Re: [Exim] dnslists modification (2nd time)

Top Page
Delete this message
Reply to this message
Author: Exim Users Mailing List
Date:  
To: Wakko Warner
CC: Exim Users Mailing List
Subject: Re: [Exim] dnslists modification (2nd time)
[ On Thursday, May 29, 2003 at 12:42:26 (-0400), Wakko Warner wrote: ]
> Subject: [Exim] dnslists modification (2nd time)
>
> Usage:
>     deny dnslists = some.blacklist.org!=127.0.0.3,127.0.0.4

>
> This is only an example. This means that if the IP is on the blacklist and
> matches the list, it will fail (thus will NOT deny).


FYI you might want to think of using CIDR netmasks in the list. Here's
how I did it for smail.

Smail's code is also GPL so I'm sure you could use it for Exim if you
wish. Note that only the very most recent "snapshot" has a fully
working implementation of the above, so just let me know if you'd like
asccess.


  Item Lists
       Some variables and attributes with the type of string are
       really lists of items (such as hostnames, hostname regular
       expressions, IP addresses, etc.).  Lists are normally sim-
       ply colon (:) separated values.  Generally the colon may
       be preceded and/or followed by arbitrary whitespace,
       though of course in an attribute value (i.e. anywhere
       except in the config file) this means the value must be
       quoted or the whitespace characters must be each escaped
       with a backslash (\).


       In some cases an optional semicolon (;) separated sub-
       field may be given to given with an item value as well.
       In that case the first sub-field is the primary item value
       and the second sub-field is, in most cases, a string
       treated as an error message or other descriptive text to
       be associated with the item.  Note that the message text
       is not quoted (and is not separately quotable) so it must
       not contain another colon (`:') character.  Escape pro-
       cessing as described above cannot protect a field separa-
       tor.  Note that in an attribute definition (i.e. anywhere
       except in the config file, though currently no attributes
       allow sub-fields) if you use the semicolon separator to
       specify a sub-field then you must either escape it with a
       backslash or enclose the entire attribute definition in
       double quotes.  The text message may contain semicolons
       itself though since it extends to the end of the field
       (i.e. to the next colon (`:') character).
       Items in a list of hostnames or IP addresses may be
       negated by prefixing them with an exclamation mark (!).
       When some value is being compared to the items in the list
       then a match of a negated item will cause the remainder of
       the items in the list to be ignored and for a no-match
       condition to be immediately indicated (thus implementing a
       ``first match wins'' algorithm).  For example in a list of
       IP addresses the following would match any address in the
       range 10.0.0.0 through 10.255.255.255 except 10.1.1.1:


           ! 10.1.1.1 : 10/8



   IP and IP Network Address Representation
       As mentioned above some lists may contain strings repre-
       senting IP addresses.  They are specified in a format com-
       patible with inet_net_pton(3).  Generally speaking this
       means a host may be specified in the standard four-octet
       ASCII form, and any CIDR network may be specified by a
       four-octet number follwed by a slash (`/') and a number
       specifying the number of bits in the network portion.


       The magic keyword localnet represents a run-time generated
       pattern constructed to represent the classical IP network
       for the local address of the current connection.  This
       keyword is of little use to anyone using either a super-
       net, or a subnet of anything larger than a Class C (/24)
       network.


       Optionally if smail has been compiled with ``HAVE=LIBWHO-
       SON'' then there is also support for a magic keyword
       whoson which can be used to query a WHOSON server for
       additonal IP numbers which are currently authorised to
       relay mail remotely via SMTP.


   Hostname Regular Expressions
       As mentioned above some lists may contain hostname regular
       expressions.  These are simply regular expression strings
       which are matched against hostnames.  The expression is
       implicitly anchored at the beginning and end of the host-
       name.


       Note that the backslash character (`\') must be quoted
       with itself since it is also the escape character for all
       configuration entries.


       Note that a case-insensitive match is always done if the
       host platform's underlying regular expression library is
       POSIX compliant.



And here's an example of IP lists in use for DNS blacklists:

smtp_rbl_domains="\
:dev.null.dk; 127/8\
:dnsbl.njabl.org; 127.0.0.2, 127.0.0.3\
:relays.osirusoft.com; 127.0.0.2, 127.0.0.3, 127.0.0.4, 127.0.0.5, 127.0.0.6, 12
7.0.0.7, 127.0.0.8\
:relays.ordb.org; 127/8\
:list.dsbl.org; 127/8\
:multihop.dsbl.org; 127/8\
:dnsbl.sorbs.net; 127/8\
:orbs.dorkslayers.com; 127.0.0.2\
:spamsources.fabel.dk; 127.0.0.2\
:blackholes.five-ten-sg.com; 127.0.0.2, 127.0.0.3, 127.0.0.4, 127.0.0.5\
:bl.spamcop.net; 127.0.0.2\
:blackholes.easynet.nl; 127.0.0.2\
:dynablock.easynet.nl; 127.0.0.2\
:blacklist.spambag.net; 127.0.0.2\
"

And another example for the greeting ACL (the text portion is sent in
the SMTP error response):

smtp_hello_reject_hosts="\
:63.228.58.3/24;the spammers at freehelpdaily.com. \
By all rights I should be blocking all of USW-INTERACT99, \
however I'll be semi-nice and just whack the /24.\
:168.229.204.254;mail.rih.org, which is running a broken AppleShare mailer \
that doesn't believe an error code from MAIL FROM, and doesn't have \
a decent retry time. Force an early reject to get it to go away. \
If/when they ever upgrade to the supposedly fixed AppleShare IP Mail \
Server 6.0, then we can maybe let them try again.\
:206.26.195.192/26;HAKEN ELECTROMECHANICS (NETBLK-CW-206-26-195-192) -- stockpost.net, you idiots spam postmasters!\
:206.190.224.145/24;NETBLK-MIBX -- you are home of the paid4survey.net spammers, go away!\
:207.67.128/20;VRIO-207-067-128 -- host of spammer etransmail2.com, you may not send mail from that network!\
:207.217.0.0/16;Earthlink -- a spammer haven like no other!\
:209.10.179.0/24;Globix Corporation (NETBLK-GLOBIXBLK3) -- the riffage.com spammer lives there!\
:209.167.79.0/24;Media Synergy Inc. (NETBLK-MEDSYN4UU1) -- the flonetwork.com spammer lives there!\
:209.178.0.0/18;Earthlink -- a spammer haven like no other!\
:211.58.56.0/24;HANARO Telecom hananet.net -- too many open relays!\
:212.175.216.0/24;sim.com.tr (SIM-ELK-NET) -- go away spammer!\
:212.150.46.0/24;BARAK-3 -- barak.net.il is home to too many spammers!\
:212.150.47.0/24;BARAK-3 -- barak.net.il is home to too many spammers!\
:212.150.48.0/24;BARAK-3 -- barak.net.il is home to too many spammers!\
:212.150.49.0/24;BARAK-3 -- barak.net.il is home to too many spammers!\
:216.32.218.0/24;apparently mypoints.com -- you idiots spammed my <abuse> mailbox! (part of NETBLK-ECI-7)\
:216.33.87.0/24;apparently mypoints.com -- you idiots spammed my <abuse> mailbox! (part of NETBLK-ECI-7)\
:216.225/16;Netname FREEI-BLK1, Netblock 216.225.0.0 - 216.225.255.255\
:216.216.0.128/28;ETRACKS.COM spammer, Netname ATWORK-39479-34191, Netblock 216.216.0.128 - 216.216.0.255\
:217.6.124.154/24;Blocking spammer at de.multi-support.com - detailed RIPE assignment missing, assuming /24\
"

--
                                Greg A. Woods


+1 416 218-0098;            <g.a.woods@???>;           <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>