1 | divert(-1) |
---|
2 | # |
---|
3 | # Copyright (c) 2001-2002 Sendmail, Inc. and its suppliers. |
---|
4 | # All rights reserved. |
---|
5 | # |
---|
6 | # By using this file, you agree to the terms and conditions set |
---|
7 | # forth in the LICENSE file which can be found at the top level of |
---|
8 | # the sendmail distribution. |
---|
9 | # |
---|
10 | # |
---|
11 | |
---|
12 | dnl ## This is a modified enhdnsbl, loosely based on the |
---|
13 | dnl ## original. |
---|
14 | dnl ## |
---|
15 | dnl ## Use it as follows |
---|
16 | dnl ## |
---|
17 | dnl ## HACK(dnsblaccess, domain, optional-message, tempfail-message, keytag) |
---|
18 | dnl ## |
---|
19 | dnl ## The first argument (domain) is required. The other arguments |
---|
20 | dnl ## are optional and have reasonable defaults. The |
---|
21 | dnl ## optional-message is the error message given in case of a |
---|
22 | dnl ## match. The default behavior for a tempfail is to accept the |
---|
23 | dnl ## email. A tempfail-message value of `t' temporarily rejects |
---|
24 | dnl ## with a default message. Otherwise the value should be your |
---|
25 | dnl ## own message. The keytag is used to lookup the access map to |
---|
26 | dnl ## further refine the result. I recommend a qualified keytag |
---|
27 | dnl ## (containing a ".") as less likely to accidently conflict with |
---|
28 | dnl ## other access tags. |
---|
29 | dnl ## |
---|
30 | dnl ## This is best illustrated with an example. Please do not use |
---|
31 | dnl ## the example, as it refers to a bogus lookup list. |
---|
32 | dnl ## |
---|
33 | dnl ## Suppose that you use |
---|
34 | dnl ## |
---|
35 | dnl ## HACK(dnsblaccess, `rbl.bogus.org',`',`t',bogus.tag) |
---|
36 | dnl ## |
---|
37 | dnl ## and suppose that your access map contains the entries |
---|
38 | dnl ## |
---|
39 | dnl ## bogus.tag:127.0.0.2 REJECT |
---|
40 | dnl ## bogus.tag:127.0.0.3 error:dialup mail from %1: listed at %2 |
---|
41 | dnl ## bogus.tag:127.0.0.4 OK |
---|
42 | dnl ## bogus.tag:127 REJECT |
---|
43 | dnl ## bogus.tag: OK |
---|
44 | dnl ## |
---|
45 | dnl ## If an SMTP connection is received from 123.45.6.7, sendmail |
---|
46 | dnl ## will lookup the A record for 7.6.45.123.bogus.org. If there |
---|
47 | dnl ## is a temp failure for the lookup, sendmail will generate a |
---|
48 | dnl ## temporary failure with a default message. If there is no |
---|
49 | dnl ## A-record for this lookup, then the mail is treated as if the |
---|
50 | dnl ## HACK line were not present. If the lookup returns 127.0.0.2, |
---|
51 | dnl ## then a default message rejects the mail. If it returns |
---|
52 | dnl ## 127.0.0.3, then the message |
---|
53 | dnl ## "dialup mail from 123.45.6.7: listed at rbl.bogus.org" |
---|
54 | dnl ## is used to reject the mail. If it returns 127.0.0.4, the |
---|
55 | dnl ## mail is processed as if there were no HACK line. If the |
---|
56 | dnl ## address returned is something else beginning with 127.*, the |
---|
57 | dnl ## mail is rejected with a default error message. If the |
---|
58 | dnl ## address returned does not begin 127, then the mail is |
---|
59 | dnl ## processed as if the HACK line were not present. |
---|
60 | |
---|
61 | divert(0) |
---|
62 | VERSIONID(`$Id: dnsblaccess.m4,v 1.1.1.1 2003-04-08 15:07:30 zacheiss Exp $') |
---|
63 | ifdef(`_ACCESS_TABLE_', `dnl', |
---|
64 | `errprint(`*** ERROR: dnsblaccess requires FEATURE(`access_db') |
---|
65 | ')') |
---|
66 | ifdef(`_EDNSBL_R_',`dnl',`dnl |
---|
67 | define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map. |
---|
68 | LOCAL_CONFIG |
---|
69 | # map for enhanced DNS based blacklist lookups |
---|
70 | Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5') |
---|
71 | ') |
---|
72 | divert(-1) |
---|
73 | define(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl |
---|
74 | define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',`_ARG2_')')dnl |
---|
75 | define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl |
---|
76 | define(`_EDNSBL_KEY_', `ifelse(len(X`'_ARG4_),`1',`dnsblaccess',_ARG4_)')dnl |
---|
77 | divert(8) |
---|
78 | # DNS based IP address spam list _EDNSBL_SRV_ |
---|
79 | R$* $: $&{client_addr} |
---|
80 | dnl IPv6? |
---|
81 | R$-.$-.$-.$- $: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $) <>$1.$2.$3.$4 |
---|
82 | R<?>OK<>$* $: OKSOFAR |
---|
83 | R<?>$+<TMP><>$* $: <? <TMPF>> |
---|
84 | R<?>$* $- .<>$* <$(access _EDNSBL_KEY_`:'$1$2 $@$3 $@`'_EDNSBL_SRV_ $: ? $)> $1 <>$3 |
---|
85 | R<?>$* <>$* $:<$(access _EDNSBL_KEY_`:' $@$2 $@`'_EDNSBL_SRV_ $: ? $)> <>$2 |
---|
86 | ifelse(len(X`'_ARG3_),`1', |
---|
87 | `R<$*<TMPF>>$* $: TMPOK', |
---|
88 | `R<$*<TMPF>>$* $#error $@ 4.7.1 $: _EDNSBL_MSG_TMP_') |
---|
89 | R<$={Accept}>$* $: OKSOFAR |
---|
90 | R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 |
---|
91 | R<ERROR:$+> $* $#error $: $1 |
---|
92 | R<DISCARD> $* $#discard $: discard |
---|
93 | R<$*> $* $#error $@ 5.7.1 $: _EDNSBL_MSG_ |
---|
94 | divert(-1) |
---|