view xml/sample.conf @ 61:7f44a4974bf6 stable-4-2

Use resolver processes even if we don't have the interfaces, and need to use gethostbyname.
author carl
date Sat, 08 Jan 2005 12:26:30 -0800
parents 419e00901570
children 1142e46be550
line wrap: on
line source

# $Id$
#
# lines start with a command token, following by argument tokens
# tokens are separated by spaces or tabs
#
#
# tld:
#   second token is the tld suffix - com, net, org, etc
#
#
# content:
#   second token is the dns suffix used for the actual lookups
#   third  token? is a string enclosed in single quotes, so it
#       is not really a token. This is the error message, with
#       up to two %s parameters for the offending host name and
#       client ip address respectively.
#
#   If this command is not present, there is no body scanning
#   for host names or bad html tags.
#
#
# ignore:
#   second token is a host name that is allowed in the body even
#   if it would otherwise be rejected by the content scanning
#   above.
#
#
# host_limit:
#   second token is the integer count of the number of host names
#       or urls that are allowed in any one mail body. Zero is
#       unlimited. If the actual number of host names in the message
#       is larger than this limit, the message is rejected.
#   third  token? is a string enclosed in single quotes, so it
#       is not really a token. This is the error message supplied
#       to the smtp client.
#
#
# host_soft_limit:
#   second token is the integer count of the number of host names
#       or urls that are checked in any one mail body. Zero is
#       unlimited. If the actual number of host names in the message
#       is larger than this limit, only a random selection of them
#       are checked against the dnsbl.
#
#
# html_limit:
#   second token is the integer count of the number of bad html tags
#       that are allowed in any one mail body. Zero is unlimited.
#   third  token? is a string enclosed in single quotes, so it
#       is not really a token. This is the error message supplied
#       to the smtp client.
#
#
# html_tag:
#   second token is a valid html tag, that is added to the list
#       of valid tags. Any html tag seen in the mail bodies that
#       that is not in this list is presumed to be invalid.
#
#
# dnsbl:
#   second token is the name of this dnsbl
#   third  token is the dns suffix used for the actual lookups
#   fourth token? is a string enclosed in single quotes, so it
#       is not really a token. This is the error message, with
#       up to two %s parameters for the client ip address.
#
#
# dnsbl_list:
#   second token is the name of this list of dnsbls
#   subsequent tokes are the names of the previously defined dnsbls
#
#
# env_from:
#   second token is the name of this envelope-from-map. There will
#       generally be multiple lines with the same name.
#   third token is the envelope from value from the smtp conversation,
#       or just the domain part that follows the @ symbol.
#   fourth token is BLACK, WHITE, or the name of a previously defined
#       envelope-from-map. BLACK causes mail from this sender to be
#       rejected with "no such user". WHITE causes mail to be accepted
#       and the dns based lists are ignored. DEFAULT may be used to override
#       the contents of other maps that are copied into this map, and
#       set that sender back to the default (not white or black listed,
#       and subject to dnsbl lookups).
#
#
# env_to:
#   second token is the envelope recipient value from the smtp conversation,
#       or just the domain part that follows the @ symbol.
#   third token is the name of a dnsbl-list, or WHITE or BLACK.
#   fourth token is the name of an envelope-from-map, or WHITE or BLACK.
#
#   If either one is BLACK, mail to this recipient is rejected with
#   "no such user", and the dns lists are not checked.
#
#   If the envelope-from-map name is WHITE, mail to this recipient is accepted
#   and the dns lists are not checked.
#
#   If the envelope-from-map exists, the map is checked for the presence
#   of the sender. A WHITE or BLACK answer is definitive and the dns lists
#   are not checked.
#
#   If the dnsbl-list name is WHITE, the dns lists are not checked and the
#   mail is accepted. Otherwise, the dns lists are checked and the mail
#   is rejected if any list has an A record for the standard dns based
#   lookup scheme (reversed octets of the client followed by the dns suffix).
#
#
# include:
#   second token is the path name of the dnsbl milter config file to be
#   included.
#
#
# include_dcc:
#   second token is the name of an envelope-from-map (EMAP below).
#   third token is the path name of the dcc whiteclnt config file to be
#       included. Entries from the dcc config are mapped as:
#           ok -> WHITE
#           many -> BLACK
#           env_from -> env_from EMAP xxx
#           env_to   -> env_to
#           substitute mail_host -> env_from EMAP xxx
#
#
#
##############################################
# content scanning parameters
#
content         sbl-xbl.spamhaus.org        'Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s'
host_limit      20                          'Mail containing too many host names rejected'
host_soft_limit 20
html_limit      20                          'Mail containing excessive bad html tags rejected'
include hosts-ignore.conf
include html-tags.conf
include tld.conf


##############################################
# define the dnsbls to use
#
dnsbl   LOCAL   blackholes.five-ten-sg.com  'Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s'
dnsbl   SPEWS   blackholes.spews.org        'Mail from %s rejected - spews; see http://www.spews.org/ask.cgi?x=%s'
dnsbl   SBL     sbl-xbl.spamhaus.org        'Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s'


##############################################
# define the (default and other) lists of dnsbls to use
#
dnsbl_list  DEFAULT LOCAL SPEWS SBL
dnsbl_list  SIMPLE  SBL
dnsbl_list  CUST1   SBL
dnsbl_list  CUST2   SPEWS SBL


##############################################
# define the (default and other) env_from maps
#
env_from    DEFAULT spammer@example.com     BLACK
env_from    DEFAULT yahoo.com               BLACK

# special list for the vp
env_from    TEST    dummy-token             DEFAULT # inherit the currently defined DEFAULT env_from mapping
env_from    TEST    nai.com                 BLACK   # the vp does not like nai
env_from    TEST    yahoo.com               DEFAULT #
env_from    TEST    mother@spammyisp.com    WHITE   # suppresses dnsbl checking


##############################################
# specify dnsbl_lists and env_from maps to use for specific recipients
#
env_to      abuse@mydomain.com      WHITE   WHITE       # no dnsbl, no env_from map
env_to      sales@mydomain.com      SIMPLE  NULL        # sbl only, no env_from map
env_to      vp@mydomain.com         DEFAULT TEST        # allow mail from mom
env_to      old-emp@mydomain.com    BLACK   BLACK       # return no such user even from backup mx machines

##############################################
# specify dnsbl_lists and env_from maps to use for clients domains
#
env_to      mydomain.com            DEFAULT DEFAULT
env_to      customer1.com           CUST1   DEFAULT     # all customer 1 domains use just sbl
env_to      customer1a.com          CUST1   DEFAULT
env_to      customer1b.com          CUST1   DEFAULT
env_to      customer2.com           CUST2   DEFAULT     # all customer 2 domains use spews and sbl
env_to      customer2a.com          CUST2   DEFAULT


##############################################
# you can also include nested config files
# file names are single tokens, no embedded blanks
#
include dnsbl.conf      # this will generate a recursive include file syslog error message
include_dcc  DEFAULT /var/dcc/whitecommon   # this includes the default dcc whitelist file