# HG changeset patch # User Carl Byington # Date 1503072695 25200 # Node ID 1b7a785610f53d6c16217b7e88df9ac6fdf22855 # Parent b1a9a6fc9aad089f20250cc6eb09a3ff26559ffc hosts-ignore.conf can be used to ignore nameserver names diff -r b1a9a6fc9aad -r 1b7a785610f5 ChangeLog --- a/ChangeLog Wed Jul 26 09:02:22 2017 -0700 +++ b/ChangeLog Fri Aug 18 09:11:35 2017 -0700 @@ -1,3 +1,6 @@ +6.60 2017-08-18 + hosts-ignore.conf can be used to ignore nameserver names + 6.59 2017-07-26 use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain. diff -r b1a9a6fc9aad -r 1b7a785610f5 Makefile.am --- a/Makefile.am Wed Jul 26 09:02:22 2017 -0700 +++ b/Makefile.am Fri Aug 18 09:11:35 2017 -0700 @@ -3,7 +3,7 @@ SUBDIRS = src man html info hackdir = $(sysconfdir)/dnsbl hack_SCRIPTS = dnsbl dnsbl.service -hack_DATA = dnsbl.conf hosts-ignore.conf html-tags.conf tld.conf dnsblnogrey dnsbl-tmpfs.conf +hack_DATA = dnsbl.conf dnsbl.dkim.conf hosts-ignore.conf html-tags.conf tld.conf dnsblnogrey dnsbl-tmpfs.conf htmldir = ${datadir}/doc/@PACKAGE@-@VERSION@ html_DATA = AUTHORS COPYING ChangeLog NEWS README CLEANFILES = dnsbl dnsbl.service xml/dnsbl xml/Makefile diff -r b1a9a6fc9aad -r 1b7a785610f5 NEWS --- a/NEWS Wed Jul 26 09:02:22 2017 -0700 +++ b/NEWS Fri Aug 18 09:11:35 2017 -0700 @@ -1,3 +1,4 @@ +6.60 2017-08-18 hosts-ignore.conf can be used to ignore nameserver names 6.59 2017-07-26 use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain. 6.58 2017-05-19 spf code now handles %{d} and %{h} macros, use envelope from value for spf if it is a subdomain of the header from domain. 6.57 2017-04-25 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro diff -r b1a9a6fc9aad -r 1b7a785610f5 configure.in --- a/configure.in Wed Jul 26 09:02:22 2017 -0700 +++ b/configure.in Fri Aug 18 09:11:35 2017 -0700 @@ -1,6 +1,6 @@ AC_PREREQ(2.59) -AC_INIT(dnsbl,6.59,carl@five-ten-sg.com) +AC_INIT(dnsbl,6.60,carl@five-ten-sg.com) AC_CONFIG_SRCDIR([config.h.in]) AC_CONFIG_HEADER([config.h]) AC_CONFIG_MACRO_DIR([m4]) diff -r b1a9a6fc9aad -r 1b7a785610f5 dnsbl.conf --- a/dnsbl.conf Wed Jul 26 09:02:22 2017 -0700 +++ b/dnsbl.conf Fri Aug 18 09:11:35 2017 -0700 @@ -65,100 +65,7 @@ // here, since such messages from humans might be sent via mailing lists // that will break the dkim signature. But this works well for commonly // forged bulk senders like ebay and paypal. - some.spammer require_signed some.spammer // reject if not signed - - 123greetings.info require_signed 123greetings.info; - aadvantage.email.aa.com require_signed aadvantage.email.aa.com; - admarketing.yahoo.com require_signed admarketing.yahoo.com; - adp.com require_signed adp.com; - alertsp.chase.com require_signed alertsp.chase.com; - allaboutjazz.com require_signed allaboutjazz.com; - alpineescrow.net require_signed alpineescrowarrowhead.onmicrosoft.com; - amazon.com require_signed amazon.com; - applemusic.com require_signed applemusic.com; - billpay.bankofamerica.com require_signed billpay.bankofamerica.com; - booking.com require_signed sg.booking.com; - cafepress.com require_signed cafepressinc.onmicrosoft.com; - checkin.email.aa.com require_signed checkin.email.aa.com; - connect.wellsfargoemail.com require_signed connect.wellsfargoemail.com; - craigslist.org require_signed craigslist.org; - dailykos.com require_signed sg.actionnetwork.org; - daytimer.com require_signed daytimer.com; - deals.priceline.com require_signed deals.priceline.com; - dhl.com require_signed dhl.com; - dropbox.com require_signed dropbox.com; - dvd.com require_signed dvd.com - e.bevmo.com require_signed e.bevmo.com; - e.bloomingdales.com require_signed e.bloomingdales.com; - e.business.officedepot.com require_signed e.business.officedepot.com; - e.shutterfly.com require_signed e.shutterfly.com; - e.statefarm.com require_signed e.statefarm.com; - e1.llbean.com require_signed e1.llbean.com; - ealerts.bankofamerica.com require_signed ealerts.bankofamerica.com; - easy.staples.com require_signed easy.staples.com; - ebay.com require_signed ebay.com; - ecommail.walgreens.com require_signed ecommail.walgreens.com; - email.aa.com require_signed email.aa.com; - email.aegeanair.com require_signed email.aegeanair.com; - email.chase.com require_signed email.chase.com; - email.consumerreports.org require_signed email.consumerreports.org; - email.dowjones.com require_signed email.dowjones.com; - email.homedepot.com require_signed email.homedepot.com; - email.jetblue.com require_signed email.jetblue.com; - email.ticketmaster.com require_signed email.ticketmaster.com; - email.travelzoo.com require_signed email.travelzoo.com; - email.wetransfer.com require_signed email.wetransfer.com; - email.zazzle.com require_signed email.zazzle.com; - email.zionlodge.com require_signed email.zionlodge.com; - emails.cafepress.com require_signed cafepress.com; - et.uber.com require_signed et.uber.com; - facebookmail.com require_signed facebookmail.com; - fedex.com require_signed fedex.com; - harryanddavid-email.com require_signed harryanddavid-email.com; - healthcare.gov require_signed healthcare.gov; - imail.register.com require_signed imail.register.com; - info1.networksolutions.com require_signed info1.networksolutions.com; - insideapple.apple.com require_signed insideapple.apple.com; - intuit.com require_signed intuit.com; - lakearrowheadchamber.com require_signed lakearrowhead.ccsend.com; - lehighvalleychamber.org require_signed lehighvalleychamber.ccsend.com; - libertymutual.com require_signed libertymutual.com; - linkedin.com require_signed linkedin.com; - luv.southwest.com require_signed luv.southwest.com; - mail.sling.com require_signed mail.sling.com; - mail.zillow.com require_signed mail.zillow.com; - mailer.box.com require_signed box.com; - midjerseychamber.org require_signed midjerseychamber.ccsend.com; - monster.com require_signed monster.com; - my.orbitz.com require_signed my.orbitz.com; - mystubhub.com require_signed mystubhub.com; - na.email.aa.com require_signed na.email.aa.com; - new.itunes.com require_signed new.itunes.com; - news.united.com require_signed news.united.com; - nextdayflyers.com require_signed nextdayflyers.com; - notices.rei.com require_signed notices.rei.com; - openemail.americanexpress.com require_signed openemail.americanexpress.com; - orders.staples.com signed_white orders.staples.com; // some unsigned mail via protection.outlook.com - paychex.com require_signed paychex.com; - paypal.com require_signed paypal.com; - public.govdelivery.com require_signed public.govdelivery.com; - r.groupon.com require_signed r.groupon.com; - reply1.ebay.com require_signed reply1.ebay.com; - response.nfcu.org require_signed response.nfcu.org; - service.capitalone.com require_signed capitalone.com; - service.checkout.visa.com require_signed service.checkout.visa.com; - sg.booking.com require_signed sg.booking.com; - subscriptions.ssa.gov require_signed subscriptions.ssa.gov; - support.facebook.com require_signed support.facebook.com; - support.zappos.com require_signed zappos.com; - ticketfly.com require_signed ticketfly.com; - twitter.com require_signed twitter.com; - unionbank.com require_signed unionbank.com; - ups.com require_signed ups.com; - welcome.aexp.com require_signed welcome.aexp.com; - wellsfargo.com require_signed wellsfargo.com; - wetransfer.com require_signed email.wetransfer.com; - zappos.com require_signed zappos.com; + include "dnsbl.dkim.conf"; }; filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.surbl.org/surbl-analysis?d=%s"; diff -r b1a9a6fc9aad -r 1b7a785610f5 dnsbl.spec.in --- a/dnsbl.spec.in Wed Jul 26 09:02:22 2017 -0700 +++ b/dnsbl.spec.in Fri Aug 18 09:11:35 2017 -0700 @@ -155,6 +155,10 @@ %changelog +* Fri Aug 18 2017 Carl Byington - 6.60-1 +- hosts-ignore.conf can be used to ignore nameserver names + ns1.google.com ended up on the sbl + * Wed Jul 26 2017 Carl Byington - 6.59-1 - use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain. diff -r b1a9a6fc9aad -r 1b7a785610f5 hosts-ignore.conf --- a/hosts-ignore.conf Wed Jul 26 09:02:22 2017 -0700 +++ b/hosts-ignore.conf Fri Aug 18 09:11:35 2017 -0700 @@ -6,6 +6,8 @@ # ignore some common hostnames in mail google.com microsoft.com +docs.google.com +plus.google.com www.google-analytics.com www.google.com www.microsoft.com diff -r b1a9a6fc9aad -r 1b7a785610f5 src/dnsbl.cpp --- a/src/dnsbl.cpp Wed Jul 26 09:02:22 2017 -0700 +++ b/src/dnsbl.cpp Fri Aug 18 09:11:35 2017 -0700 @@ -1151,6 +1151,11 @@ if ((count > limit) && (limit > 0)) return false; // too many name servers to check them all host = (*i).first; // a transient reference that needs to be replaced before we return it ip = (*i).second; + + // don't bother looking up nameserver names on the ignore list + string_set::iterator j = ignore.find(host); + if (j != ignore.end()) continue; + if (!ip) ip = dns_interface(priv, host, ns_t_a); if (debug_syslog > 2) { char buf[maxlen];