view dnsbl.conf @ 133:b8ce1b31237d stable-5-19

uribl lookups fully qualified; allow two component host names
author carl
date Tue, 01 Aug 2006 15:28:13 -0700
parents 2b1a4701e856
children f4746d8a12a3
line wrap: on
line source

context main-default {
    // outbound dnsbl filtering to catch our own customers that end up on the sbl
    dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
    dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
    dnsbl   dul     dul.dnsbl.sorbs.net         "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
    dnsbl_list  local sbl dul;

    // outbound content filtering to prevent our own customers from sending spam
    content on {
        filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
        uribl     multi.surbl.org             "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s";
        #uribl    black.uribl.com             "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s";
        ignore    { include "hosts-ignore.conf"; };
        tld       { include "tld.conf"; };
        cctld     { include "cctld.conf"; };
        html_tags { include "html-tags.conf"; };
        html_limit on 20 "Mail containing excessive bad html tags rejected";
        html_limit off;
        host_limit on 20 "Mail containing excessive host names rejected";
        host_limit soft 20;
    };

    // backscatter prevention - don't send bounces for mail that we accepted but could not forward
    // we only send bounces to our own customers
    env_from unknown {
        "<>"    black;
    };
};

context main {
    dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
    dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
    dnsbl   xbl     xbl.spamhaus.org            "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
    dnsbl   dul     dul.dnsbl.sorbs.net         "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
    dnsbl_list  local sbl dul;

    content on {
        filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
        uribl     multi.surbl.org             "Mail containing %s rejected - surbl; see http://www.rulesemporium.com/cgi-bin/uribl.cgi?bl0=1&domain0=%s";
        #uribl    black.uribl.com             "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s";
        ignore    { include "hosts-ignore.conf"; };
        tld       { include "tld.conf"; };
        cctld     { include "cctld.conf"; };
        html_tags { include "html-tags.conf"; };
        html_limit off;
        host_limit soft 20;
    };

    env_to {
        # !! replace this with your domain names
        # child contexts are not allowed to specify recipient addresses outside these domains
        # or leave this empty to allow unrestricted child contexts
        # example.com;
    };

    context whitelist {
        content off {};
        env_to {
            # dcc_to ok { include "/var/dcc/whitecommon"; };
        };
        env_from white {};      # white forces all unmatched from addresses (everyone in this case) to be whitelisted
                                # so all mail TO these env_to addresses is accepted
    };

    context abuse {
        dnsbl_list xbl;
        content off {};
        env_to {
            abuse@              # no content filtering on abuse reports
            postmaster@         # ""
        };
        env_from unknown {};    # ignore all parent white/black listing
    };

    context minimal {
        dnsbl_list sbl dul;
        content on {};
        env_to {
        };
    };

    context blacklist {
        env_to {
            # dcc_to many { include "/var/dcc/whitecommon"; };
        };
        env_from black {};      # black forces all unmatched from addresses (everyone in this case) to be blacklisted
                                # so all mail TO these env_to addresses is rejected
    };

    env_from unknown {
        abuse@  abuse;  # replies to abuse reports use the abuse context
        # dcc_from { include "/var/dcc/whitecommon"; };
    };
};