Mercurial > dnsbl
diff xml/dnsbl.in @ 171:8deb51871b3d
fix pre/post scripts in rpm spec file
author | carl |
---|---|
date | Thu, 30 Aug 2007 14:40:03 -0700 |
parents | bd33eaccfed8 |
children | d3189495ec68 |
line wrap: on
line diff
--- a/xml/dnsbl.in Thu Aug 30 14:07:09 2007 -0700 +++ b/xml/dnsbl.in Thu Aug 30 14:40:03 2007 -0700 @@ -631,8 +631,7 @@ dnsbl localp partial.blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; - dnsbl dul dul.dnsbl.sorbs.net "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s"; - dnsbl_list local sbl dul; + dnsbl_list local sbl; // outbound content filtering to prevent our own customers from sending spam content on { @@ -647,6 +646,7 @@ html_limit off; host_limit on 20 "Mail containing excessive host names rejected"; host_limit soft 20; + spamassassin 4; }; // backscatter prevention - don't send bounces for mail that we accepted but could not forward @@ -657,17 +657,17 @@ // hourly recipient rate limit by smtp auth client id rate_limit 30 { // default - fred 100; // override default limits - joe 10; // "" + #fred 100; // override default limits + #joe 10; // "" }; }; -context sample { +context main { + dnsbl localp partial.blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s"; - dnsbl dul dul.dnsbl.sorbs.net "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s"; - dnsbl_list local sbl dul; + dnsbl_list local sbl; content on { filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; @@ -677,119 +677,63 @@ tld { include "tld.conf"; }; cctld { include "cctld.conf"; }; html_tags { include "html-tags.conf"; }; - html_limit on 20 "Mail containing excessive bad html tags rejected"; html_limit off; - host_limit on 20 "Mail containing excessive host names rejected"; host_limit soft 20; + spamassassin 5; }; + generic "(^|[.-])(host)?([0-9]{1,3}[.-](Red-|dynamic[.-])?){4}" + "your mail server %s seems to have a generic name"; + env_to { + # !! replace this with your domain names # child contexts are not allowed to specify recipient addresses outside these domains - # leave this outer global context env_to empty to allow arbitrary recipients in child contexts - mydomain.com; - customer1.com; - customer1a.com; - customer1b.com; - customer2.com; - customer2a.com; - customer2b.com; + # or leave this empty to allow unrestricted child contexts + # example.com; }; context whitelist { content off {}; env_to { - # dcc_to ok { include "/var/dcc/whitecommon"; }; # copy the dcc OK values (env_to) into this context + # dcc_to ok { include "/var/dcc/whitecommon"; }; }; env_from white {}; # white forces all unmatched from addresses (everyone in this case) to be whitelisted # so all mail TO these env_to addresses is accepted }; + context abuse { + dnsbl_list xbl; + content off {}; + env_to { + abuse@ # no content filtering on abuse reports + postmaster@ # "" + }; + env_from unknown {}; # ignore all parent white/black listing + }; + context minimal { - dnsbl_list sbl dul; + dnsbl_list sbl; content on {}; + generic "^$ " " "; # regex cannot match, to disable generic rdns rejects env_to { - sales@mydomain.com; }; }; context blacklist { env_to { - dcc_to many { include "/var/dcc/whitecommon"; }; # copy the dcc MANY values (env_to) into this context - old-employee@mydomain.com; + # dcc_to many { include "/var/dcc/whitecommon"; }; }; env_from black {}; # black forces all unmatched from addresses (everyone in this case) to be blacklisted # so all mail TO these env_to addresses is rejected }; - context vp { # special context for the vp - env_to { - vp@mydomain.com; - }; - env_from inherit { - nai.com black; # the vp does not like nai - yahoo.com unknown; # override parent context blacklisting - mother@spammyisp.com white; # suppress dnsbl checking - }; - }; - - context customer1 { - dnsbl_list sbl dul; - env_to { - customer1.com; - customer1a.com; - customer1b.com; + env_from unknown { + abuse@ abuse; # replies to abuse reports use the abuse context + # dcc_from { include "/var/dcc/whitecommon"; }; }; - # we can reject unknown users - verify mail.customer1.com; - - # whitelist anyone to whom we have sent mail in the last 90 days - autowhite 90 "autowhite/customer1"; - - context customer1a { - env_to { - customer1a.com; - }; - env_from black { # blacklist everything - first@acceptable.com unknown; # except these specific envelope senders - second@another.com unknown; - yahoo.com inherit; # delegate to the parent - }; - }; - - env_from { # default value of the default is inherit - yahoo.com black; # no mail from yahoo - first@yahoo.com unknown; # except this one - }; - }; - - context customer2 { - dnsbl_list sbl; - env_to { - customer2.com; - customer2a.com; - customer2b.com; - }; - }; - - # this is at the end, so that these abuse@ and postmaster@ entries will - # override any conflicting entries inside the customer contexts. - context abuse { - dnsbl_list xbl; - content off {}; - env_to { - abuse@; # no content filtering on abuse reports - postmaster@; # "" - }; - env_from unknown {}; # ignore all parent white/black listing - }; - - env_from unknown { - dcc_from { include "/var/dcc/whitecommon"; }; # copy the dcc OK/MANY values (env_from, substitute mail_host) into this context - abuse@ abuse; # replies to abuse reports use the abuse context - yahoo.com black; # don't take mail from yahoo - spammer@example.com black; - }; + autowhite 90 "autowhite/my-auto-whitelist"; + # install should create /etc/dnsbl/autowhite writable by userid dnsbl };]]></literallayout> </refsect1>