Mercurial > dnsbl

diff xml/dnsbl.in @ 127:2b1a4701e856

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sendmail no longer guarantees <> wrapper on envelopes
author carl
date Sat, 08 Apr 2006 10:06:09 -0700
parents ea6f9c812faa
children f4746d8a12a3
line wrap: on
line diff
--- a/xml/dnsbl.in	Sat Mar 25 09:47:08 2006 -0800
+++ b/xml/dnsbl.in	Sat Apr 08 10:06:09 2006 -0700
@@ -159,7 +159,7 @@
                 reject mail sent to invalid addresses.  Otherwise, the backup mail
                 servers will accept that mail, and then generate a bounce message when
                 the message is forwarded to the primary server (and rejected there with
-                no such user).
+                no such user). These rejections are the primary cause of such backscatter.
             </para>
             <para>
                 This milter will also decode (uuencode, base64, mime, html entity, url
@@ -449,6 +449,11 @@
                 The following ideas are under consideration.
             </para>
             <para>
+                Add mail volume limits based on smtp auth accounts, to prevent
+                customers from sending too much mail. This should catch customers
+                that get infected with malware that knows about smtp auth.
+            </para>
+            <para>
                 Add a per-context option to reject mail if the number of digits in
                 the reverse dns client name exceeds some threshold.
             </para>
@@ -563,6 +568,35 @@
         <refsect1 id='sample.5'>
             <title>Sample</title>
             <literallayout class="monospaced"><![CDATA[
+context main-default {
+    // outbound dnsbl filtering to catch our own customers that end up on the sbl
+    dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
+    dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
+    dnsbl   dul     dul.dnsbl.sorbs.net         "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
+    dnsbl_list  local sbl dul;
+
+    // outbound content filtering to prevent our own customers from sending spam
+    content on {
+        filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
+        uribl     multi.surbl.org             "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s";
+        #uribl    black.uribl.com             "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s";
+        ignore    { include "hosts-ignore.conf"; };
+        tld       { include "tld.conf"; };
+        cctld     { include "cctld.conf"; };
+        html_tags { include "html-tags.conf"; };
+        html_limit on 20 "Mail containing excessive bad html tags rejected";
+        html_limit off;
+        host_limit on 20 "Mail containing excessive host names rejected";
+        host_limit soft 20;
+    };
+
+    // backscatter prevention - don't send bounces for mail that we accepted but could not forward
+    // we only send bounces to our own customers
+    env_from unknown {
+        "<>"    black;
+    };
+};
+
 context sample {
     dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
     dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";