view xml/sample.conf @ 101:6ac7ba4a8312 stable-5-9

fix <> passed as <<>> to verification hosts
author carl
date Mon, 26 Sep 2005 20:40:29 -0700
parents 63e8633abc34
children
line wrap: on
line source

# $Id$
#

# Partial bnf description of this configuration language. Any sequence of
# three tokens ("include" FILENAME ";") are replaced by the content of the
# specified file.
#
#
# CONFIG            = {CONTEXT ";"}+
# CONTEXT           = "context" NAME "{" {STATEMENT}+ "}"
# STATEMENT         = (DNSBL | DNSBLLIST | CONTENT | ENV-TO | VERIFY | CONTEXT | ENV-FROM) ";"

# DNSBL             = "dnsbl" NAME DNSPREFIX ERROR-MSG

# DNSBLLIST         = "dnsbl_list" {NAME}+

# CONTENT           = "content" ("on" | "off") "{" {CONTENT-STATEMENT}+ "}"
# CONTENT-STATEMENT = (FILTER | IGNORE | TLD | HTML-TAGS | HTML-LIMIT | HOST-LIMIT) ";"
# FILTER            = "filter" DNSPREFIX ERROR-MSG
# IGNORE            = "ignore"     "{" {HOSTNAME [";"]}+ "}"
# TLD               = "tld"        "{" {TLD      [";"]}+ "}"
# HTML-TAGS         = "html_tags"  "{" {HTMLTAG  [";"]}+ "}"
# ERROR-MSG         = string containing exactly two %s replacement tokens for the client ip address

# HTML-LIMIT        = "html_limit" ("on" INTEGER ERROR-MSG | "off")

# HOST-LIMIT        = "host_limit" ("on" INTEGER ERROR-MSG | "off" | "soft" INTEGER)

# ENV-TO            = "env_to"     "{" {(TO-ADDR | DCC-TO)}+ "}"
# TO-ADDR           = ADDRESS [";"]
# DCC-TO            = "dcc_to" ("ok" | "many") "{" DCCINCLUDEFILE "}" ";"

# VERIFY            = "verify" HOSTNAME ";"

# ENV_FROM          = "env_from" [DEFAULT] "{" {(FROM-ADDR | DCC-FROM)}+ "}"
# FROM-ADDR         = ADDRESS VALUE [";"]
# DCC-FROM          = "dcc_from" "{" DCCINCLUDEFILE "}" ";"
# DEFAULT           = ("white" | "black" | "unknown" | "inherit" | "")
# ADDRESS           = (USER@ | DOMAIN | USER@DOMAIN)
# VALUE             = ("white" | "black" | "unknown" | CHILD-CONTEXT-NAME)


context sample {
    dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
    dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
    dnsbl   xbl     xbl.spamhaus.org            "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
    dnsbl   dul     dul.dnsbl.sorbs.net         "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
    dnsbl_list  local sbl dul;

    content on {
        filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
        ignore    { include "hosts-ignore.conf"; };
        tld       { include "tld.conf"; };
        html_tags { include "html-tags.conf"; };
        html_limit on 20 "Mail containing excessive bad html tags rejected";
        html_limit off;
        host_limit on 20 "Mail containing excessive host names rejected";
        host_limit soft 20;
    };

    env_to {
        # child contexts are not allowed to specify recipient addresses outside these domains
        # leave this outer global context env_to empty to allow arbitrary recipients in child contexts
        mydomain.com;
        customer1.com;
        customer1a.com;
        customer1b.com;
        customer2.com;
        customer2a.com;
        customer2b.com;
    };

    context whitelist {
        content off {};
        env_to {
            # dcc_to ok { include "/var/dcc/whitecommon"; };    # copy the dcc OK values (env_to) into this context
        };
        env_from white {};      # white forces all unmatched from addresses (everyone in this case) to be whitelisted
                                # so all mail TO these env_to addresses is accepted
    };

    context abuse {
        dnsbl_list xbl;
        content off {};
        env_to {
            abuse@;             # no content filtering on abuse reports
            postmaster@;        # ""
        };
        env_from unknown {};    # ignore all parent white/black listing
    };

    context minimal {
        dnsbl_list sbl dul;
        content on {};
        env_to {
            sales@mydomain.com;
        };
    };

    context blacklist {
        env_to {
            dcc_to many { include "/var/dcc/whitecommon"; };    # copy the dcc MANY values (env_to) into this context
            old-employee@mydomain.com;
        };
        env_from black {};      # black forces all unmatched from addresses (everyone in this case) to be blacklisted
                                # so all mail TO these env_to addresses is rejected
    };

    context vp {    # special context for the vp
        env_to {
            vp@mydomain.com;
        };
        env_from inherit {
            nai.com                 black;      # the vp does not like nai
            yahoo.com               unknown;    # override parent context blacklisting
            mother@spammyisp.com    white;      # suppress dnsbl checking
        };
    };

    context customer1 {
        dnsbl_list sbl dul;
        env_to {
            customer1.com;
            customer1a.com;
            customer1b.com;
        };

        verify mail.customer1.com;

        context customer1a {
            env_to {
                customer1a.com;
            }
            env_from black {                        # blacklist everything
                first@acceptable.com    unknown;    # except these specific envelope senders
                second@another.com      unknown;
                yahoo.com               inherit;    # delegate to the parent
            };
        };

        env_from {  # default value of the default is inherit
            yahoo.com           black;      # no mail from yahoo
            first@yahoo.com     unknown;    # except this one
        };
    };

    context customer2 {
        dnsbl_list sbl;
        env_to {
            customer2.com;
            customer2a.com;
            customer2b.com;
        };
    };

    env_from unknown {
        dcc_from { include "/var/dcc/whitecommon"; };   # copy the dcc OK/MANY values (env_from, substitute mail_host) into this context
        abuse@              abuse;      # replies to abuse reports use the abuse context
        yahoo.com           black;      # don't take mail from yahoo
        spammer@example.com black;
    };
};