1divert(-1) 2# 3# Copyright (c) 2001-2002, 2005 Sendmail, Inc. and its suppliers. 4# All rights reserved. 5# 6# By using this file, you agree to the terms and conditions set 7# forth in the LICENSE file which can be found at the top level of 8# the sendmail distribution. 9# 10# 11 12dnl ## This is a modified enhdnsbl, loosely based on the 13dnl ## original. 14dnl ## 15dnl ## Use it as follows 16dnl ## 17dnl ## HACK(dnsblaccess, domain, optional-message, tempfail-message, keytag) 18dnl ## 19dnl ## The first argument (domain) is required. The other arguments 20dnl ## are optional and have reasonable defaults. The 21dnl ## optional-message is the error message given in case of a 22dnl ## match. The default behavior for a tempfail is to accept the 23dnl ## email. A tempfail-message value of `t' temporarily rejects 24dnl ## with a default message. Otherwise the value should be your 25dnl ## own message. The keytag is used to lookup the access map to 26dnl ## further refine the result. I recommend a qualified keytag 27dnl ## (containing a ".") as less likely to accidently conflict with 28dnl ## other access tags. 29dnl ## 30dnl ## This is best illustrated with an example. Please do not use 31dnl ## the example, as it refers to a bogus lookup list. 32dnl ## 33dnl ## Suppose that you use 34dnl ## 35dnl ## HACK(dnsblaccess, `rbl.bogus.org',`',`t',bogus.tag) 36dnl ## 37dnl ## and suppose that your access map contains the entries 38dnl ## 39dnl ## bogus.tag:127.0.0.2 REJECT 40dnl ## bogus.tag:127.0.0.3 error:dialup mail from %1: listed at %2 41dnl ## bogus.tag:127.0.0.4 OK 42dnl ## bogus.tag:127 REJECT 43dnl ## bogus.tag: OK 44dnl ## 45dnl ## If an SMTP connection is received from 123.45.6.7, sendmail 46dnl ## will lookup the A record for 7.6.45.123.bogus.org. If there 47dnl ## is a temp failure for the lookup, sendmail will generate a 48dnl ## temporary failure with a default message. If there is no 49dnl ## A-record for this lookup, then the mail is treated as if the 50dnl ## HACK line were not present. If the lookup returns 127.0.0.2, 51dnl ## then a default message rejects the mail. If it returns 52dnl ## 127.0.0.3, then the message 53dnl ## "dialup mail from 123.45.6.7: listed at rbl.bogus.org" 54dnl ## is used to reject the mail. If it returns 127.0.0.4, the 55dnl ## mail is processed as if there were no HACK line. If the 56dnl ## address returned is something else beginning with 127.*, the 57dnl ## mail is rejected with a default error message. If the 58dnl ## address returned does not begin 127, then the mail is 59dnl ## processed as if the HACK line were not present. 60 61divert(0) 62VERSIONID(`$Id: dnsblaccess.m4,v 1.6 2005/07/25 23:32:05 ca Exp $') 63ifdef(`_ACCESS_TABLE_', `dnl', 64 `errprint(`*** ERROR: dnsblaccess requires FEATURE(`access_db') 65')') 66ifdef(`_EDNSBL_R_',`dnl',`dnl 67define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map. 68LOCAL_CONFIG 69# map for enhanced DNS based blacklist lookups 70Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5') 71') 72divert(-1) 73define(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl 74define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',`_ARG2_')')dnl 75define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl 76define(`_EDNSBL_KEY_', `ifelse(len(X`'_ARG4_),`1',`dnsblaccess',_ARG4_)')dnl 77divert(8) 78# DNS based IP address spam list _EDNSBL_SRV_ 79R$* $: $&{client_addr} 80dnl IPv6? 81R$-.$-.$-.$- $: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $) <>$1.$2.$3.$4 82R<?>OK<>$* $: OKSOFAR 83R<?>$+<TMP><>$* $: <? <TMPF>> 84R<?>$* $- .<>$* <$(access _EDNSBL_KEY_`:'$1$2 $@$3 $@`'_EDNSBL_SRV_ $: ? $)> $1 <>$3 85R<?>$* <>$* $:<$(access _EDNSBL_KEY_`:' $@$2 $@`'_EDNSBL_SRV_ $: ? $)> <>$2 86ifelse(len(X`'_ARG3_),`1', 87`R<$*<TMPF>>$* $: TMPOK', 88`R<$*<TMPF>>$* $#error $@ 4.4.3 $: _EDNSBL_MSG_TMP_') 89R<$={Accept}>$* $: OKSOFAR 90R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 91R<ERROR:$+> $* $#error $: $1 92R<DISCARD> $* $#discard $: discard 93R<$*> $* $#error $@ 5.7.1 $: _EDNSBL_MSG_ 94divert(-1) 95