! VERSION=1.0
! Modified by IMS administration server on: Mon Jan 14 22:10:57 EST 2002
!
! $Id:$
!
! $Log:
!
!
NOSCAN_IP
$(192.168.1.5/24) $Y$E
* $N
CONVERSIONS
IN-CHAN=tcp_noscan;OUT-CHAN=*;CONVERT No
! IN-CHAN=tcp_auth;OUT-CHAN=*;CONVERT No
! IN-CHAN=tcp_*;OUT-CHAN=*;CONVERT Yes,Channel=tcp_scan
IN-CHAN=tcp_*;OUT-CHAN=*;CONVERT Yes
! the following is not working just yet
! MESSAGE-SAVE-COPY (UNDOCUMENTED)
! out-channel|from-address|D|msg-filename result
! *|*|D|PMDF_QUEUE:[*]* $YD1$$:[MSG_SAVE.$2]$3
!MESSAGE-SAVE-COPY
!
! ims-ms|*|D|/iplanet/msg-peppy/imta/queue/*/*/* $Y/iplanet/msg-peppy/imta/msg-save/$2/$3
! PORT_ACCESS
!
! TCP|server-address|server-port|client-address|client-port
!
PORT_ACCESS
TCP|*|*|*|* $C$|INTERNAL_IP;$2|$Y$E
* $YEXTERNAL
! Need to work on the randomize accept routine, not sure yet
! TCP|*|25|*|*|*|*|*|*@*|*|* $C$|DELAY_IP;$1|$Y$D6000
! TCP|*|25|*|*|*|*|*|*@*|*|* $C$|DELAY_FROM_USER;$6|$D6000
! TCP|*|25|*|*|*|*|*|*|*|* $C$|DELAY_FROM_USER_DOMAIN;$6|$D6000
! TCP|*|25|*|*|*|*|*|*|*|*@* $C$|DELAY_TO_USER;$8|$D6000
! TCP|*|25|*|*|*|*|*|*|*|* $C$|DELAY_TO_USER_DOMAIN;$8|$D6000
! ORIG_MAIL_ACCESS
!
! port_access-probe-info|app-info|submit-type|orig_send_access-probe-info
!
! The left hand side of the ORIG_MAIL_ACCESS mapping is of the format
! TCP|server-IP|server-port|client-IP|client-port|application|submit-type|
! source-channel|envelope-sender|destination-channel|envelope-recipient
! TCP|*|25|*|*|*|*|tcp_noscan|*|ims-ms|* $Y$E
ORIG_MAIL_ACCESS
! TCP|*|*|*|*|*|*|*||*|* $NCurrently$ under$ attack$ from$ spammers$ forging$ addrs$ in$ balius.com$E
TCP|*|25|*|*|*|*|tcp_noscan|*|*|* $Y$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|ALWAYS_ACCEPT_IP;$1|$Y$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|ALWAYS_ACCEPT;$8|$Y$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|ALWAYS_ACCEPT_SNDR;$6|$Y$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|REJECT_IP;$1|$N$ denied!$E
TCP|*|25|*|*|*|*|tcp_auth|*@*|*|* $Y$E
TCP|*|25|*|*|*|*|tcp_intranet|*@*|*|* $Y$E
TCP|*|25|*|*|*|*|*|*@*|*|* $C$|REJECT_FROM_USER;$6|$N$6$ bye$ bye$E
TCP|*|25|*|*|*|*|*|*@*|*|* $C$|REJECT_FROM_DOMAIN;$7|$N$7$ bye$ bye$E
TCP|*|25|*|*|*|*|*|*@*.*.*|*|* $C$|REJECT_FROM_DOMAIN;$8.$9|$N$8$.$9$ bye$ bye$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|REJECT_VIRUS;$6|$N$6$ Come$ back$ when$ you$ \
have$ a$ $ Macintosh$E
TCP|*|25|*|*|*|*|*|*|*|* $C$|REJECT_FROM_USER_DOMAIN;$6|$N$6$ bye$ bye$E
!
TCP|*|25|*|*|*|*|*|*|*|* $C$|REJECT_TO_USER_DOMAIN;$8|$N$8$ Unknown$ recipient$E
TCP|*|25|*|*|*|*|*|*|*|*@* $C$|REJECT_TO_USER;$8|$N$8$ refused$E
!
TCP|*|25|*.*.*.*|*|*|*|*|*|*|* $C$|BLACKLIST;$1.$2.$3.$4|$N$E
!
! TCP|*|25|*|*|*|*|*|*@*|*|* $C$|RATE_LIMIT;$1|$[IMTA_LIB:conn_throttle.so,throttle_p,$1,1]\
!$N$ Too$ much$ mail$ reduce$ connections$ per$ minute$E
TCP|*|25|*|*|*|*|tcp_local|*@*|*|* $C$|CHECK_DOMAIN;$6|$Y$E
TCP|*|25|*|*|*|*|*|*@*|*|* $X5.5.5|$NInvalid$ host/domain:$7
! reject_ip - checks the client address against the general.db, if found, reject
! the connection, right then.
! rate_limit - will check the client address against the general.db, if found
! will limit the number of connections/minute from that address. (Only available
! on iMS and SIMS.
! check_domain - checks the @domain porition of the envelope from to be sure
! it is valid. The dns_verify routine will return a positive match if a
! "server error" is returned, so some bad domain mail could slip through
! which is probably a good thing.
! We need the ip_addr back to pass to the throttle lib, thus
! the $0.$1.$2.$3 notation on the result
RATE_LIMIT
*.*.*.* $C${RATE|$0.0.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${RATE|$0.$1.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${RATE|$0.$1.$2.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${RATE|$0.$1.$2.$3}$Y$0.$1.$2.$3$E
REJECT_IP
*.*.*.* $C${rip|$0.0.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${rip|$0.$1.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${rip|$0.$1.$2.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${rip|$0.$1.$2.$3}$Y$0.$1.$2.$3$E
ALWAYS_ACCEPT
* $C${ALWAYS|$0}$Y
ALWAYS_ACCEPT_IP
*.*.*.* $C${ALWAYS_IP|$0.0.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${ALWAYS_IP|$0.$1.0.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${ALWAYS_IP|$0.$1.$2.0}$Y$0.$1.$2.$3$E
*.*.*.* $C${ALWAYS_IP|$0.$1.$2.$3}$Y$0.$1.$2.$3$E
ALWAYS_ACCEPT_SNDR
* $C${ALWAYS|$0}$Y
REJECT_FROM_USER_DOMAIN
* $C${rfud|$0}$Y
REJECT_VIRUS
* $C${virus|$0}$Y
REJECT_FROM_USER
* $C${rfu|$0}$Y
REJECT_FROM_DOMAIN
* $C${rfd|$0}$Y
REJECT_TO_USER
* $C${rtu|$0}$Y
REJECT_TO_USER_DOMAIN
* $C${rtud|$0}$Y
DELAY_FROM_USER_DOMAIN
* $C${DELAY_FROM_USER_DOMAIN|$0}$Y
DELAY_FROM_USER
* $C${DELAY_FROM_USER|$0}$Y
DELAY_TO_USER
* $C${DELAY_TO_USER|$0}$Y
DELAY_TO_USER_DOMAIN
* $C${DELAY_TO_USER_DOMAIN|$0}$Y
DELAY_IP
* $C${DELAY_IP|$0}$Y
INTERNAL_IP
$(192.168.1.7/32) $Y
*.*.*.* $C${TRUSTED|$0.0.0.0}$Y$E
*.*.*.* $C${TRUSTED|$0.$1.0.0}$Y$E
*.*.*.* $C${TRUSTED|$0.$1.$2.0}$Y$E
*.*.*.* $C${TRUSTED|$0.$1.$2.$3}$Y$E
127.0.0.1 $Y
* $N
LIST_AUTH
*;*|* $[IMTA_LIBUTIL,imdlauth,$2+$1@$0]
!
! src-channel|from-address|dst-channel|to-address
!
ORIG_SEND_ACCESS
tcp_local|*|tcp_local|* $N$D30|Relaying$ not$ allowed
tcp_*|*|native|* $N
tcp_*|*|hold|* $N
tcp_*|*|pipe|* $N
tcp_noscan|*|ims-ms|* $Y
tcp_*|*|ims-ms|* $N
!
! The following three lines stop mail from:
! being accepted, if the address is not qualified then
! go away, but accept NULLs, aka DSNs, we are required too
! plus it is just a very good idea.
!
tcp_*|*@*|*|* $Y$E
tcp_*||*|* $Y$E
tcp_*|*|*|* $N$D30Nice$ try,$ you'll$ to$ be$ more$ creative$ than$ $1,$ not$ accepted
!
! src-channel|from-address|dst-channel|to-address
!
SEND_ACCESS
tcp_*|*|*|*@[127.*] $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@localhost.* $X5.1.2|$NBad$ destination$ system
tcp_*|*@no.domain.spam|*|* $NFrom$ address$ $1,$ lacks$ domain$ name
!**********************************************************************
!
! Blacklist sites use different numbers to mean different things
! thus we want those reasons in the log files and thus a table
! for each site is needed.
!
!**********************************************************************
! If the client address is found on one of the blacklist zones then
! this mapping needs to return $Y so that the orig_mail_access mapping
! is positive and thus the desired action is taken.
BLACKLIST
*.*.*.* $C$|SPAMHAUS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.sbl.spamhaus.org|%n|$$N|$$N]|$Y$E
*.*.*.* $C$|RBLPLUS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.rbl-plus.mail-abuse.org|%n|$$N|$$N]|$Y$E
*.*.*.* $C$|SPAMCOP_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.bl.spamcop.net|%n|$$N|$$N]|$Y$E
! got this list from Anthony of CV, but sage-members mail got rejected right off
*.*.*.* $C$|CBL_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.cbl.abuseat.org|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|NJABL_ORG_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.dnsbl.njabl.org|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|RHSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.rhsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! probably should not use the overall lookup as they have been listing the MTAs for large ISPs
! and well duh, their users could be sending to spam trap addresses, the rest of the ISPs
! customers should not be punished for such behavior, but alas this is what we get
! for using a RBL by someone else.
!
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
!
!
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.http.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.socks.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.misc.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.smtp.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.web.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! *.*.*.* $C$|DNSBL_SORBS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,$3.$2.$1.$0.zombie.dnsbl.sorbs.net|%n|$$N|$$N]|$Y$E
! working RBL+ lookup
! *.*.*.* $C$|RBLPLUS_TYPE;$0.$1.$2.$3.$[IMTA_LIB:dns_verify.so,dns_verify,+$3.$2.$1.$0.rbl-plus.mail-abuse.org+%n+$$N+$$N]|$N$E
! This table checks to make sure the domain exists in DNS
! probably the exact equiv of mailfromdnsverify keyword
CHECK_DOMAIN
* $E$[IMTA_LIB:dns_verify.so,dns_verify,$0.|$$Y|$$N%e]$E
RHSBL_SORBS_TYPE
*.127.0.0.11 $Y$ Badly$ configured$ MX/A$ record$ See$
*.127.0.0.12 $Y$ Your$ domain$ requests$ nomail$ See$
DNSBL_SORBS_TYPE
*.127.0.0.2 $Y$ Open$ HTTP$ Proxy$ See$
*.127.0.0.3 $Y$ Open$ Socks$ Proxy$ See$
*.127.0.0.4 $Y$ Open$ Proxy$ Server$ See$
*.127.0.0.5 $Y$ Open$ SMTP$ Server$ See$
*.127.0.0.6 $Y$ UBE/UCE$ Source$ See$
*.127.0.0.7 $Y$ Web$ Server$ has$ vulnerabilities$ See$
*.127.0.0.8 $Y$ Refused$ testing$ See$
*.127.0.0.9 $Y$ Hijacked$ network$ See$
*.127.0.0.10 $Y$ Dynamic$ IP$ Range$ See$
! I have not found a description of the type of entries found in SPAM COP's RBL.
! If you know of them, please let me know. Chad@Balius.com
SPAMCOP_TYPE
*.127.0.0.2 $Y$ entry:$ $0$ found$ in$
CBL_TYPE
*.127.0.0.2 $Y$ entry:$ $0$ found$ in$
SPAMHAUS_TYPE
*.127.0.0.2 $Y$ Your$ IP$ Addr$ ($0)$ is$ listed$ in$
NJABL_ORG_TYPE
*.127.0.0.2 $Y$ Open$ Relay$ See$
*.127.0.0.3 $Y$ Dial$ Up$ or$ Dynamic$ IP$ Address$ See$
*.127.0.0.4 $Y$ UBE/UCE$ Source$ See$
*.127.0.0.5 $Y$ Multi-stage$ Open$ Relay$ See$
*.127.0.0.8 $Y$ CGI$ or$ similar$ problem$ See$
*.127.0.0.9 $Y$ Open$ Proxy$ server$ See$
! The following table is derived from david20@alpha2.axp.mdx.ac.uk
! and Steve +1 608 278 7700 via the
! info-pmdf mailing list.
RBLPLUS_TYPE
! The left hand side of the RBL_PLUS_TYPE mapping is the client IP
! address concatentated with the IP address returned from the RBL+ list.
! It returns the error message to send to the client.
*.127.1.0.1 $Y$ Blackholed:$ \
See$
*.127.1.0.2 $Y$ Dial-up$ IP$ $0:$ \
See$
*.127.1.0.3 $Y$ Blackholed$ and$ Dial-up$ IP:$ \
See$
*.127.1.0.4 $Y$ Open$ relay:$ \
See$
*.127.1.0.5 $Y$ Blackholed$ and$ Open$ relay:$ \
See$
*.127.1.0.6 $Y$ Dial-up$ IP$ and $Open Relay:$ \
See$
*.127.1.0.7 $Y$ Blackholde,$ Dial-up$ IP, $and$ Open$ relay:$ \
See$