Mercurial > dnsbl
diff xml/dnsbl.in @ 249:15bf4f68a0b2
Add dnswl support
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Sun, 08 Apr 2012 11:42:59 -0700 |
| parents | 8b0f16abee53 |
| children | 2d6ecd03bbbe |
line wrap: on
line diff
--- a/xml/dnsbl.in Fri Jan 06 22:07:45 2012 -0800 +++ b/xml/dnsbl.in Sun Apr 08 11:42:59 2012 -0700 @@ -298,6 +298,17 @@ DNSBL-LIST - a named list of DNSBLs that will be used for specific recipients or recipient domains. </para> + <para> + DNSWL - a named DNS based white list is defined by a dns suffix (e.g. + list.dnswl.org) and an integer level. If the level is greater than or + equal to x in the 127.0.z.x return code from the white list, then the + ip address is considered to match, and the message will be whitelisted. + The names of these DNSWLs will be used to define the DNSWL-LISTs. + </para> + <para> + DNSWL-LIST - a named list of DNSWLs that will be used for specific + recipients or recipient domains. + </para> </refsect1> <refsect1 id='filtering.1'> @@ -371,7 +382,14 @@ expression. </para></listitem> <listitem><para> - If the mail has not been accepted or rejected yet, the dns lists + If the mail has not been accepted or rejected yet, the dns white lists + specified in the filtering context are checked and the mail is accepted + if any list has an A record for the standard dns based lookup scheme + (reversed octets of the client followed by the dns suffix) with a final + octet greater than or equal to the level specified for that dnswl. + </para></listitem> + <listitem><para> + If the mail has not been accepted or rejected yet, the dns black lists specified in the filtering context are checked and the mail is rejected if any list has an A record for the standard dns based lookup scheme (reversed octets of the client followed by the dns suffix). @@ -424,7 +442,9 @@ <para> If the content uribl DNSBL is defined, and any of those host names are on that DNSBL, and the host name is not on the <configurable> - ignore list, the mail is rejected. + ignore list, the mail is rejected. Note that the Spamhaus DBL is not (yet) + suitable here, since we currently pass ip addresses to the uribl checker, + and the DBL lists all such bare ip addresses. </para> <para> If any non-whitelisted recipient has a filtering context with a non-zero @@ -564,6 +584,14 @@ http:// protocol header. Such references are still clickable in common mail software. </para> + <para> + Add the ability to use the DBL for content filtering. We need to avoid + checking bare ip addresses against that list. + </para> + <para> + Add daily recipient limits based on some fixed multiple (perhaps 3?) + of the hourly limit. + </para> </refsect1> <refsect1 id='copyright.1'> @@ -628,12 +656,15 @@ <literallayout class="monospaced"><![CDATA[ CONFIG = {CONTEXT ";"}+ CONTEXT = "context" NAME "{" {STATEMENT}+ "}" -STATEMENT = (DNSBL | DNSBLLIST | CONTENT | ENV-TO | VERIFY | GENERIC - | W_REGEX | AUTOWHITE | CONTEXT | ENV-FROM | RATE-LIMIT) ";" +STATEMENT = (DNSBL | DNSBLLIST | DNSWL | DNSWLLIST | CONTENT | ENV-TO + | VERIFY | GENERIC | W_REGEX | AUTOWHITE | CONTEXT | ENV-FROM + | RATE-LIMIT) ";" DNSBL = "dnsbl" NAME DNSPREFIX ERROR-MSG1 +DNSBLLIST = "dnsbl_list" {NAME}+ -DNSBLLIST = "dnsbl_list" {NAME}+ +DNSWL = "dnswl" NAME DNSPREFIX INTEGER +DNSWLLIST = "dnswl_list" {NAME}+ CONTENT = "content" ("on" | "off") "{" {CONTENT-ST}+ "}" CONTENT-ST = (FILTER | URIBL | IGNORE | TLD | CCTLD | HTML-TAGS | @@ -730,7 +761,9 @@ dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; dnsbl sbl zen.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s"; + dnswl dnswl.org list.dnswl.org 2; dnsbl_list local sbl; + dnswl_list dnswl.org; content on { filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";