googlee07@yahoo.com writes:

> On Dec 12, 12:25 pm, Andrzej Adam Filip <a...@onet.eu> wrote: 
>
> why do you use 'anfi' when res doesn't have it in his feature line?

Because I have decided to use such "naming convention" for FEATURES that
are supported by me as part of open-sendmail at sourceforge.net
http://open-sendmail.sourceforge.net/
[licencing allows sendmail.org to include it i sendmail distribution]

anfi/require_rdns is a slightly modified version of require_rdns
 
>
> love a sample.
>
> i hadn't thought to blacklist country ips but it does make sense and a
> very good idea assuming one knows who their mail clients will be..

Blocking "by country of origin" (based on IP address without RDNS queries)
is possible with FEATURE(`enhdnsbl') [provided by sendmail.org] and
(e.g.) zz.countries.nerd.dk.

FEATURE(`anfi/rsdnsbl') allows more subtle use:]
it allows to deploy *EXTRA* tests for "suspicious neighborhoods",
test you are willing to spare for good neighborhoods.
[it says under which condition to skip *later* enhdns and
anfi/rquire_rdns tests.

example:
Below please find an example configuration for a company in Poland
exporting to Germany. Its DNSBL checks is grouped into three "zones"

+ Poland and Germany are in "good" zone
["good" zone tests]
+ Addresses outside Poland and Germany  and not listed by l2.apews.org
are in "typical zone"
["good" and "typical" zones tests]
+ Addresses outside Poland and Germany and listed by l2.apews.org
are in "bad zone"
["good", "typical" and "bad" zones tests]

l2.apews.org list "the worse half" (~42%) of the Internet.
IP addresses listed by it will get "extra caution" without being
blocked *ONLY* for being listed by l2.apews.org

#v+
FEATURE(`anfi/countries')dnl list of country codes
dnl ------------------------------------------------------

dnl
dnl  Part for DNSBL test for all (good & typical & bad)
dnl

dnl ------------------------------------------------------
FEATURE(`anfi/rsdnsbl',`zz.countries.nerd.dk',`whitelist',`',
C2_PL,C2_DE)dnl
dnl IP addresses in in Poland and Germany are excluded from
dnl tests below (up to 6 countries may be listed)
dnl -------------------------------------------------------

dnl
dnl  Part for DNSBL test for typical & bad
dnl

FEATURE(`anfi/rsdnsbl',`forgedignore')dnl
dnl require PTR record ignore lack of closed PTR-A loop

dnl reject dynamic IP addresses
FEATURE(`enhdnsbl', `pbl.spamhaus.org',
`"553 Dynamic IP Address - See http://www.spamhaus.org/query/bl?ip="$&{
client_addr}',
`', `127.0.0.10.',`127.0.0.11.')dnl


dnl -------------------------------------------------------
FEATURE(`anfi/rsdnsbl',`l2.apews.org',`blacklist',`')dnl
dnl tests below are conducted only for IP addresses
dnl listed byl2.apews.org (the worse half of the Internet)
dnl -------------------------------------------------------

dnl
dnl Part for DNSBL test for bad
dnl

FEATURE(`anfi/rsdnsbl',`forgedperm')
dnl forgedperm changes replies on FORGED from 4?? to 5??
#v-

URL(s):
* Homesite of anfi/* features
http://open-sendmail.sourceforge.net/
* Download of anfi/rsdnsbl, anfi/countries and `anfi/rsdnsbl
[url]http://sourceforge.net/project/showfiles.php?group_id=187085&package_id=228383[/ur
l]

P.S.
Another variant may use l2.apews.org for blocking only if connecting IP
is located in "high spam" countries (e.g. China, Republic of Korea).

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/

[ Post a follow-up to this message ]