Mercurial > dnsbl

changeset 425:1b7a785610f5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hosts-ignore.conf can be used to ignore nameserver names
author Carl Byington <carl@five-ten-sg.com>
date Fri, 18 Aug 2017 09:11:35 -0700
parents b1a9a6fc9aad
children beda588f2881
files ChangeLog Makefile.am NEWS configure.in dnsbl.conf dnsbl.spec.in hosts-ignore.conf src/dnsbl.cpp
diffstat 8 files changed, 18 insertions(+), 96 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Wed Jul 26 09:02:22 2017 -0700
+++ b/ChangeLog	Fri Aug 18 09:11:35 2017 -0700
@@ -1,3 +1,6 @@
+6.60 2017-08-18
+    hosts-ignore.conf can be used to ignore nameserver names
+
 6.59 2017-07-26
     use both envelope from and header from for spf checks when envelope from
     is a subdomain of the header from domain.
--- a/Makefile.am	Wed Jul 26 09:02:22 2017 -0700
+++ b/Makefile.am	Fri Aug 18 09:11:35 2017 -0700
@@ -3,7 +3,7 @@
 SUBDIRS = src man html info
 hackdir = $(sysconfdir)/dnsbl
 hack_SCRIPTS = dnsbl dnsbl.service
-hack_DATA = dnsbl.conf hosts-ignore.conf html-tags.conf tld.conf dnsblnogrey  dnsbl-tmpfs.conf
+hack_DATA = dnsbl.conf dnsbl.dkim.conf hosts-ignore.conf html-tags.conf tld.conf dnsblnogrey  dnsbl-tmpfs.conf
 htmldir = ${datadir}/doc/@PACKAGE@-@VERSION@
 html_DATA = AUTHORS COPYING ChangeLog NEWS README
 CLEANFILES = dnsbl    dnsbl.service    xml/dnsbl xml/Makefile
--- a/NEWS	Wed Jul 26 09:02:22 2017 -0700
+++ b/NEWS	Fri Aug 18 09:11:35 2017 -0700
@@ -1,3 +1,4 @@
+6.60 2017-08-18 hosts-ignore.conf can be used to ignore nameserver names
 6.59 2017-07-26 use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain.
 6.58 2017-05-19 spf code now handles %{d} and %{h} macros, use envelope from value for spf if it is a subdomain of the header from domain.
 6.57 2017-04-25 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
--- a/configure.in	Wed Jul 26 09:02:22 2017 -0700
+++ b/configure.in	Fri Aug 18 09:11:35 2017 -0700
@@ -1,6 +1,6 @@
 
 AC_PREREQ(2.59)
-AC_INIT(dnsbl,6.59,carl@five-ten-sg.com)
+AC_INIT(dnsbl,6.60,carl@five-ten-sg.com)
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADER([config.h])
 AC_CONFIG_MACRO_DIR([m4])
--- a/dnsbl.conf	Wed Jul 26 09:02:22 2017 -0700
+++ b/dnsbl.conf	Fri Aug 18 09:11:35 2017 -0700
@@ -65,100 +65,7 @@
             // here, since such messages from humans might be sent via mailing lists
             // that will break the dkim signature. But this works well for commonly
             // forged bulk senders like ebay and paypal.
-            some.spammer                require_signed  some.spammer    // reject if not signed
-
-            123greetings.info               require_signed  123greetings.info;
-            aadvantage.email.aa.com         require_signed  aadvantage.email.aa.com;
-            admarketing.yahoo.com           require_signed  admarketing.yahoo.com;
-            adp.com                         require_signed  adp.com;
-            alertsp.chase.com               require_signed  alertsp.chase.com;
-            allaboutjazz.com                require_signed  allaboutjazz.com;
-            alpineescrow.net                require_signed  alpineescrowarrowhead.onmicrosoft.com;
-            amazon.com                      require_signed  amazon.com;
-            applemusic.com                  require_signed  applemusic.com;
-            billpay.bankofamerica.com       require_signed  billpay.bankofamerica.com;
-            booking.com                     require_signed  sg.booking.com;
-            cafepress.com                   require_signed  cafepressinc.onmicrosoft.com;
-            checkin.email.aa.com            require_signed  checkin.email.aa.com;
-            connect.wellsfargoemail.com     require_signed  connect.wellsfargoemail.com;
-            craigslist.org                  require_signed  craigslist.org;
-            dailykos.com                    require_signed  sg.actionnetwork.org;
-            daytimer.com                    require_signed  daytimer.com;
-            deals.priceline.com             require_signed  deals.priceline.com;
-            dhl.com                         require_signed  dhl.com;
-            dropbox.com                     require_signed  dropbox.com;
-            dvd.com                         require_signed  dvd.com
-            e.bevmo.com                     require_signed  e.bevmo.com;
-            e.bloomingdales.com             require_signed  e.bloomingdales.com;
-            e.business.officedepot.com      require_signed  e.business.officedepot.com;
-            e.shutterfly.com                require_signed  e.shutterfly.com;
-            e.statefarm.com                 require_signed  e.statefarm.com;
-            e1.llbean.com                   require_signed  e1.llbean.com;
-            ealerts.bankofamerica.com       require_signed  ealerts.bankofamerica.com;
-            easy.staples.com                require_signed  easy.staples.com;
-            ebay.com                        require_signed  ebay.com;
-            ecommail.walgreens.com          require_signed  ecommail.walgreens.com;
-            email.aa.com                    require_signed  email.aa.com;
-            email.aegeanair.com             require_signed  email.aegeanair.com;
-            email.chase.com                 require_signed  email.chase.com;
-            email.consumerreports.org       require_signed  email.consumerreports.org;
-            email.dowjones.com              require_signed  email.dowjones.com;
-            email.homedepot.com             require_signed  email.homedepot.com;
-            email.jetblue.com               require_signed  email.jetblue.com;
-            email.ticketmaster.com          require_signed  email.ticketmaster.com;
-            email.travelzoo.com             require_signed  email.travelzoo.com;
-            email.wetransfer.com            require_signed  email.wetransfer.com;
-            email.zazzle.com                require_signed  email.zazzle.com;
-            email.zionlodge.com             require_signed  email.zionlodge.com;
-            emails.cafepress.com            require_signed  cafepress.com;
-            et.uber.com                     require_signed  et.uber.com;
-            facebookmail.com                require_signed  facebookmail.com;
-            fedex.com                       require_signed  fedex.com;
-            harryanddavid-email.com         require_signed  harryanddavid-email.com;
-            healthcare.gov                  require_signed  healthcare.gov;
-            imail.register.com              require_signed  imail.register.com;
-            info1.networksolutions.com      require_signed  info1.networksolutions.com;
-            insideapple.apple.com           require_signed  insideapple.apple.com;
-            intuit.com                      require_signed  intuit.com;
-            lakearrowheadchamber.com        require_signed  lakearrowhead.ccsend.com;
-            lehighvalleychamber.org         require_signed  lehighvalleychamber.ccsend.com;
-            libertymutual.com               require_signed  libertymutual.com;
-            linkedin.com                    require_signed  linkedin.com;
-            luv.southwest.com               require_signed  luv.southwest.com;
-            mail.sling.com                  require_signed  mail.sling.com;
-            mail.zillow.com                 require_signed  mail.zillow.com;
-            mailer.box.com                  require_signed  box.com;
-            midjerseychamber.org            require_signed  midjerseychamber.ccsend.com;
-            monster.com                     require_signed  monster.com;
-            my.orbitz.com                   require_signed  my.orbitz.com;
-            mystubhub.com                   require_signed  mystubhub.com;
-            na.email.aa.com                 require_signed  na.email.aa.com;
-            new.itunes.com                  require_signed  new.itunes.com;
-            news.united.com                 require_signed  news.united.com;
-            nextdayflyers.com               require_signed  nextdayflyers.com;
-            notices.rei.com                 require_signed  notices.rei.com;
-            openemail.americanexpress.com   require_signed  openemail.americanexpress.com;
-            orders.staples.com              signed_white    orders.staples.com;     // some unsigned mail via protection.outlook.com
-            paychex.com                     require_signed  paychex.com;
-            paypal.com                      require_signed  paypal.com;
-            public.govdelivery.com          require_signed  public.govdelivery.com;
-            r.groupon.com                   require_signed  r.groupon.com;
-            reply1.ebay.com                 require_signed  reply1.ebay.com;
-            response.nfcu.org               require_signed  response.nfcu.org;
-            service.capitalone.com          require_signed  capitalone.com;
-            service.checkout.visa.com       require_signed  service.checkout.visa.com;
-            sg.booking.com                  require_signed  sg.booking.com;
-            subscriptions.ssa.gov           require_signed  subscriptions.ssa.gov;
-            support.facebook.com            require_signed  support.facebook.com;
-            support.zappos.com              require_signed  zappos.com;
-            ticketfly.com                   require_signed  ticketfly.com;
-            twitter.com                     require_signed  twitter.com;
-            unionbank.com                   require_signed  unionbank.com;
-            ups.com                         require_signed  ups.com;
-            welcome.aexp.com                require_signed  welcome.aexp.com;
-            wellsfargo.com                  require_signed  wellsfargo.com;
-            wetransfer.com                  require_signed  email.wetransfer.com;
-            zappos.com                      require_signed  zappos.com;
+            include "dnsbl.dkim.conf";
         };
         filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
         uribl     multi.surbl.org             "Mail containing %s rejected - surbl; see http://www.surbl.org/surbl-analysis?d=%s";
--- a/dnsbl.spec.in	Wed Jul 26 09:02:22 2017 -0700
+++ b/dnsbl.spec.in	Fri Aug 18 09:11:35 2017 -0700
@@ -155,6 +155,10 @@
 
 
 %changelog
+* Fri Aug 18 2017 Carl Byington <carl@five-ten-sg.com> - 6.60-1
+- hosts-ignore.conf can be used to ignore nameserver names
+  ns1.google.com ended up on the sbl
+
 * Wed Jul 26 2017 Carl Byington <carl@five-ten-sg.com> - 6.59-1
 - use both envelope from and header from for spf checks when envelope
   from is a subdomain of the header from domain.
--- a/hosts-ignore.conf	Wed Jul 26 09:02:22 2017 -0700
+++ b/hosts-ignore.conf	Fri Aug 18 09:11:35 2017 -0700
@@ -6,6 +6,8 @@
 # ignore some common hostnames in mail
 google.com
 microsoft.com
+docs.google.com
+plus.google.com
 www.google-analytics.com
 www.google.com
 www.microsoft.com
--- a/src/dnsbl.cpp	Wed Jul 26 09:02:22 2017 -0700
+++ b/src/dnsbl.cpp	Fri Aug 18 09:11:35 2017 -0700
@@ -1151,6 +1151,11 @@
         if ((count > limit) && (limit > 0)) return false;   // too many name servers to check them all
         host = (*i).first;  // a transient reference that needs to be replaced before we return it
         ip   = (*i).second;
+
+        // don't bother looking up nameserver names on the ignore list
+        string_set::iterator j = ignore.find(host);
+        if (j != ignore.end()) continue;
+
         if (!ip) ip = dns_interface(priv, host, ns_t_a);
         if (debug_syslog > 2) {
             char buf[maxlen];