# HG changeset patch # User carl # Date 1082588947 25200 # Node ID 793ac9cc114daadfe55e7c6764b79aa4c672d786 # Parent 15a7e942adec8826e7677da6247a657e941f1847 updates to use dcc conf files diff -r 15a7e942adec -r 793ac9cc114d install.bash --- a/install.bash Wed Apr 21 12:52:29 2004 -0700 +++ b/install.bash Wed Apr 21 16:09:07 2004 -0700 @@ -21,7 +21,7 @@ # install the milter DST=/var/dnsbl mkdir -p $DST -cp *.conf $DST +cp dnsbl.conf $DST mv -f dnsbl $DST cp dnsbl.rc /etc/rc.d/init.d/dnsbl chmod 755 /etc/rc.d/init.d/dnsbl diff -r 15a7e942adec -r 793ac9cc114d src/dnsbl Binary file src/dnsbl has changed diff -r 15a7e942adec -r 793ac9cc114d src/dnsbl.cpp --- a/src/dnsbl.cpp Wed Apr 21 12:52:29 2004 -0700 +++ b/src/dnsbl.cpp Wed Apr 21 16:09:07 2004 -0700 @@ -495,6 +495,9 @@ static void dumpit(CONFIG &dc); static void dumpit(CONFIG &dc) { + dumpit(dc.env_from); + dumpit("envelope to (dnsbl list)", dc.env_to_dnsbll); + dumpit("envelope to (from map)", dc.env_to_chkfrom); fprintf(stderr, "\ndnsbls\n"); for (dnsblp_map::iterator i=dc.dnsbls.begin(); i!=dc.dnsbls.end(); i++) { fprintf(stderr, "%s %s %s\n", (*i).first, (*i).second->suffix, (*i).second->message); @@ -858,6 +861,13 @@ exit(EX_USAGE); } } + + if (check) { + CONFIG &dc = *new_conf(); + dumpit(dc); + return 0; + } + if (!setconn) { fprintf(stderr, "%s: Missing required -p argument\n", argv[0]); usage(argv[0]); @@ -868,15 +878,6 @@ exit(EX_UNAVAILABLE); } - if (check) { - CONFIG &dc = *new_conf(); - dumpit(dc.env_from); - dumpit("envelope to (dnsbl list)", dc.env_to_dnsbll); - dumpit("envelope to (from map)", dc.env_to_chkfrom); - dumpit(dc); - return 0; - } - // switch to background mode if (daemon(1,0) < 0) { fprintf(stderr, "daemon() call failed\n"); diff -r 15a7e942adec -r 793ac9cc114d src/package --- a/src/package Wed Apr 21 12:52:29 2004 -0700 +++ b/src/package Wed Apr 21 16:09:07 2004 -0700 @@ -2,7 +2,7 @@ target1=/home/httpd/html/510sg/util/dnsbl.tar.gz target2=/home/httpd/html/510sg/dnsbl.conf -target2=/home/httpd/html/510sg/dnsbl.html +target3=/home/httpd/html/510sg/dnsbl.html mv -f dnsbl.conf dnsbl.conf.save mv sample.conf dnsbl.conf diff -r 15a7e942adec -r 793ac9cc114d src/update --- a/src/update Wed Apr 21 12:52:29 2004 -0700 +++ b/src/update Wed Apr 21 16:09:07 2004 -0700 @@ -1,18 +1,16 @@ #!/bin/bash targets="ns1 davd" -if [ "$1" == "conf" ]; then DST=/var/dnsbl - mkdir -p $DST - cp *.conf $DST +cp $DST/dnsbl.conf . for i in $targets; do - scp *.conf $i:$DST + scp $DST/*.conf $i:$DST done -else + sh install.bash for i in $targets; do DST=/usr/src/rh8/dnsbl + ssh $i "mkdir -p $DST" scp * $i:$DST ssh $i "cd $DST; sh install.bash" done -fi diff -r 15a7e942adec -r 793ac9cc114d test.bash --- a/test.bash Wed Apr 21 12:52:29 2004 -0700 +++ b/test.bash Wed Apr 21 16:09:07 2004 -0700 @@ -16,6 +16,7 @@ chmod 700 /var/run/dnsbl mv -f $pid $pid.save rm -f /var/run/dnsbl/dnsbl.sock +cp /var/dnsbl/*conf . ./dnsbl -c -p local:/var/run/dnsbl/dnsbl.sock >check.txt 2>&1 #sleep 5 #P2=`cat $pid` diff -r 15a7e942adec -r 793ac9cc114d xml/dnsbl.in --- a/xml/dnsbl.in Wed Apr 21 12:52:29 2004 -0700 +++ b/xml/dnsbl.in Wed Apr 21 16:09:07 2004 -0700 @@ -28,11 +28,7 @@ bulk detector, or from the DNS based lists. Those are two very different reasons for whitelisting. The former is done thru the DCC whiteclnt config file, the later is done thru the DNSBL milter config -file. There is an option to reference the DCC whiteclnt file (via an -include_dcc line) in the DNSBL milter config. This will import the -(env_to, env_from, and substitute mail_host) entries from the DCC config -into the DNSBL config. This allows using the DCC config as the single -point for white/blacklisting. +file.

You may want to blacklist some specific senders or sending domains. This could be done thru either the DCC (on a global basis, or for a @@ -43,6 +39,23 @@ feature that the mail is rejected earlier (at RCPT TO time), and the sending machine just gets a generic "550 5.7.1 no such user" message. +

There is an option to reference the DCC whiteclnt file (via an +include_dcc line) in the DNSBL milter config. This will import the +(env_to, env_from, and substitute mail_host) entries from the DCC config +into the DNSBL config. This allows using the DCC config as the single +point for white/blacklisting. + +

Consider the case where you have multiple clients, each with their +own mail servers, and each running their own DCC milters. Each client +is using the DCC facilities for envelope from/to white/blacklisting. +Presumably you can use rsync or scp to fetch copies of these clients DCC +whiteclnt files on a regular basis. Your mail server, acting as a +backup MX for your clients, can use the DNSBL milter, and include those +client DCC config files. The envelope to white/blacklisting will be +global for your system, but the envelope from white/blacklisting will be +appropriately tagged and used only for the domains controlled by each of +those clients. +

Definitions:

DNSBL - a named DNS based blocking list is defined by a dns suffix diff -r 15a7e942adec -r 793ac9cc114d xml/sample.conf --- a/xml/sample.conf Wed Apr 21 12:52:29 2004 -0700 +++ b/xml/sample.conf Wed Apr 21 16:09:07 2004 -0700 @@ -62,8 +62,8 @@ # entries from the dcc config are mapped as: # ok -> WHITE # many -> BLACK +# env_to -> env_to xxx # env_from -> env_from EMAP xxx -# env_to -> env_to # substitute mail_host -> env_from EMAP xxx # # @@ -123,4 +123,14 @@ # file names are single tokens, no embedded blanks # include dnsbl.conf # this will generate a recursive include file syslog error message -include_dcc DEFAULT /var/dcc/whitecommon # this includes the default dcc whitelist file + + +############################################## +# fetch the normal dcc whitelist file and put the entries into the DEFAULT +# envelope-from-map. The ok/many tags in the DCC file turn into +# WHITE/BLACK entries when imported. The env_to entries from the DCC +# config turn into env_to entries here, and are therefore global to all +# domains. The env_from and substitute mail_host entries turn into +# env_from entries in the named (DEFAULT in this case) envelope-from-map. +# +include_dcc DEFAULT /var/dcc/whitecommon