source: trunk/third/sendmail/contrib/dnsblaccess.m4 @ 19204

Revision 19204, 4.0 KB checked in by zacheiss, 22 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r19203, which included commits to RCS files with non-trunk default branches.
Line 
1divert(-1)
2#
3# Copyright (c) 2001-2002 Sendmail, Inc. and its suppliers.
4#       All rights reserved.
5#
6# By using this file, you agree to the terms and conditions set
7# forth in the LICENSE file which can be found at the top level of
8# the sendmail distribution.
9#
10#
11
12dnl ##  This is a modified enhdnsbl, loosely based on the
13dnl ##  original.
14dnl ##
15dnl ##  Use it as follows
16dnl ##
17dnl ##  HACK(dnsblaccess, domain, optional-message, tempfail-message, keytag)
18dnl ##
19dnl ##  The first argument (domain) is required.  The other arguments
20dnl ##  are optional and have reasonable defaults.  The
21dnl ##  optional-message is the error message given in case of a
22dnl ##  match.  The default behavior for a tempfail is to accept the
23dnl ##  email.  A tempfail-message value of `t' temporarily rejects
24dnl ##  with a default message.  Otherwise the value should be your
25dnl ##  own message.  The keytag is used to lookup the access map to
26dnl ##  further refine the result.  I recommend a qualified keytag
27dnl ##  (containing a ".") as less likely to accidently conflict with
28dnl ##  other access tags.
29dnl ##
30dnl ##  This is best illustrated with an example.  Please do not use
31dnl ##  the example, as it refers to a bogus lookup list.
32dnl ##
33dnl ##  Suppose that you use
34dnl ##
35dnl ##  HACK(dnsblaccess, `rbl.bogus.org',`',`t',bogus.tag)
36dnl ##
37dnl ##  and suppose that your access map contains the entries
38dnl ##
39dnl ##  bogus.tag:127.0.0.2     REJECT
40dnl ##  bogus.tag:127.0.0.3     error:dialup mail from %1: listed at %2
41dnl ##  bogus.tag:127.0.0.4     OK
42dnl ##  bogus.tag:127           REJECT
43dnl ##  bogus.tag:              OK
44dnl ##
45dnl ##  If an SMTP connection is received from 123.45.6.7, sendmail
46dnl ##  will lookup the A record for 7.6.45.123.bogus.org.  If there
47dnl ##  is a temp failure for the lookup, sendmail will generate a
48dnl ##  temporary failure with a default message.  If there is no
49dnl ##  A-record for this lookup, then the mail is treated as if the
50dnl ##  HACK line were not present.  If the lookup returns 127.0.0.2,
51dnl ##  then a default message rejects the mail.  If it returns
52dnl ##  127.0.0.3, then the message
53dnl ##  "dialup mail from 123.45.6.7: listed at rbl.bogus.org"
54dnl ##  is used to reject the mail.  If it returns 127.0.0.4, the
55dnl ##  mail is processed as if there were no HACK line.  If the
56dnl ##  address returned is something else beginning with 127.*, the
57dnl ##  mail is rejected with a default error message.  If the
58dnl ##  address returned does not begin 127, then the mail is
59dnl ##  processed as if the HACK line were not present.
60
61divert(0)
62VERSIONID(`$Id: dnsblaccess.m4,v 1.1.1.1 2003-04-08 15:07:30 zacheiss Exp $')
63ifdef(`_ACCESS_TABLE_', `dnl',
64        `errprint(`*** ERROR: dnsblaccess requires FEATURE(`access_db')
65')')
66ifdef(`_EDNSBL_R_',`dnl',`dnl
67define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map.
68LOCAL_CONFIG
69# map for enhanced DNS based blacklist lookups
70Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
71')
72divert(-1)
73define(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl
74define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',`_ARG2_')')dnl
75define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl
76define(`_EDNSBL_KEY_', `ifelse(len(X`'_ARG4_),`1',`dnsblaccess',_ARG4_)')dnl
77divert(8)
78# DNS based IP address spam list _EDNSBL_SRV_
79R$*                     $: $&{client_addr}
80dnl IPv6?
81R$-.$-.$-.$-            $: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $) <>$1.$2.$3.$4
82R<?>OK<>$*              $: OKSOFAR
83R<?>$+<TMP><>$*         $: <? <TMPF>>
84R<?>$* $- .<>$*         <$(access _EDNSBL_KEY_`:'$1$2 $@$3 $@`'_EDNSBL_SRV_ $: ? $)> $1 <>$3
85R<?>$* <>$*             $:<$(access _EDNSBL_KEY_`:' $@$2 $@`'_EDNSBL_SRV_ $: ? $)> <>$2
86ifelse(len(X`'_ARG3_),`1',
87`R<$*<TMPF>>$*          $: TMPOK',
88`R<$*<TMPF>>$*          $#error $@ 4.7.1 $: _EDNSBL_MSG_TMP_')
89R<$={Accept}>$*         $: OKSOFAR
90R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
91R<ERROR:$+> $*          $#error $: $1
92R<DISCARD> $*           $#discard $: discard
93R<$*> $*                $#error $@ 5.7.1 $: _EDNSBL_MSG_
94divert(-1)
Note: See TracBrowser for help on using the repository browser.