Mercurial > dnsbl

diff xml/dnsbl.in @ 270:f92f24950bd3 stable-6-0-35

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
author Carl Byington <carl@five-ten-sg.com>
date Mon, 09 Sep 2013 15:15:53 -0700
parents f941563c2a95
children 19ff60eaab74
line wrap: on
line diff
--- a/xml/dnsbl.in	Wed May 22 11:34:37 2013 -0700
+++ b/xml/dnsbl.in	Mon Sep 09 15:15:53 2013 -0700
@@ -19,7 +19,7 @@
 
     <refentry id="@PACKAGE@.1">
         <refentryinfo>
-            <date>2012-07-21</date>
+            <date>2013-05-22</date>
             <author>
                 <firstname>Carl</firstname>
                 <surname>Byington</surname>
@@ -456,9 +456,8 @@
             <para>
                 If the content uribl DNSBL is defined, and any of those host names are
                 on that DNSBL, and the host name is not on the &lt;configurable&gt;
-                ignore list, the mail is rejected. Note that the Spamhaus DBL is not (yet)
-                suitable here, since we currently pass ip addresses to the uribl checker,
-                and the DBL lists all such bare ip addresses.
+                ignore list, the mail is rejected. There are three lists that are suitable
+                here, uribl, surbl, and dbl.
             </para>
             <para>
                 If any non-whitelisted recipient has a filtering context with a non-zero
@@ -594,14 +593,22 @@
                 The following ideas are under consideration.
             </para>
             <para>
+                Add white/unknown to config for smtp authenticated connections. Currently
+                any authenticated connection is fully whitelisted. This would allow normal
+                spam controls to be applied even to authenticated connections. Add
+                context/authenticated_dnsbl_list and context/content/authenticated.
+            </para>
+            <para>
+                Add an optional list of domains to be enforced on the env_from value for
+                authenticated connections. User abc could be restricted to envelope from
+                values of a.com and b.com, user def could be restricted to envelope from
+                values of dd.com and ee.com.
+            </para>
+            <para>
                 Look for href="hostname/path" strings that are missing the required
                 http:// protocol header. Such references are still clickable in common
                 mail software.
             </para>
-            <para>
-                Add the ability to use the DBL for content filtering. We need to avoid
-                checking bare ip addresses against that list.
-            </para>
         </refsect1>
 
         <refsect1 id='copyright.1'>
@@ -633,7 +640,7 @@
 
     <refentry id="@PACKAGE@.conf.5">
         <refentryinfo>
-            <date>2012-07-21</date>
+            <date>2013-05-22</date>
             <author>
                 <firstname>Carl</firstname>
                 <surname>Byington</surname>
@@ -685,14 +692,12 @@
 REQUIRERDNS = "require_rdns" ("yes" | "no")
 
 CONTENT    = "content" ("on" | "off") "{" {CONTENT-ST}+ "}"
-CONTENT-ST = (FILTER | URIBL | IGNORE | TLD     | CCTLD   | HTML-TAGS |
-              HTML-LIMIT | HOST-LIMIT | SPAMASS | REQUIRE | DCCGREY   |
-              DCCBULK) ";"
+CONTENT-ST = (FILTER | URIBL | IGNORE | TLD | HTML-TAGS | HTML-LIMIT |
+              HOST-LIMIT | SPAMASS | REQUIRE | DCCGREY | DCCBULK) ";"
 FILTER     = "filter" DNSPREFIX ERROR-MSG2
 URIBL      = "uribl"  DNSPREFIX ERROR-MSG3
 IGNORE     = "ignore"     "{" {HOSTNAME [";"]}+ "}"
 TLD        = "tld"        "{" {TLD      [";"]}+ "}"
-CCTLD      = "cctld"      "{" {TLD      [";"]}+ "}"
 HTML-TAGS  = "html_tags"  "{" {HTMLTAG  [";"]}+ "}"
 ERROR-MSG1 = string containing exactly two %s replacement tokens
              both are replaced with the client ip address
@@ -748,11 +753,11 @@
     // outbound content filtering to prevent our own customers from sending spam
     content on {
         filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
-        uribl     multi.surbl.org             "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s";
+        uribl     multi.surbl.org             "Mail containing %s rejected - surbl; see http://www.surbl.org/surbl-analysis?d=%s";
         #uribl    multi.uribl.com             "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s";
+        #uribl    dbl.spamhaus.org            "Mail containing %s rejected - dbl; see http://www.spamhaus.org/query/domain?domain=%s";
         ignore    { include "hosts-ignore.conf"; };
         tld       { include "tld.conf"; };
-        cctld     { include "cctld.conf"; };
         html_tags { include "html-tags.conf"; };
         html_limit on 20 "Mail containing excessive bad html tags rejected";
         html_limit off;
@@ -794,11 +799,11 @@
 
     content on {
         filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
-        uribl     multi.surbl.org             "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s";
+        uribl     multi.surbl.org             "Mail containing %s rejected - surbl; see http://www.surbl.org/surbl-analysis?d=%s";
         #uribl    multi.uribl.com             "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s";
+        #uribl    dbl.spamhaus.org            "Mail containing %s rejected - dbl; see http://www.spamhaus.org/query/domain?domain=%s";
         ignore    { include "hosts-ignore.conf"; };
         tld       { include "tld.conf"; };
-        cctld     { include "cctld.conf"; };
         html_tags { include "html-tags.conf"; };
         html_limit off;
         host_limit soft 20;