dnsblaccess.m4 revision 266692 
1divert(-1)
2#
3# Copyright (c) 2001-2002, 2005 Proofpoint, Inc. and its suppliers.
4#	All rights reserved.
5#
6# By using this file, you agree to the terms and conditions set
7# forth in the LICENSE file which can be found at the top level of
8# the sendmail distribution.
9#
10#
11
12dnl ##	This is a modified enhdnsbl, loosely based on the
13dnl ##	original.
14dnl ##
15dnl ##	Use it as follows
16dnl ##
17dnl ##	HACK(dnsblaccess, domain, optional-message, tempfail-message, keytag)
18dnl ##
19dnl ##	The first argument (domain) is required.  The other arguments
20dnl ##	are optional and have reasonable defaults.  The
21dnl ##	optional-message is the error message given in case of a
22dnl ##	match.  The default behavior for a tempfail is to accept the
23dnl ##	email.  A tempfail-message value of `t' temporarily rejects
24dnl ##	with a default message.  Otherwise the value should be your
25dnl ##	own message.  The keytag is used to lookup the access map to
26dnl ##	further refine the result.  I recommend a qualified keytag
27dnl ##	(containing a ".") as less likely to accidently conflict with
28dnl ##	other access tags.
29dnl ##
30dnl ##	This is best illustrated with an example.  Please do not use
31dnl ##	the example, as it refers to a bogus lookup list.
32dnl ##
33dnl ##	Suppose that you use
34dnl ##
35dnl ##	HACK(dnsblaccess, `rbl.bogus.org',`',`t',bogus.tag)
36dnl ##
37dnl ##	and suppose that your access map contains the entries
38dnl ##
39dnl ##	bogus.tag:127.0.0.2	REJECT
40dnl ##	bogus.tag:127.0.0.3	error:dialup mail from %1: listed at %2
41dnl ##	bogus.tag:127.0.0.4	OK
42dnl ##	bogus.tag:127		REJECT
43dnl ##	bogus.tag:		OK
44dnl ##
45dnl ##	If an SMTP connection is received from 123.45.6.7, sendmail
46dnl ##	will lookup the A record for 7.6.45.123.bogus.org.  If there
47dnl ##	is a temp failure for the lookup, sendmail will generate a
48dnl ##	temporary failure with a default message.  If there is no
49dnl ##	A-record for this lookup, then the mail is treated as if the
50dnl ##	HACK line were not present.  If the lookup returns 127.0.0.2,
51dnl ##	then a default message rejects the mail.  If it returns
52dnl ##	127.0.0.3, then the message
53dnl ##	"dialup mail from 123.45.6.7: listed at rbl.bogus.org"
54dnl ##	is used to reject the mail.  If it returns 127.0.0.4, the
55dnl ##	mail is processed as if there were no HACK line.  If the
56dnl ##	address returned is something else beginning with 127.*, the
57dnl ##	mail is rejected with a default error message.  If the
58dnl ##	address returned does not begin 127, then the mail is
59dnl ##	processed as if the HACK line were not present.
60
61divert(0)
62VERSIONID(`$Id: dnsblaccess.m4,v 1.7 2013-11-22 20:51:18 ca Exp $')
63ifdef(`_ACCESS_TABLE_', `dnl',
64	`errprint(`*** ERROR: dnsblaccess requires FEATURE(`access_db')
65')')
66ifdef(`_EDNSBL_R_',`dnl',`dnl
67define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map.
68LOCAL_CONFIG
69# map for enhanced DNS based blacklist lookups
70Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
71')
72divert(-1)
73define(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl
74define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',`_ARG2_')')dnl
75define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl
76define(`_EDNSBL_KEY_', `ifelse(len(X`'_ARG4_),`1',`dnsblaccess',_ARG4_)')dnl
77divert(8)
78# DNS based IP address spam list _EDNSBL_SRV_
79R$*			$: $&{client_addr}
80dnl IPv6?
81R$-.$-.$-.$-		$: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $) <>$1.$2.$3.$4
82R<?>OK<>$*		$: OKSOFAR
83R<?>$+<TMP><>$*		$: <? <TMPF>>
84R<?>$* $- .<>$*		<$(access _EDNSBL_KEY_`:'$1$2 $@$3 $@`'_EDNSBL_SRV_ $: ? $)> $1 <>$3
85R<?>$* <>$*		$:<$(access _EDNSBL_KEY_`:' $@$2 $@`'_EDNSBL_SRV_ $: ? $)> <>$2
86ifelse(len(X`'_ARG3_),`1',
87`R<$*<TMPF>>$*		$: TMPOK',
88`R<$*<TMPF>>$*		$#error $@ 4.4.3 $: _EDNSBL_MSG_TMP_')
89R<$={Accept}>$*		$: OKSOFAR
90R<ERROR:$-.$-.$-:$+> $*	$#error $@ $1.$2.$3 $: $4
91R<ERROR:$+> $*		$#error $: $1
92R<DISCARD> $*		$#discard $: discard
93R<$*> $*		$#error $@ 5.7.1 $: _EDNSBL_MSG_
94divert(-1)
95