|
How to Use:
Submit to: Lookup Listing Policy: Hosting of RFCI |
How to Use Domain-Based Blacklist ZonesGeneral ConceptsIf someone presents you with:MAIL FROM: <foo@example.tld> then you should do a lookup on example.tld.dsn.rfc-ignorant.org, and bounce or reject as you see fit. The following is a quick reference for adding domain-based DNSBL support to popular packages: SendmailThe standarddnsbl package in sendmail is useful for
"standard" DNS-based blacklists, where you want to compare IP
addresses. Unfortunately, it doesn't work at all when you want to do
comparisons based on the right-hand-side of the address.
That's where rhsbl.m4 comes
in. It is designed to be copied into cf/feature, and be referenced
just like you would dnsbl, except that lookups will have the
right-hand-side of the address attached to the lookup. (NOTE: Sendmail 8.11.x
and lower will have to replace the string " For example, you might use (these lines are wrapped for readability, but that won't work in real life, you have been warned):
Also available is a revised dnsbl.m4 which allows for a fourth argument `h', which will toggle hostname lookups on. This is useful so that you could reject based on the hostname of the connecting machine, say, for rejecting servers where <postmaster@servername> doesn't work, or where <abuse@servers_main_domain> doesn't work. (See disclaimers about dnsbl.m4 at http://www.megacity.org/software.html.) Essentially, since you're working with domain names in these zones, there's two potential places you care about: Does the sender meet some criteria (as determined by rhsbl.m4), and does the machine connecting to you meet some criteria (as defined by the revised dnsbl.m4). Which ones you use are up to you. Exim4provided by nico Erfurth <masta@perlgolf.de>Put the following lines in your ACL (acl_smtp_rcpt is the best for this). deny message = $sender_address_domain is listed in $dnslist_domain ($dnslist_text) You can add other RBLs too, domain based should use the rbl.domain.tld/$sender_address_domain syntax, for ip4r-based blacklists just use the rbl.domain.tld. Exim3provided by Philip Hazel <ph10@cus.cam.ac.uk>It is possible to make use of rfc-ignorant.org from Exim, but in the current 3.xx releases, the error message that is given when a message is rejected is 550 rejected: cannot route to sender <x@example.tld> which, although in some sense true, is not very helpful. QMailprovided by Ask Bjoern Hansen <ask@develooper.com>Ask has done some experimental work with mating qmail and the domain based dnsbls. His work can be found at http://develooper.com/code/qpsmtpd/. Postfixprovided by Ralf Hildebrandt <Ralf.Hildebrandt@charite.de>It is possible to make use of rfc-ignorant.org from Postfix. With the release of Postfix-2.0, you simply use: smtpd_sender_restrictions = reject_rhsbl_sender dsn.rfc-ignorant.org For the WHOIS zone, it is also possible, if you don't want to block whole ccTLDs, to do: reject_rhsbl_sender whois.rfc-ignorant.org=127.0.0.5 By default, such mail is rejected using the text in $default_rbl_reply: default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} SurgeMailprovided by SurgeMail Support <SurgeMail-Support@netwinsite.com> (Requires SurgeMail 1.5c or later)Set in surgemail.ini, for example: g_from_bl name="dsn.rfc-ignorant.org" stamp="Domain does not accept bounces, see http://www.rfc-ignorant.org" Mercury/32provided by Daniel Jungersen <danjel@jungersen.dk>You can enter the values manually in the GUI, or you can "copy-paste" directly into "ms_spam.mer" found in the same folder as the .exe file. As always, I recommend that you shut down M/32 when changing the setupfiles directly.
***************** ms_spam.mer content **************** You can of course use one, some or all setup's just as you like. Also, you can set the action and parameter, as you like. $Id: how_to_domain.php,v 1.21 2008-10-22 15:06:58 dredd Exp $ |
