New mod_dnsbl_lookup release

Mon, 15 Aug 2005 21:03:30 -0700 

I don't have svn access yet, but I have posted the module here:
http://www.sysdesign.ca/archive/mod_dnsbl_lookup-0.91.tar.gz

This is much improved from my earlier 0.90, taking advice from Colm. With 
this new style of configuration the module can be used more flexibly for 
blacklists, whitelists, or other things. Configuration now looks like:

DnsblZone spammers      sbl.spamhaus.org.       any
DnsblZone spammers      dnsbl.sorbs.net.        127.0.0.5
DnsblZone spammers      dnsbl.sorbs.net.        127.0.0.6
DnsblZone whitelist     customers.dnsbl any
RhsblZone spammers      rhsbl.ahbl.org. 127.0.0.2

The README in the above tarball is very thorough and describes how to use 
the module's functions. I'm interested in adding the functionality into 
mod_smtpd of course. Rian and Nick: how should we proceed on that?

Here in brief is a relevant part of my README

===========================
4. Using from mod_smtpd
===========================

The function calls work in isolation, without requiring any prior setup 
before using DNSBLs. The server configuration takes care of all 
DNSBL and RHSBL setup, including domains to query and responses to 
interpret as positive.

The important knowledge link between mod_dnsbl_lookup and its user, say 
mod_smtpd, is the chain name that defines the desired DNSBLs. Instead of 
hard coding a chain name, it makes much more sense to have a module such 
as mod_smtpd load during its configuration some chains to work with.

So mod_smtpd might have configuration directives such as:
SmtpBlacklistChain blackchain
SmtpWhitelistChain whitechain

Now mod_smtpd knows which chain to query for blacklisting purposes, and 
which chain to query for whitelisting purposes. The admin may leave either 
chain undefined of course and can easily modify the configuration by 
substituting different chain names (as used by DnsblZone and RhsblZone). 
The pseudo code within mod_smtpd might then be:

Attempt to load optional dnsbl_lookup functions
If functions are available
        If dnsbl_lookup_ip("whitechain", client) == DNSBL_POSITIVE
                return ALLOW_SERVICE    // even if blacklisted
        Else If dnsbl_lookup_ip("blackchain", client) == DNSBL_POSITIVE
                return DENY_SERVICE
return ALLOW_SERVICE    // default action

- Jem

Reply via email to