Mercurial > dnsbl

diff xml/dnsbl.in @ 451:f2bc221240e8 stable-6-0-70

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add unsigned_black for enforcement of dmarc policy
author Carl Byington <carl@five-ten-sg.com>
date Mon, 04 Jun 2018 16:25:06 -0700
parents 7b072e16bd69
children 6c1c2bd9fb54
line wrap: on
line diff
--- a/xml/dnsbl.in	Tue Apr 10 13:00:55 2018 -0700
+++ b/xml/dnsbl.in	Mon Jun 04 16:25:06 2018 -0700
@@ -25,7 +25,7 @@
 
     <refentry id="@PACKAGE@.1">
         <refentryinfo>
-            <date>2017-11-03</date>
+            <date>2018-06-04</date>
             <author>
                 <firstname>Carl</firstname>
                 <surname>Byington</surname>
@@ -393,7 +393,7 @@
                     If the answer is white, the mail is not from localhost,
                     and the envelope from domain name is
                     listed in the current (or parents) filtering contexts dkim_from with
-                    "required_signed", we downgrade this white answer to unknown.
+                    "required_signed" or "unsigned_black", we downgrade this white answer to unknown.
                     If the answer is still white, mail to this recipient is accepted and the dns
                     lists are not checked.
                 </para></listitem>
@@ -474,14 +474,14 @@
             </para>
             <para>
                 If the header from domain maps to required_signed then:
-                If any of the message signers are in that list, the message is accepted.
-                If the source ip address passes a strong spf check for the header from
+                If any of the message signers are in that list, or if
+                the source ip address passes a strong spf check for the header from
                 domain, the message is accepted. Otherwise, the message is rejected.
             </para>
             <para>
                 If the header from domain maps to signed_white then:
-                If any of the message signers are in that list, the message is accepted.
-                If the source ip address passes a strong spf check for the header from
+                If any of the message signers are in that list, or if
+                the source ip address passes a strong spf check for the header from
                 domain, the message is accepted. Otherwise, processing continues.
             </para>
             <para>
@@ -490,6 +490,12 @@
                 Otherwise, processing continues.
             </para>
             <para>
+                If the header from domain maps to unsigned_black then:
+                If any of the message signers are in that list, or if
+                the source ip address passes a strong spf check for the header from
+                domain, processing continues. Otherwise, the message is rejected.
+            </para>
+            <para>
                 If any of the message signers are blacklisted, the message is rejected.
             </para>
             <para>
@@ -779,7 +785,7 @@
 
     <refentry id="@PACKAGE@.conf.5">
         <refentryinfo>
-            <date>2017-11-03</date>
+            <date>2018-06-04</date>
             <author>
                 <firstname>Carl</firstname>
                 <surname>Byington</surname>
@@ -859,7 +865,7 @@
 
 DKIMSIGNER = "dkim_signer" "{" {SIGNING_DOMAIN DEF [";"]}+ "}"
 DKIMFROM   = "dkim_from"   "{" {HEADER_FROM_DOMAIN DKIMVALUE SIGNERS [";"]}+ "}"
-DKIMVALUE  = "signed_white" | "signed_black" | "require_signed"
+DKIMVALUE  = "signed_white" | "signed_black" | "require_signed" | "unsigned_black"
 SIGNERS    = quoted comma separated SIGNING_DOMAINs no whitespace
 
 ENV-TO     = "env_to"     "{" {(TO-ADDR | DCC-TO)}+ "}"