This plugin provides DNSBL/DNSWL checking of sender's IP address and to defer, reject or accept mails based on its check. This plugin will add its checking results to each mail message header for all mails accepted depending on environment variables configurations.
IMPORTANT: This plugin is written for and tested with mailfront 2.00.
If set, this plugin will be skipped.
If set, add to message header and skip the remaining checks. Example of message header added:
X-DNSBL-Check-Result: SKIPPED: $RELAYCLIENT is set for 1.2.3.4
If set and empty, add to message header and skip the remaining checks. If $RBLSMTPD is set and not empty, the reply code is set to 553 if the first character of $RBLSMTPD is "-" otherwise the reply code is set to 451. The reply message will be copied from $RBLSMTPD and will skip "-" if it is the starting character of $RBLSMTPD. Examples of smtp.rules for tcprules:
1.1.1.1:allow,RBLSMTPD="" 2.2.2.2:allow,RBLSMTPD="-Your IP is listed in our denied list." 3.3.3.3:allow,RBLSMTPD="Your IP is listed in our denied list."
The above will cause this plugin to accept mails from IP 1.1.1.1, reject mails from IP 2.2.2.2 and defer mails from IP 3.3.3.3. Below are the reply to sender's IP 2.2.2.2 and 3.3.3.3 respectively:
553 Your IP is listed in our denied list. 451 Your IP is listed in our denied list.
Example of message header added for IP 1.1.1.1:
X-DNSBL-Check-Result: SKIPPED: $RBLSMTPD is set and empty for 1.1.1.1
This is the list of servers/domains to check for whitelisting (DNSWL). If $RWLDOMAINS is set and not empty, the domains listed will be used for DNSWL checking. Each domain needs to be seperated with a SPACE or a colon ":".
This is a file with list of servers/domains to check for whitelisting (DNSWL). This will only be used if $RWLDOMAINS is not set. i.e. copy the content into $RWLDOMAINS. If $RWLDOMAINSFILE not set will default to /var/qmail/control/rwldomains for IPv4 and /var/qmail/control/rwldomains6 for IPv6 which are defined as constant of DNSBL_RWLDOMAINS_FILE and DNSBL_RWLDOMAINS_FILE_IPV6. Format in this file is one domain per line. Lines started with # are ignored.
This is the list of servers/domains to check for blacklisting (DNSBL). If $RBLDOMAINS is set and not empty, the domains listed will be used for DNSBL checking. Each domain needs to be seperated with a SPACE or a colon ":".
This is a file with list of servers/domains to check for blacklisting (DNSBL). This will only be used if $RBLDOMAINS is not set. i.e. copy the content into $RBLDOMAINS. If $RBLDOMAINSFILE not set will default to /var/qmail/control/rbldomains for IPv4 and /var/qmail/control/rbldomains6 for IPv6 which are defined as constant of DNSBL_RBLDOMAINS_FILE and DNSBL_RBLDOMAINS_FILE_IPV6. Format in this file is one domain per line. Lines started with # are ignored.
NOTE: If $RWLDOMAINS and $RBLDOMAINS not set or empty, add to mail message header and skip the DNSWL/DNSBL checks. Example of mail header added:
X-DNSBL-Check-Result: SKIPPED: $RWLDOMAINS and $RBLDOMAINS not set or empty for 1.2.3.4
If set, sender will be rejected with reply code 553 if sender's IP is listed in one of the $RBLDOMAINS domain. If sender's IP is listed in one of the $RWLDOMAINS domains, mail message will be accepted as this plugin take preference of $RWLDOMAINS domains then $RBLDOMAINS domains.
If $DNSBL_CHECK_DEFER is set, sender will be rejected with reply code 451 if sender's IP is listed in one of the $RBLDOMAINS domain. If sender's IP is listed in one of the $RWLDOMAINS domains, mail message will be accepted as this plugin take preference of $RWLDOMAINS domains then $RBLDOMAINS domains.
NOTE: $DNSBL_CHECK_REJECT take preference of $DNSBL_CHECK_DEFER.
If $DNSBL_CHECK_VERBOSE is set, this plugin will log its checking to stderr.
If sender is authenticated, add to message header and skip the DNSWL/DNSBL checks. Example of message header added:
X-DNSBL-Check-Result: SKIPPED: authenticated user from 1.2.3.4
Mails that are rejected/deferred due to blacklist, this plugin will use the first listed domain's TXT record in its reply message. If there isn't such will default to the following:
Sorry, your ip ${PROTO}REMOTEIP is listed in one or more of the DNSBL: $RBLDOMAINS
The ${PROTO}REMOTEIP and $RBLDOMAINS will be parsed accordingly.
If sender's IP is listed in one of the $RWLDOMAINS domain, instead of rejecting/deferring mail, mail message will be accepted and all the DNSWL/DNSBL check results will be added to each mail message header.
If $DNSBL_CHECK_REJECT and $DNSBL_CHECK_DEFER not set, all mail message will be accepted with DNSWL/DNSBL check results added to each mail message header.
This plugin starts to check the environment variables configurations and do all its checking for listing in $RWLDOMAINS and $RWLDOMAINS after sender issued the MAIL FROM command.
If sender's IP is listed in one of the $RBLDOMAINS domain and not in any of the $RWLDOMAINS domain, then sender will be rejected/deferred depending whether $DNSBL_CHECK_REJECT or $DNSBL_CHECK_DEFER is set.
None
All mails pass the DNSBL checks or sender's IP is listed in one of the $RWLDOMAINS domain or $DNSBL_CHECK_DEFER and $DNSBL_CHECK_REJECT are not set, the results will be added to each mail message header.
An example in one of my personal mail headers as I didn't set $DNSBL_CHECK_DEFER or $DNSBL_CHECK_REJECT:
X-DNSBL-Check-Result: FAILED for ip 114.39.67.75 X-DNSBL-Check-Report: rbldomain=zen.spamhaus.org result=http://www.spamhaus.org/query/bl?ip=114.39.67.75 X-DNSBL-Check-Report: rbldomain=cbl.abuseat.org result=Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=114.39.67.75 X-DNSBL-Check-Report: rbldomain=dnsbl.sorbs.net result=Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?114.39.67.75
An example of headers for listed in one of the $RWLDOMAINS domain (look for X-DNSWL-Check-Report):
X-DNSBL-Check-Result: PASSED for 1.2.3.4 X-DNSWL-Check-Report: rwldomain=rwl.yourdomain.com result=whitelist IP X-DNSBL-Check-Report: rbldomain=rbl.other1.com result=whatever X-DNSBL-Check-Report: rbldomain=rbl.other2.com result=whatever X-DNSBL-Check-Report: rbldomain=rbl.other3.com result=whatever
If sender is authenticated, then this plugin will skip the DNSWL/DNSBL checks and add information about it in the mail header.
None