I added a number of new lists. Some of these may not be useful for
anything but thought I'd put them out there in case someone figures out
a use. Constructive Feedback appreciated.
http://wiki.ctyme.com/index.php/Registrar_Barrier_DNS_List
Registrar Barrier DNS List
From Computer Tyme Support Wiki
Jump to: navigation
<
http://wiki.ctyme.com/index.php/Registrar_Barrier_DNS_List#column-one>,
search
<
http://wiki.ctyme.com/index.php/Registrar_Barrier_DNS_List#searchInput>
Contents
[hide <javascript:toggleToc()>]
* 1 DNS Lookup to Separate the domain part of a hostname
<http://wiki.ctyme.com/index.php/Registrar_Barrier_DNS_List#DNS_Lookup_to_Separate_the_domain_part_of_a_hostname>
o 1.1 Exim Configuration
<http://wiki.ctyme.com/index.php/Registrar_Barrier_DNS_List#Exim_Configuration>
* 2 Other DNS Lists
<http://wiki.ctyme.com/index.php/Registrar_Barrier_DNS_List#Other_DNS_Lists>
o 2.1 Free Mail Domains List
<http://wiki.ctyme.com/index.php/Registrar_Barrier_DNS_List#Free_Mail_Domains_List>
o 2.2 ISP Hosts List
<http://wiki.ctyme.com/index.php/Registrar_Barrier_DNS_List#ISP_Hosts_List>
o 2.3 HELO Match List
<http://wiki.ctyme.com/index.php/Registrar_Barrier_DNS_List#HELO_Match_List>
[edit
<
http://wiki.ctyme.com/index.php?title=Registrar_Barrier_DNS_List&action=edit§ion=1>]
DNS Lookup to Separate the domain part of a hostname
This DNS lookup helps you find the main domain part (Registrar Barrier)
of a hostname. Sometimes it is reffered to as two level TLDs and three
level TLDs. Lookups are accomplished through DNS calls as follows:
dig perkel.com.rb.junkemailfilter.com - returns 127.0.0.1
dig perkel.co.uk.rb.junkemailfilter.com - returns 127.0.0.2
dig perkel.state.ca.us.rb.junkemailfilter.com - returns 127.0.0.3
This is a service of Junk Email Filter dot com
<
http://www.junkemailfilter.com>. One of many technologies used in
advanced email filtering.
[edit
<
http://wiki.ctyme.com/index.php?title=Registrar_Barrier_DNS_List&action=edit§ion=2>]
Exim Configuration
If you are running Exim <
http://www.exim.org> you can use this as follows:
# This example calls rb_resolve as an ACL subroutine setting acl_c_sender_host_domain
# from $acl_c_rb_result. Using the acl subroutine allows you to extract the
# registrar barrier part from and host string such as HELO.
warn set acl_c_rb_query = $sender_host_name
acl = rb_resolve
set acl_c_sender_host_domain = $acl_c_rb_result
# ACL Subroutine that returns that registry barrier part of a string. The string is
# passed in acl_c_rb_query and returned in acl_c_rb_result.
# Example: mx.junkemailfilter.com returns junkemailfilter.com
rb_resolve:
# Separates the domain part of a hostname -
ftp.perkel.com returns perkel.com
# DNS lookup returns 127.0.0.1 for single level domains
# DNS lookup returns 127.0.0.2 for two level domains
# DNS lookup returns 127.0.0.3 for three level domains
warn set acl_c_rb_result =
set acl_c_rb_query = ${lc:$acl_c_rb_query}
accept condition = ${if eq{$acl_c_rb_query}{}}
accept !dnslists = rb.junkemailfilter.com/$acl_c_rb_query
accept condition = ${if eq{$dnslist_value}{127.0.0.1}}
set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*)$\N}{\$2}}
accept condition = ${if eq{$dnslist_value}{127.0.0.2}}
set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*\..*)$\N}{\$2}}
accept condition = ${if eq{$dnslist_value}{127.0.0.3}}
set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*\..*\..*)$\N}{\$2}}
accept
[edit
<
http://wiki.ctyme.com/index.php?title=Registrar_Barrier_DNS_List&action=edit§ion=3>]
Other DNS Lists
Junk Email Filter produces a number of other lists that return
information about host names.
[edit
<
http://wiki.ctyme.com/index.php?title=Registrar_Barrier_DNS_List&action=edit§ion=4>]
Free Mail Domains List
These are a list of host names of provider of free email accounts that
are often used for fraud scams. The list includes names like yahoo.com,
hotmail.com, gmail.com. This is not a block list. It is used to
determine if the account used comes from a freemail provider.
Usage:
dig yahoo.com.freemaildomains.junkemailfilter.com
For example. Spammers sometimes send email from a hotmail.com account
and have the reply-to set to a gmail.com account. That way when the
sender gets shut down for spamming the reply-to still works.
Here's an example of an Exim rule to block this.
# Freemail Tests
warn dnslists = freemaildomains.junkemailfilter.com/${domain:${lc:$h_From:}}
add_header = X-Freemail-From: ${domain:${lc:$h_From:}}
set acl_c_freemail = yes
set acl_c_freemail_from = ${domain:${lc:$h_From:}}
warn dnslists = freemaildomains.junkemailfilter.com/${domain:${lc:$h_Reply-to:}}
add_header = X-Freemail-Reply-to: ${domain:${lc:$h_Reply-to:}}
set acl_c_freemail = yes
set acl_c_freemail_reply = ${domain:${lc:$h_Reply-to:}}
deny condition = ${if def:acl_c_freemail}
condition = ${if eq{$sender_host_name}{}}
deny condition = ${if def:acl_c_freemail_reply}
condition = ${if def:acl_c_freemail_from}
!condition = ${if eqi{${local_part:$h_From:}@${domain:$h_From:}} \
{${local_part:$h_Reply-to:}@${domain:$h_Reply-to:}}}
[edit
<
http://wiki.ctyme.com/index.php?title=Registrar_Barrier_DNS_List&action=edit§ion=5>]
ISP Hosts List
The ISP list are domains that provide DSL or cable modem access to end
users. We use the list internally as an exclusion list when we test for
conditions excepting ISPs. This list is generated by using the registry
barrier of hosts that are classified as dynamic IP ranges. We don't know
how useful this list is to you but if you find a good use for it let us
know.
dig comcast.com.isphosts.junkemailfilter.com
[edit
<
http://wiki.ctyme.com/index.php?title=Registrar_Barrier_DNS_List&action=edit§ion=6>]
HELO Match List
This is another list we generate that seems like it should be useful but
haven't yet figures out how. This list matches the registry barrier of
the FCrDNS of the connecting host with the registry barrier of the HELO.
If they match it is more likely to be not spam than spam. If you find a
use for this let us know.
dig yahoo.com.helomatch.junkemailfilter.com
