3 # Copyright (c) 2001-2002, 2005 Proofpoint, Inc. and its suppliers.
6 # By using this file, you agree to the terms and conditions set
7 # forth in the LICENSE file which can be found at the top level of
8 # the sendmail distribution.
12 dnl ## This is a modified enhdnsbl, loosely based on the
15 dnl ## Use it as follows
17 dnl ## HACK(dnsblaccess, domain, optional-message, tempfail-message, keytag)
19 dnl ## The first argument (domain) is required. The other arguments
20 dnl ## are optional and have reasonable defaults. The
21 dnl ## optional-message is the error message given in case of a
22 dnl ## match. The default behavior for a tempfail is to accept the
23 dnl ## email. A tempfail-message value of `t' temporarily rejects
24 dnl ## with a default message. Otherwise the value should be your
25 dnl ## own message. The keytag is used to lookup the access map to
26 dnl ## further refine the result. I recommend a qualified keytag
27 dnl ## (containing a ".") as less likely to accidently conflict with
28 dnl ## other access tags.
30 dnl ## This is best illustrated with an example. Please do not use
31 dnl ## the example, as it refers to a bogus lookup list.
33 dnl ## Suppose that you use
35 dnl ## HACK(dnsblaccess, `rbl.bogus.org',`',`t',bogus.tag)
37 dnl ## and suppose that your access map contains the entries
39 dnl ## bogus.tag:127.0.0.2 REJECT
40 dnl ## bogus.tag:127.0.0.3 error:dialup mail from %1: listed at %2
41 dnl ## bogus.tag:127.0.0.4 OK
42 dnl ## bogus.tag:127 REJECT
45 dnl ## If an SMTP connection is received from 123.45.6.7, sendmail
46 dnl ## will lookup the A record for 7.6.45.123.bogus.org. If there
47 dnl ## is a temp failure for the lookup, sendmail will generate a
48 dnl ## temporary failure with a default message. If there is no
49 dnl ## A-record for this lookup, then the mail is treated as if the
50 dnl ## HACK line were not present. If the lookup returns 127.0.0.2,
51 dnl ## then a default message rejects the mail. If it returns
52 dnl ## 127.0.0.3, then the message
53 dnl ## "dialup mail from 123.45.6.7: listed at rbl.bogus.org"
54 dnl ## is used to reject the mail. If it returns 127.0.0.4, the
55 dnl ## mail is processed as if there were no HACK line. If the
56 dnl ## address returned is something else beginning with 127.*, the
57 dnl ## mail is rejected with a default error message. If the
58 dnl ## address returned does not begin 127, then the mail is
59 dnl ## processed as if the HACK line were not present.
62 VERSIONID(`$Id: dnsblaccess.m4,v 1.7 2013/11/22 20:51:18 ca Exp $')
63 ifdef(`_ACCESS_TABLE_', `dnl',
64 `errprint(`*** ERROR: dnsblaccess requires FEATURE(`access_db')
66 ifdef(`_EDNSBL_R_',`dnl',`dnl
67 define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map.
69 # map for enhanced DNS based blacklist lookups
70 Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
73 define(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl
74 define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',`_ARG2_')')dnl
75 define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl
76 define(`_EDNSBL_KEY_', `ifelse(len(X`'_ARG4_),`1',`dnsblaccess',_ARG4_)')dnl
78 # DNS based IP address spam list _EDNSBL_SRV_
79 R$* $: $&{client_addr}
81 R$-.$-.$-.$- $: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $) <>$1.$2.$3.$4
83 R<?>$+<TMP><>$* $: <? <TMPF>>
84 R<?>$* $- .<>$* <$(access _EDNSBL_KEY_`:'$1$2 $@$3 $@`'_EDNSBL_SRV_ $: ? $)> $1 <>$3
85 R<?>$* <>$* $:<$(access _EDNSBL_KEY_`:' $@$2 $@`'_EDNSBL_SRV_ $: ? $)> <>$2
86 ifelse(len(X`'_ARG3_),`1',
87 `R<$*<TMPF>>$* $: TMPOK',
88 `R<$*<TMPF>>$* $#error $@ 4.4.3 $: _EDNSBL_MSG_TMP_')
89 R<$={Accept}>$* $: OKSOFAR
90 R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
91 R<ERROR:$+> $* $#error $: $1
92 R<DISCARD> $* $#discard $: discard
93 R<$*> $* $#error $@ 5.7.1 $: _EDNSBL_MSG_