Reputation - Realtime DNS based White/Black Lists (RWL/RBL)

ze-filter can make use of two kind of data distributed on DNS servers :

• Black/White list of IP addresses and hostnames - these lists may be used to dynamically define classes of SMTP clients based on the presence of these hosts inside DNS RBWL lists and use this both to impose or relax limits or to integrate this data into message score.

• Black list of domains found in URLs present in the body of messages - this is an alternative way to use the blacklist of URLs (instead of using Berkeley DB databases). Much easier to configure and maintain, but slower.

ze-filter checks the IP address and hostname of unknown SMTP clients against DNS based reputation lists (blacklist or whitelist). If a match happens, the client is put in some defined network class, as shown below.

<DNS-IP-RBWL> 
dnswl.domain.com    netclass=dnswl; odds=0.5000; code=all; onmatch=continue; checks=addr,name
dnsbl.domain.com    netclass=dnsbl; odds=2.0000; code=127.0.0.3,127.0.0.2; onmatch=continue; checks=addr,name
</DNS-IP-RBWL>

• netclass - the network class to be assigned to this client if the RBWL query matches
• odds - not yet used. This variable shall define how this check contribute to the oracle score.
• code - which codes returned by the query to be taken into account. This can be a list of values, or all if all returned values match.
• onmatch - this variable can take the values continue or stop, and tells if subsequent RBWLs shall still be checked when this RBWL matches
• checks - this variable tells what is to be checked, name (hostname), addr (address) or both.

<DNS-URLBL> 
multi.surbl.org    score=20.000,code=all;onmatch=stop;recurse=yes
</DNS-URLBL> 

• odds -
• score -
• code -
• onmatch -
• recurse -