Mercurial > dnsbl
view xml/sample.conf @ 73:2b369f7db7bf
start coding on new config syntax
author | carl |
---|---|
date | Sun, 10 Jul 2005 13:28:33 -0700 |
parents | 419e00901570 |
children | 1142e46be550 |
line wrap: on
line source
# $Id$ # # lines start with a command token, following by argument tokens # tokens are separated by spaces or tabs # # # tld: # second token is the tld suffix - com, net, org, etc # # # content: # second token is the dns suffix used for the actual lookups # third token? is a string enclosed in single quotes, so it # is not really a token. This is the error message, with # up to two %s parameters for the offending host name and # client ip address respectively. # # If this command is not present, there is no body scanning # for host names or bad html tags. # # # ignore: # second token is a host name that is allowed in the body even # if it would otherwise be rejected by the content scanning # above. # # # host_limit: # second token is the integer count of the number of host names # or urls that are allowed in any one mail body. Zero is # unlimited. If the actual number of host names in the message # is larger than this limit, the message is rejected. # third token? is a string enclosed in single quotes, so it # is not really a token. This is the error message supplied # to the smtp client. # # # host_soft_limit: # second token is the integer count of the number of host names # or urls that are checked in any one mail body. Zero is # unlimited. If the actual number of host names in the message # is larger than this limit, only a random selection of them # are checked against the dnsbl. # # # html_limit: # second token is the integer count of the number of bad html tags # that are allowed in any one mail body. Zero is unlimited. # third token? is a string enclosed in single quotes, so it # is not really a token. This is the error message supplied # to the smtp client. # # # html_tag: # second token is a valid html tag, that is added to the list # of valid tags. Any html tag seen in the mail bodies that # that is not in this list is presumed to be invalid. # # # dnsbl: # second token is the name of this dnsbl # third token is the dns suffix used for the actual lookups # fourth token? is a string enclosed in single quotes, so it # is not really a token. This is the error message, with # up to two %s parameters for the client ip address. # # # dnsbl_list: # second token is the name of this list of dnsbls # subsequent tokes are the names of the previously defined dnsbls # # # env_from: # second token is the name of this envelope-from-map. There will # generally be multiple lines with the same name. # third token is the envelope from value from the smtp conversation, # or just the domain part that follows the @ symbol. # fourth token is BLACK, WHITE, or the name of a previously defined # envelope-from-map. BLACK causes mail from this sender to be # rejected with "no such user". WHITE causes mail to be accepted # and the dns based lists are ignored. DEFAULT may be used to override # the contents of other maps that are copied into this map, and # set that sender back to the default (not white or black listed, # and subject to dnsbl lookups). # # # env_to: # second token is the envelope recipient value from the smtp conversation, # or just the domain part that follows the @ symbol. # third token is the name of a dnsbl-list, or WHITE or BLACK. # fourth token is the name of an envelope-from-map, or WHITE or BLACK. # # If either one is BLACK, mail to this recipient is rejected with # "no such user", and the dns lists are not checked. # # If the envelope-from-map name is WHITE, mail to this recipient is accepted # and the dns lists are not checked. # # If the envelope-from-map exists, the map is checked for the presence # of the sender. A WHITE or BLACK answer is definitive and the dns lists # are not checked. # # If the dnsbl-list name is WHITE, the dns lists are not checked and the # mail is accepted. Otherwise, the dns lists are checked and the mail # is rejected if any list has an A record for the standard dns based # lookup scheme (reversed octets of the client followed by the dns suffix). # # # include: # second token is the path name of the dnsbl milter config file to be # included. # # # include_dcc: # second token is the name of an envelope-from-map (EMAP below). # third token is the path name of the dcc whiteclnt config file to be # included. Entries from the dcc config are mapped as: # ok -> WHITE # many -> BLACK # env_from -> env_from EMAP xxx # env_to -> env_to # substitute mail_host -> env_from EMAP xxx # # # ############################################## # content scanning parameters # content sbl-xbl.spamhaus.org 'Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s' host_limit 20 'Mail containing too many host names rejected' host_soft_limit 20 html_limit 20 'Mail containing excessive bad html tags rejected' include hosts-ignore.conf include html-tags.conf include tld.conf ############################################## # define the dnsbls to use # dnsbl LOCAL blackholes.five-ten-sg.com 'Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s' dnsbl SPEWS blackholes.spews.org 'Mail from %s rejected - spews; see http://www.spews.org/ask.cgi?x=%s' dnsbl SBL sbl-xbl.spamhaus.org 'Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s' ############################################## # define the (default and other) lists of dnsbls to use # dnsbl_list DEFAULT LOCAL SPEWS SBL dnsbl_list SIMPLE SBL dnsbl_list CUST1 SBL dnsbl_list CUST2 SPEWS SBL ############################################## # define the (default and other) env_from maps # env_from DEFAULT spammer@example.com BLACK env_from DEFAULT yahoo.com BLACK # special list for the vp env_from TEST dummy-token DEFAULT # inherit the currently defined DEFAULT env_from mapping env_from TEST nai.com BLACK # the vp does not like nai env_from TEST yahoo.com DEFAULT # env_from TEST mother@spammyisp.com WHITE # suppresses dnsbl checking ############################################## # specify dnsbl_lists and env_from maps to use for specific recipients # env_to abuse@mydomain.com WHITE WHITE # no dnsbl, no env_from map env_to sales@mydomain.com SIMPLE NULL # sbl only, no env_from map env_to vp@mydomain.com DEFAULT TEST # allow mail from mom env_to old-emp@mydomain.com BLACK BLACK # return no such user even from backup mx machines ############################################## # specify dnsbl_lists and env_from maps to use for clients domains # env_to mydomain.com DEFAULT DEFAULT env_to customer1.com CUST1 DEFAULT # all customer 1 domains use just sbl env_to customer1a.com CUST1 DEFAULT env_to customer1b.com CUST1 DEFAULT env_to customer2.com CUST2 DEFAULT # all customer 2 domains use spews and sbl env_to customer2a.com CUST2 DEFAULT ############################################## # you can also include nested config files # file names are single tokens, no embedded blanks # include dnsbl.conf # this will generate a recursive include file syslog error message include_dcc DEFAULT /var/dcc/whitecommon # this includes the default dcc whitelist file