Re: Anyone configured IMS 5.1 to work with Spamhaus?
- From: Bruno Delbono <bruno.s.delbono@xxxxxxx>
- Date: Sat, 10 Dec 2005 22:29:38 GMT
govindo@xxxxxxxxx wrote:
Please send me the configuration.
See below. Also ensure that you've cn/ch built the configuration and refreshed dispatcher.
---------------------mappings-------------------------------------- ! MTA mappings file ! for access control and other table lookups
PORT_ACCESS
*|*|*|*|* $C$|INTERNAL_IP;$3|$Y$E * $YEXTERNAL
INTERNAL_IP
$(10.10.33.245/24) $Y
127.0.0.1 $Y
*.*.*.* $C${TRUSTED|$0.0.0.0}$Y$E
*.*.*.* $C${TRUSTED|$0.$1.0.0}$Y$E
*.*.*.* $C${TRUSTED|$0.$1.$2.0}$Y$E
*.*.*.* $C${TRUSTED|$0.$1.$2.$3}$Y$E
* $N! ORIG_MAIL_ACCESS ! ! port_access-probe-info|app-info|submit-type|orig_send_access-probe-info ! ! The left hand side of the ORIG_MAIL_ACCESS mapping is of the format ! TCP|server-IP|server-port|client-IP|client-port|application|submit-type| ! source-channel|envelope-sender|destination-channel|envelope-recipient
! TCP|*|25|*|*|*|*|tcp_noscan|*|ims-ms|* $Y$E
ORIG_MAIL_ACCESS
! TCP|*|*|*|*|*|*|*||*|* $NCurrently$ under$ attack$ from$ spammers$ forging$ addrs$ in$ balius.com$E
TCP|*|25|*|*|*|*|tcp_noscan|*|*|* $Y$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|ALWAYS_ACCEPT_IP;$1|$Y$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|ALWAYS_ACCEPT;$8|$Y$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|ALWAYS_ACCEPT_SNDR;$6|$Y$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|REJECT_IP;$1|$N$ denied!$E
TCP|*|25|*|*|*|*|tcp_auth|*@*|*|* $Y$E
TCP|*|25|*|*|*|*|tcp_intranet|*@*|*|* $Y$E
TCP|*|25|*|*|*|*|*|*@*|*|* $C$|REJECT_FROM_USER;$6|$N$6$ bye$ bye$E
TCP|*|25|*|*|*|*|*|*@*|*|* $C$|REJECT_FROM_DOMAIN;$7|$N$7$ bye$ bye$E
TCP|*|25|*|*|*|*|*|*@*.*.*|*|* $C$|REJECT_FROM_DOMAIN;$8.$9|$N$8$.$9$ bye$ bye$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|REJECT_VIRUS;$6|$N$6$ Come$ back$ when$ you$ \
have$ a$ <http://www.apple.com/>$ Macintosh$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|REJECT_FROM_USER_DOMAIN;$6|$N$6$ bye$ bye$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|REJECT_TO_USER_DOMAIN;$8|$N$8$ Unknown$ recipient$E
TCP|*|25|*|*|*|*|*|*|*|*@* $C$|REJECT_TO_USER;$8|$N$8$ refused$E
TCP|*|25|*.*.*.*|*|*|*|*|*|*|* $C$|BLACKLIST;$1.$2.$3.$4|$N$E
TCP|*|25|*|*|*|*|*|*@*|*|* $C$|RATE_LIMIT;$1|$[IMTA_LIB:conn_throttle.so,throttle_p,$1,1]\
$N$ Too$ much$ mail$ reduce$ connections$ per$ minute$E
TCP|*|25|*|*|*|*|tcp_local|*@*|*|* $C$|CHECK_DOMAIN;$6|$Y$E
TCP|*|25|*|*|*|*|*|*@*|*|* $X5.5.5|$NInvalid$ host/domain:$7
! reject_ip - checks the client address against the general.db, if found, reject
! the connection, right then.
! rate_limit - will check the client address against the general.db, if found
! will limit the number of connections/minute from that address. (Only available
! on iMS and SIMS.
! check_domain - checks the @domain porition of the envelope from to be sure
! it is valid. The dns_verify routine will return a positive match if a
! "server error" is returned, so some bad domain mail could slip through
! which is probably a good thing.
! We need the ip_addr back to pass to the throttle lib, thus ! the $0.$1.$2.$3 notation on the result
RATE_LIMIT
*.*.*.* $C${RATE|$0.0.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${RATE|$0.$1.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${RATE|$0.$1.$2.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${RATE|$0.$1.$2.$3}$Y$0.$1.$2.$3$E
REJECT_IP
*.*.*.* $C${rip|$0.0.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${rip|$0.$1.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${rip|$0.$1.$2.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${rip|$0.$1.$2.$3}$Y$0.$1.$2.$3$E
ALWAYS_ACCEPT
* $C${ALWAYS|$0}$YALWAYS_ACCEPT_IP
*.*.*.* $C${ALWAYS_IP|$0.0.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${ALWAYS_IP|$0.$1.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${ALWAYS_IP|$0.$1.$2.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${ALWAYS_IP|$0.$1.$2.$3}$Y$0.$1.$2.$3$EALWAYS_ACCEPT_SNDR
* $C${ALWAYS|$0}$Y
REJECT_FROM_USER_DOMAIN
* $C${rfud|$0}$YREJECT_VIRUS
* $C${virus|$0}$YREJECT_FROM_USER
* $C${rfu|$0}$Y
REJECT_FROM_DOMAIN
* $C${rfd|$0}$YREJECT_TO_USER
* $C${rtu|$0}$Y
REJECT_TO_USER_DOMAIN
* $C${rtud|$0}$YDELAY_FROM_USER_DOMAIN
* $C${DELAY_FROM_USER_DOMAIN|$0}$YDELAY_FROM_USER
* $C${DELAY_FROM_USER|$0}$YDELAY_TO_USER
* $C${DELAY_TO_USER|$0}$Y
DELAY_TO_USER_DOMAIN
* $C${DELAY_TO_USER_DOMAIN|$0}$YDELAY_IP
* $C${DELAY_IP|$0}$Y
!INTERNAL_IP ! ! $(10.10.33.245/32) $Y ! *.*.*.* $C${TRUSTED|$0.0.0.0}$Y$E ! *.*.*.* $C${TRUSTED|$0.$1.0.0}$Y$E ! *.*.*.* $C${TRUSTED|$0.$1.$2.0}$Y$E ! *.*.*.* $C${TRUSTED|$0.$1.$2.$3}$Y$E ! 127.0.0.1 $Y ! * $N
LIST_AUTH
*;*|* $[IMTA_LIBUTIL,imdlauth,$2+$1@$0]
! ! src-channel|from-address|dst-channel|to-address !
ORIG_SEND_ACCESS
tcp_local|*|tcp_local|* $N$D30|Relaying$ not$ allowed
tcp_*|*|native|* $N
tcp_*|*|hold|* $N
tcp_*|*|pipe|* $N
tcp_*|*|ims-ms|* $N
!
! The following three lines stop mail from:<stop me now>
! being accepted, if the address is not qualified then
! go away, but accept NULLs, aka DSNs, we are required too
! plus it is just a very good idea.
!
tcp_*|*@*|*|* $Y$E
tcp_*||*|* $Y$E
tcp_*|*|*|* $N$D30Nice$ try,$ you'll$ to$ be$ more$ creative$ than$ $1,$ not$ accepted
!
! Block "external" submissions of explicitly source-routed "internal" addresses
!
tcp_local|*|tcp_intranet|@*:*.* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|*$%*@* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|*.*!*@* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|"*@*"@* $N$D30|Explicit$ routing$ not$ allowed
SEND_ACCESS
tcp_*|*|*|*@[127.*] $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@localhost.* $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@example.com $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@example.net $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@example.org $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@*.test $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@*.example $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@*.invalid $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@*.localhost $X5.1.2|$NBad$ destination$ system
!********************************************************************** ! ! Blacklist sites use different numbers to mean different things ! thus we want those reasons in the log files and thus a table ! for each site is needed. ! !**********************************************************************
! If the client address is found on one of the blacklist zones then ! this mapping needs to return $Y so that the orig_mail_access mapping ! is positive and thus the desired action is taken.
BLACKLIST
*.*.*.* $C$|SPAMHAUS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.sbl-xbl.spamhaus.org|%n|$$N|$$N]|$Y$E
*.*.*.* $C$|RBLPLUS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.rbl-plus.mail-abuse.org|%n|$$N|$$N]|$Y$E
*.*.*.* $C$|SPAMCOP_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.bl.spamcop.net|%n|$$N|$$N]|$Y$E
*.*.*.* $C$|CBL_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.cbl.abuseat.org|%n|$$N|$$N]|$Y$E
*.*.*.* $C$|NJABL_ORG_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.dnsbl.njabl.org|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|RHSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! probably should not use the overall lookup as they have been listing the MTAs for large ISPs
! and well duh, their users could be sending to spam trap addresses, the rest of the ISPs
! customers should not be punished for such behavior, but alas this is what we get
! for using a RBL by someone else.
!
*.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
!
!
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.http.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.socks.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.misc.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.smtp.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.web.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.zombie.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! working RBL+ lookup
*.*.*.* $C$|RBLPLUS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,+$3.$2.$1.$0.rbl-plus.mail-abuse.org+%n+$$N+$$N]|$N$E
! This table checks to make sure the domain exists in DNS ! probably the exact equiv of mailfromdnsverify keyword
CHECK_DOMAIN
* $E$[IMTA_LIB:dns_verify.so,dns_verify,$0.|$$Y|$$N%e]$E
RHSBL_SORBS_TYPE
*.127.0.0.11 $Y$ Badly$ configured$ MX/A$ record$ See$ <URL:http://www.dnsbl.sorbs.net/>
*.127.0.0.12 $Y$ Your$ domain$ requests$ nomail$ See$ <URL:http://www.dnsbl.sorbs.net/>
DNSBL_SORBS_TYPE
*.127.0.0.2 $Y$ Open$ HTTP$ Proxy$ See$ <URL:http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=$0>
*.127.0.0.3 $Y$ Open$ Socks$ Proxy$ See$ <URL:http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=$0>
*.127.0.0.4 $Y$ Open$ Proxy$ Server$ See$ <URL:http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=$0>
*.127.0.0.5 $Y$ Open$ SMTP$ Server$ See$ <URL:http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=$0>
*.127.0.0.6 $Y$ UBE/UCE$ Source$ See$ <URL:http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=$0>
*.127.0.0.7 $Y$ Web$ Server$ has$ vulnerabilities$ See$ <URL:http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=$0>
*.127.0.0.8 $Y$ Refused$ testing$ See$ <URL:http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=$0>
*.127.0.0.9 $Y$ Hijacked$ network$ See$ <URL:http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=$0>
*.127.0.0.10 $Y$ Dynamic$ IP$ Range$ See$ <URL:http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=$0>
! I have not found a description of the type of entries found in SPAM COP's RBL.
! If you know of them, please let me know. Chad@xxxxxxxxxx
SPAMCOP_TYPE
*.127.0.0.2 $Y$ entry:$ $0$ found$ in$ <URL:http://spamcop.net/>
CBL_TYPE
*.127.0.0.2 $Y$ entry:$ $0$ found$ in$ <URL:http://cbl.abuseat.org/>
SPAMHAUS_TYPE
*.127.0.0.2 $Y$ Your$ IP$ Addr$ ($0)$ is$ listed$ in$ <URL:http://www.spamhaus.org/SBL>
NJABL_ORG_TYPE
*.127.0.0.2 $Y$ Open$ Relay$ See$ <URL:http://njabl.org/cgi-bin/lookup.cgi?query=$0>
*.127.0.0.3 $Y$ Dial$ Up$ or$ Dynamic$ IP$ Address$ See$ <URL:http://njabl.org/cgi-bin/lookup.cgi?query=$0>
*.127.0.0.4 $Y$ UBE/UCE$ Source$ See$ <URL:http://njabl.org/cgi-bin/lookup.cgi?query=$0>
*.127.0.0.5 $Y$ Multi-stage$ Open$ Relay$ See$ <URL:http://njabl.org/cgi-bin/lookup.cgi?query=$0>
*.127.0.0.8 $Y$ CGI$ or$ similar$ problem$ See$ <URL:http://njabl.org/cgi-bin/lookup.cgi?query=$0>
*.127.0.0.9 $Y$ Open$ Proxy$ server$ See$ <URL:http://njabl.org/cgi-bin/lookup.cgi?query=$0>
! The following table is derived from david20@xxxxxxxxxxxxxxxxxxxx ! and Steve +1 608 278 7700 <Stephen.L.Arnold@xxxxxxxxxx> via the ! info-pmdf mailing list.
RBLPLUS_TYPE
! The left hand side of the RBL_PLUS_TYPE mapping is the client IP
! address concatentated with the IP address returned from the RBL+ list.
! It returns the error message to send to the client.
*.127.1.0.1 $Y$ Blackholed:$ \
See$ <URL:http://mail-abuse.org/cgi-bin/lookup?$0>
*.127.1.0.2 $Y$ Dial-up$ IP$ $0:$ \
See$ <URL:http://mail-abuse.org/dul/>
*.127.1.0.3 $Y$ Blackholed$ and$ Dial-up$ IP:$ \
See$ <URL:http://mail-abuse.org/cgi-bin/lookup?$0>
*.127.1.0.4 $Y$ Open$ relay:$ \
See$ <URL:http://work-rss.mail-abuse.org/cgi-bin/nph-rss?query=$0>
*.127.1.0.5 $Y$ Blackholed$ and$ Open$ relay:$ \
See$ <URL:http://mail-abuse.org/cgi-bin/lookup?$0>
*.127.1.0.6 $Y$ Dial-up$ IP$ and $Open Relay:$ \
See$ <URL:http://work-rss.mail-abuse.org/cgi-bin/nph-rss?query=$0>
*.127.1.0.7 $Y$ Blackholde,$ Dial-up$ IP, $and$ Open$ relay:$ \
See$ <URL:http://mail-abuse.org/cgi-bin/lookup?$0>
<IMTA_TABLE:mappings.locale ---------------------mappings--------------------------------------
-- int main(){int O=0,s[]={0x84,0xe4,0xea,0xdc,0xde,0100,0xa6,'\\'\ ,0100,0x88,0xca,0xd8,0xc4,0xde,0xdc,0xde,0100,0xf8,0100,0170,0x\ c4,0xe4,0xea,0xdc,0xde,'\\',0xe6,'\\',0xc8,0xca,0xd8,0xc4,0xde,\ 0xdc,0xde,0x80,0xda,0xc2,0xd2,0xd8,'\\',0xc2,0xc6,0174,0100,0xf\ 8,0100,0xd0,0xe8,0xe8,0xe0,0164,0136,0136,0xee,0xee,0xee,'\\',0\ xda,0xc2,0xd2,0xd8,'\\',0xc2,0xc6,0x0};while(O<66){(s[O]==0)?pr\ intf("%c\n",(47<<2)>>2):printf("%c",s[O]>>1);++O;}return s[--O]\ ;} .
- References:
- Anyone configured IMS 5.1 to work with Spamhaus?
- From: govindo
- Anyone configured IMS 5.1 to work with Spamhaus?
- Prev by Date: Re: Is /bin/zip large file aware?
- Next by Date: Re: Is /bin/zip large file aware?
- Previous by thread: Re: Anyone configured IMS 5.1 to work with Spamhaus?
- Next by thread: Firefox 1.5 and SVG
- Index(es):
Relevant Pages
|
