Table of Contents
Reputation - Realtime DNS based White/Black Lists (RWL/RBL)
ze-filter can make use of two kind of data distributed on DNS servers :
- Black/White list of IP addresses and hostnames - these lists may be used to dynamically define classes of SMTP clients based on the presence of these hosts inside DNS RBWL lists and use this both to impose or relax limits or to integrate this data into message score.
- Black list of domains found in URLs present in the body of messages - this is an alternative way to use the blacklist of URLs (instead of using Berkeley DB databases). Much easier to configure and maintain, but slower.
DNS based IP/NAME RBWL
ze-filter checks the IP address and hostname of unknown SMTP clients against DNS based reputation lists (blacklist or whitelist). If a match happens, the client is put in some defined network class, as shown below.
<DNS-IP-RBWL> dnswl.domain.com netclass=dnswl; odds=0.5000; code=all; onmatch=continue; checks=addr,name dnsbl.domain.com netclass=dnsbl; odds=2.0000; code=127.0.0.3,127.0.0.2; onmatch=continue; checks=addr,name </DNS-IP-RBWL>
netclass- the network class to be assigned to this client if the RBWL query matches
odds- not yet used. This variable shall define how this check contribute to the oracle score.
code- which codes returned by the query to be taken into account. This can be a list of values, or all if all returned values match.
onmatch- this variable can take the values continue or stop, and tells if subsequent RBWLs shall still be checked when this RBWL matches
checks- this variable tells what is to be checked, name (hostname), addr (address) or both.
DNS based URLBL
<DNS-URLBL> multi.surbl.org score=20.000,code=all;onmatch=stop;recurse=yes </DNS-URLBL>
multi.surbl.org, you shall check how you can access surbl.org data : public DNS servers or a local DNS server, and the kind of service :
Sponsored Use. More information is available at http://www.surbl.org/usage-policy.html.