140266059SGregory Neil Shapirodivert(-1) 240266059SGregory Neil Shapiro# 34e4196cbSGregory Neil Shapiro# Copyright (c) 2001-2002, 2005 Proofpoint, Inc. and its suppliers. 440266059SGregory Neil Shapiro# All rights reserved. 540266059SGregory Neil Shapiro# 640266059SGregory Neil Shapiro# By using this file, you agree to the terms and conditions set 740266059SGregory Neil Shapiro# forth in the LICENSE file which can be found at the top level of 840266059SGregory Neil Shapiro# the sendmail distribution. 940266059SGregory Neil Shapiro# 1040266059SGregory Neil Shapiro# 1140266059SGregory Neil Shapiro 1240266059SGregory Neil Shapirodnl ## This is a modified enhdnsbl, loosely based on the 1340266059SGregory Neil Shapirodnl ## original. 1440266059SGregory Neil Shapirodnl ## 1540266059SGregory Neil Shapirodnl ## Use it as follows 1640266059SGregory Neil Shapirodnl ## 1740266059SGregory Neil Shapirodnl ## HACK(dnsblaccess, domain, optional-message, tempfail-message, keytag) 1840266059SGregory Neil Shapirodnl ## 1940266059SGregory Neil Shapirodnl ## The first argument (domain) is required. The other arguments 2040266059SGregory Neil Shapirodnl ## are optional and have reasonable defaults. The 2140266059SGregory Neil Shapirodnl ## optional-message is the error message given in case of a 2240266059SGregory Neil Shapirodnl ## match. The default behavior for a tempfail is to accept the 2340266059SGregory Neil Shapirodnl ## email. A tempfail-message value of `t' temporarily rejects 2440266059SGregory Neil Shapirodnl ## with a default message. Otherwise the value should be your 2540266059SGregory Neil Shapirodnl ## own message. The keytag is used to lookup the access map to 2640266059SGregory Neil Shapirodnl ## further refine the result. I recommend a qualified keytag 2740266059SGregory Neil Shapirodnl ## (containing a ".") as less likely to accidentally conflict with 2840266059SGregory Neil Shapirodnl ## other access tags. 2940266059SGregory Neil Shapirodnl ## 3040266059SGregory Neil Shapirodnl ## This is best illustrated with an example. Please do not use 3140266059SGregory Neil Shapirodnl ## the example, as it refers to a bogus lookup list. 3240266059SGregory Neil Shapirodnl ## 3340266059SGregory Neil Shapirodnl ## Suppose that you use 3440266059SGregory Neil Shapirodnl ## 3540266059SGregory Neil Shapirodnl ## HACK(dnsblaccess, `rbl.bogus.org',`',`t',bogus.tag) 3640266059SGregory Neil Shapirodnl ## 3740266059SGregory Neil Shapirodnl ## and suppose that your access map contains the entries 3840266059SGregory Neil Shapirodnl ## 3940266059SGregory Neil Shapirodnl ## bogus.tag:127.0.0.2 REJECT 4094c01205SGregory Neil Shapirodnl ## bogus.tag:127.0.0.3 error:dialup mail from %1: listed at %2 4140266059SGregory Neil Shapirodnl ## bogus.tag:127.0.0.4 OK 4240266059SGregory Neil Shapirodnl ## bogus.tag:127 REJECT 4340266059SGregory Neil Shapirodnl ## bogus.tag: OK 4440266059SGregory Neil Shapirodnl ## 4540266059SGregory Neil Shapirodnl ## If an SMTP connection is received from 123.45.6.7, sendmail 4640266059SGregory Neil Shapirodnl ## will lookup the A record for 7.6.45.123.bogus.org. If there 4740266059SGregory Neil Shapirodnl ## is a temp failure for the lookup, sendmail will generate a 4840266059SGregory Neil Shapirodnl ## temporary failure with a default message. If there is no 4940266059SGregory Neil Shapirodnl ## A-record for this lookup, then the mail is treated as if the 5040266059SGregory Neil Shapirodnl ## HACK line were not present. If the lookup returns 127.0.0.2, 5140266059SGregory Neil Shapirodnl ## then a default message rejects the mail. If it returns 5240266059SGregory Neil Shapirodnl ## 127.0.0.3, then the message 5394c01205SGregory Neil Shapirodnl ## "dialup mail from 123.45.6.7: listed at rbl.bogus.org" 5440266059SGregory Neil Shapirodnl ## is used to reject the mail. If it returns 127.0.0.4, the 5540266059SGregory Neil Shapirodnl ## mail is processed as if there were no HACK line. If the 5640266059SGregory Neil Shapirodnl ## address returned is something else beginning with 127.*, the 5740266059SGregory Neil Shapirodnl ## mail is rejected with a default error message. If the 5840266059SGregory Neil Shapirodnl ## address returned does not begin 127, then the mail is 5940266059SGregory Neil Shapirodnl ## processed as if the HACK line were not present. 6040266059SGregory Neil Shapiro 6140266059SGregory Neil Shapirodivert(0) 624e4196cbSGregory Neil ShapiroVERSIONID(`$Id: dnsblaccess.m4,v 1.7 2013-11-22 20:51:18 ca Exp $') 6340266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', 6440266059SGregory Neil Shapiro `errprint(`*** ERROR: dnsblaccess requires FEATURE(`access_db') 6540266059SGregory Neil Shapiro')') 6640266059SGregory Neil Shapiroifdef(`_EDNSBL_R_',`dnl',`dnl 6740266059SGregory Neil Shapirodefine(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map. 6840266059SGregory Neil ShapiroLOCAL_CONFIG 6940266059SGregory Neil Shapiro# map for enhanced DNS based blocklist lookups 7040266059SGregory Neil ShapiroKednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5') 7140266059SGregory Neil Shapiro') 7240266059SGregory Neil Shapirodivert(-1) 7340266059SGregory Neil Shapirodefine(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl 7494c01205SGregory Neil Shapirodefine(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',`_ARG2_')')dnl 7540266059SGregory Neil Shapirodefine(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl 7640266059SGregory Neil Shapirodefine(`_EDNSBL_KEY_', `ifelse(len(X`'_ARG4_),`1',`dnsblaccess',_ARG4_)')dnl 7740266059SGregory Neil Shapirodivert(8) 7840266059SGregory Neil Shapiro# DNS based IP address spam list _EDNSBL_SRV_ 7940266059SGregory Neil ShapiroR$* $: $&{client_addr} 8040266059SGregory Neil Shapirodnl IPv6? 8140266059SGregory Neil ShapiroR$-.$-.$-.$- $: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $) <>$1.$2.$3.$4 8240266059SGregory Neil ShapiroR<?>OK<>$* $: OKSOFAR 8340266059SGregory Neil ShapiroR<?>$+<TMP><>$* $: <? <TMPF>> 8440266059SGregory Neil ShapiroR<?>$* $- .<>$* <$(access _EDNSBL_KEY_`:'$1$2 $@$3 $@`'_EDNSBL_SRV_ $: ? $)> $1 <>$3 8540266059SGregory Neil ShapiroR<?>$* <>$* $:<$(access _EDNSBL_KEY_`:' $@$2 $@`'_EDNSBL_SRV_ $: ? $)> <>$2 8640266059SGregory Neil Shapiroifelse(len(X`'_ARG3_),`1', 8740266059SGregory Neil Shapiro`R<$*<TMPF>>$* $: TMPOK', 884e4196cbSGregory Neil Shapiro`R<$*<TMPF>>$* $#error $@ 4.4.3 $: _EDNSBL_MSG_TMP_') 8940266059SGregory Neil ShapiroR<$={Accept}>$* $: OKSOFAR 9040266059SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 9140266059SGregory Neil ShapiroR<ERROR:$+> $* $#error $: $1 9240266059SGregory Neil ShapiroR<DISCARD> $* $#discard $: discard 9340266059SGregory Neil ShapiroR<$*> $* $#error $@ 5.7.1 $: _EDNSBL_MSG_ 9440266059SGregory Neil Shapirodivert(-1) 95