140266059SGregory Neil Shapirodivert(-1)
240266059SGregory Neil Shapiro#
34e4196cbSGregory Neil Shapiro# Copyright (c) 2001-2002, 2005 Proofpoint, Inc. and its suppliers.
440266059SGregory Neil Shapiro#	All rights reserved.
540266059SGregory Neil Shapiro#
640266059SGregory Neil Shapiro# By using this file, you agree to the terms and conditions set
740266059SGregory Neil Shapiro# forth in the LICENSE file which can be found at the top level of
840266059SGregory Neil Shapiro# the sendmail distribution.
940266059SGregory Neil Shapiro#
1040266059SGregory Neil Shapiro#
1140266059SGregory Neil Shapiro
1240266059SGregory Neil Shapirodnl ##	This is a modified enhdnsbl, loosely based on the
1340266059SGregory Neil Shapirodnl ##	original.
1440266059SGregory Neil Shapirodnl ##
1540266059SGregory Neil Shapirodnl ##	Use it as follows
1640266059SGregory Neil Shapirodnl ##
1740266059SGregory Neil Shapirodnl ##	HACK(dnsblaccess, domain, optional-message, tempfail-message, keytag)
1840266059SGregory Neil Shapirodnl ##
1940266059SGregory Neil Shapirodnl ##	The first argument (domain) is required.  The other arguments
2040266059SGregory Neil Shapirodnl ##	are optional and have reasonable defaults.  The
2140266059SGregory Neil Shapirodnl ##	optional-message is the error message given in case of a
2240266059SGregory Neil Shapirodnl ##	match.  The default behavior for a tempfail is to accept the
2340266059SGregory Neil Shapirodnl ##	email.  A tempfail-message value of `t' temporarily rejects
2440266059SGregory Neil Shapirodnl ##	with a default message.  Otherwise the value should be your
2540266059SGregory Neil Shapirodnl ##	own message.  The keytag is used to lookup the access map to
2640266059SGregory Neil Shapirodnl ##	further refine the result.  I recommend a qualified keytag
2740266059SGregory Neil Shapirodnl ##	(containing a ".") as less likely to accidentally conflict with
2840266059SGregory Neil Shapirodnl ##	other access tags.
2940266059SGregory Neil Shapirodnl ##
3040266059SGregory Neil Shapirodnl ##	This is best illustrated with an example.  Please do not use
3140266059SGregory Neil Shapirodnl ##	the example, as it refers to a bogus lookup list.
3240266059SGregory Neil Shapirodnl ##
3340266059SGregory Neil Shapirodnl ##	Suppose that you use
3440266059SGregory Neil Shapirodnl ##
3540266059SGregory Neil Shapirodnl ##	HACK(dnsblaccess, `rbl.bogus.org',`',`t',bogus.tag)
3640266059SGregory Neil Shapirodnl ##
3740266059SGregory Neil Shapirodnl ##	and suppose that your access map contains the entries
3840266059SGregory Neil Shapirodnl ##
3940266059SGregory Neil Shapirodnl ##	bogus.tag:127.0.0.2	REJECT
4094c01205SGregory Neil Shapirodnl ##	bogus.tag:127.0.0.3	error:dialup mail from %1: listed at %2
4140266059SGregory Neil Shapirodnl ##	bogus.tag:127.0.0.4	OK
4240266059SGregory Neil Shapirodnl ##	bogus.tag:127		REJECT
4340266059SGregory Neil Shapirodnl ##	bogus.tag:		OK
4440266059SGregory Neil Shapirodnl ##
4540266059SGregory Neil Shapirodnl ##	If an SMTP connection is received from 123.45.6.7, sendmail
4640266059SGregory Neil Shapirodnl ##	will lookup the A record for 7.6.45.123.bogus.org.  If there
4740266059SGregory Neil Shapirodnl ##	is a temp failure for the lookup, sendmail will generate a
4840266059SGregory Neil Shapirodnl ##	temporary failure with a default message.  If there is no
4940266059SGregory Neil Shapirodnl ##	A-record for this lookup, then the mail is treated as if the
5040266059SGregory Neil Shapirodnl ##	HACK line were not present.  If the lookup returns 127.0.0.2,
5140266059SGregory Neil Shapirodnl ##	then a default message rejects the mail.  If it returns
5240266059SGregory Neil Shapirodnl ##	127.0.0.3, then the message
5394c01205SGregory Neil Shapirodnl ##	"dialup mail from 123.45.6.7: listed at rbl.bogus.org"
5440266059SGregory Neil Shapirodnl ##	is used to reject the mail.  If it returns 127.0.0.4, the
5540266059SGregory Neil Shapirodnl ##	mail is processed as if there were no HACK line.  If the
5640266059SGregory Neil Shapirodnl ##	address returned is something else beginning with 127.*, the
5740266059SGregory Neil Shapirodnl ##	mail is rejected with a default error message.  If the
5840266059SGregory Neil Shapirodnl ##	address returned does not begin 127, then the mail is
5940266059SGregory Neil Shapirodnl ##	processed as if the HACK line were not present.
6040266059SGregory Neil Shapiro
6140266059SGregory Neil Shapirodivert(0)
624e4196cbSGregory Neil ShapiroVERSIONID(`$Id: dnsblaccess.m4,v 1.7 2013-11-22 20:51:18 ca Exp $')
6340266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl',
6440266059SGregory Neil Shapiro	`errprint(`*** ERROR: dnsblaccess requires FEATURE(`access_db')
6540266059SGregory Neil Shapiro')')
6640266059SGregory Neil Shapiroifdef(`_EDNSBL_R_',`dnl',`dnl
6740266059SGregory Neil Shapirodefine(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map.
6840266059SGregory Neil ShapiroLOCAL_CONFIG
6940266059SGregory Neil Shapiro# map for enhanced DNS based blocklist lookups
7040266059SGregory Neil ShapiroKednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
7140266059SGregory Neil Shapiro')
7240266059SGregory Neil Shapirodivert(-1)
7340266059SGregory Neil Shapirodefine(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl
7494c01205SGregory Neil Shapirodefine(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',`_ARG2_')')dnl
7540266059SGregory Neil Shapirodefine(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl
7640266059SGregory Neil Shapirodefine(`_EDNSBL_KEY_', `ifelse(len(X`'_ARG4_),`1',`dnsblaccess',_ARG4_)')dnl
7740266059SGregory Neil Shapirodivert(8)
7840266059SGregory Neil Shapiro# DNS based IP address spam list _EDNSBL_SRV_
7940266059SGregory Neil ShapiroR$*			$: $&{client_addr}
8040266059SGregory Neil Shapirodnl IPv6?
8140266059SGregory Neil ShapiroR$-.$-.$-.$-		$: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $) <>$1.$2.$3.$4
8240266059SGregory Neil ShapiroR<?>OK<>$*		$: OKSOFAR
8340266059SGregory Neil ShapiroR<?>$+<TMP><>$*		$: <? <TMPF>>
8440266059SGregory Neil ShapiroR<?>$* $- .<>$*		<$(access _EDNSBL_KEY_`:'$1$2 $@$3 $@`'_EDNSBL_SRV_ $: ? $)> $1 <>$3
8540266059SGregory Neil ShapiroR<?>$* <>$*		$:<$(access _EDNSBL_KEY_`:' $@$2 $@`'_EDNSBL_SRV_ $: ? $)> <>$2
8640266059SGregory Neil Shapiroifelse(len(X`'_ARG3_),`1',
8740266059SGregory Neil Shapiro`R<$*<TMPF>>$*		$: TMPOK',
884e4196cbSGregory Neil Shapiro`R<$*<TMPF>>$*		$#error $@ 4.4.3 $: _EDNSBL_MSG_TMP_')
8940266059SGregory Neil ShapiroR<$={Accept}>$*		$: OKSOFAR
9040266059SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $*	$#error $@ $1.$2.$3 $: $4
9140266059SGregory Neil ShapiroR<ERROR:$+> $*		$#error $: $1
9240266059SGregory Neil ShapiroR<DISCARD> $*		$#discard $: discard
9340266059SGregory Neil ShapiroR<$*> $*		$#error $@ 5.7.1 $: _EDNSBL_MSG_
9440266059SGregory Neil Shapirodivert(-1)
95