Mercurial > dnsbl

diff xml/dnsbl.in @ 268:f941563c2a95 stable-6-0-34

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add require_rdns checking
author Carl Byington <carl@five-ten-sg.com>
date Wed, 22 May 2013 11:29:44 -0700
parents e118fd2c6af0
children f92f24950bd3
line wrap: on
line diff
--- a/xml/dnsbl.in	Sat Jul 21 13:13:07 2012 -0700
+++ b/xml/dnsbl.in	Wed May 22 11:29:44 2013 -0700
@@ -335,8 +335,8 @@
             </para>
             <para>
                 If the client has authenticated with sendmail, the rate limits are
-                checked.  If the authenticated user has not exceeded the hourly rate
-                limit, then the mail is accepted, the filtering contexts are not used,
+                checked.  If the authenticated user has not exceeded the hourly or daily rate
+                limits, then the mail is accepted, the filtering contexts are not used,
                 the dns lists are not checked, and the body content is not scanned.  If
                 the client has not authenticated with sendmail, we follow these steps
                 for each recipient.
@@ -405,6 +405,11 @@
                 </para></listitem>
                 <listitem><para>
                     If the mail has not been accepted or rejected yet, and the filtering
+                    context (or any ancestor context) requires matching reverse dns client
+                    name, the mail is rejected if the client name is empty or forged.
+                </para></listitem>
+                <listitem><para>
+                    If the mail has not been accepted or rejected yet, and the filtering
                     context (or any ancestor context) specifies a non-empty generic regular
                     expression, then we check the fully qualified client name (obtained via
                     the sendmail macro "_").  The mail is rejected if the client name
@@ -597,10 +602,6 @@
                 Add the ability to use the DBL for content filtering. We need to avoid
                 checking bare ip addresses against that list.
             </para>
-            <para>
-                Add daily recipient limits based on some fixed multiple (perhaps 3?)
-                of the hourly limit.
-            </para>
         </refsect1>
 
         <refsect1 id='copyright.1'>
@@ -672,7 +673,7 @@
 CONTEXT    = "context" NAME "{" {STATEMENT}+ "}"
 STATEMENT  = (DNSBL    | DNSBLLIST | DNSWL   | DNSWLLIST | CONTENT | ENV-TO
              | VERIFY  | GENERIC   | W_REGEX | AUTOWHITE | CONTEXT | ENV-FROM
-             | RATE-LIMIT) ";"
+             | RATE-LIMIT | REQUIRERDNS) ";"
 
 DNSBL      = "dnsbl" NAME DNSPREFIX ERROR-MSG1
 DNSBLLIST  = "dnsbl_list" {NAME}*
@@ -681,6 +682,8 @@
 DNSWLLIST  = "dnswl_list" {NAME}*
 LEVEL      = INTEGER
 
+REQUIRERDNS = "require_rdns" ("yes" | "no")
+
 CONTENT    = "content" ("on" | "off") "{" {CONTENT-ST}+ "}"
 CONTENT-ST = (FILTER | URIBL | IGNORE | TLD     | CCTLD   | HTML-TAGS |
               HTML-LIMIT | HOST-LIMIT | SPAMASS | REQUIRE | DCCGREY   |
@@ -787,6 +790,7 @@
     dnswl   dnswl.org  list.dnswl.org   2;
     dnsbl_list  local sbl;
     dnswl_list  dnswl.org;
+    require_rdns    yes;
 
     content on {
         filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";