customer1a {
+            env_to {
+                customer1a.com;
+            }
+            env_from black {                        # blacklist everything
+                first@acceptable.com    unknown;    # except these specific envelope senders
+                second@another.com      unknown;
+                yahoo.com               inherit;    # delegate to the parent
+            };
+        };
+
+        env_from {
+            yahoo.com           black;      # no mail from yahoo
+            first@yahoo.com     unknown;    # except this one
+        };
+    };
 
+    context customer2 {
+        dnsbl_list sbl spews;
+        env_to {
+            customer2.com;
+            customer2a.com;
+            customer2b.com;
+        };
+    };
 
-##############################################
-# you can also include nested config files
-# file names are single tokens, no embedded blanks
-#
-include dnsbl.conf      # this will generate a recursive include file syslog error message
-include_dcc  DEFAULT /var/dcc/whitecommon   # this includes the default dcc whitelist file
+    env_from unknown {
+        dcc_from { include "/var/dcc/whitecommon"; };   # use the dcc whitecommon list ok/many values to white/black list envelope from values here
+        abuse@              abuse;      # replies to abuse reports use the abuse context
+        yahoo.com           black;      # don't take mail from yahoo
+        spammer@example.com black;
+    };
+};
+