Registrar Barrier DNS List

From Computer Tyme Support Wiki

Revision as of 14:29, 26 May 2008 by Marc (Talk | contribs)
Jump to: navigation, search

Contents

DNS Lookup to Separate the domain part of a hostname

This DNS lookup helps you find the main domain part (Registrar Barrier) of a hostname. Sometimes it is reffered to as two level TLDs and three level TLDs. Lookups are accomplished through DNS calls as follows:

dig perkel.com.rb.junkemailfilter.com         - returns 127.0.0.1
dig perkel.co.uk.rb.junkemailfilter.com       - returns 127.0.0.2
dig perkel.state.ca.us.rb.junkemailfilter.com - returns 127.0.0.3

This is a service of Junk Email Filter dot com. One of many technologies used in advanced email filtering.

Exim Configuration

If you are running Exim you can use this as follows:

# This example calls rb_resolve as an ACL subroutine setting acl_c_sender_host_domain
# from $acl_c_rb_result. Using the acl subroutine allows you to extract the 
# registrar barrier part from and host string such as HELO.

warn	set acl_c_rb_query = $sender_host_name
	acl = rb_resolve
	set acl_c_sender_host_domain = $acl_c_rb_result
# ACL Subroutine that returns that registry barrier part of a string. The string is
# passed in acl_c_rb_query and returned in acl_c_rb_result.
# Example: mx.junkemailfilter.com returns junkemailfilter.com

rb_resolve:

# Separates the domain part of a hostname - ftp.perkel.com returns perkel.com 
# DNS lookup returns 127.0.0.1 for single level domains
# DNS lookup returns 127.0.0.2 for two level domains
# DNS lookup returns 127.0.0.3 for three level domains

warn	set acl_c_rb_result =
	set acl_c_rb_query = ${lc:$acl_c_rb_query}

accept	condition = ${if eq{$acl_c_rb_query}{}}

accept	!dnslists = rb.junkemailfilter.com/$acl_c_rb_query

accept	condition = ${if eq{$dnslist_value}{127.0.0.1}}
	set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*)$\N}{\$2}}

accept	condition = ${if eq{$dnslist_value}{127.0.0.2}}
	set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*\..*)$\N}{\$2}}

accept	condition = ${if eq{$dnslist_value}{127.0.0.3}}
	set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*\..*\..*)$\N}{\$2}}

accept

Other DNS Lists

Junk Email Filter produces a number of other lists that return information about host names.

Free Mail Domains List

These are a list of host names of provider of free email accounts that are often used for fraud scams. The list includes names like yahoo.com, hotmail.com, gmail.com. This is not a block list. It is used to determine if the account used comes from a freemail provider.

Usage:

dig yahoo.com.freemaildomains.junkemailfilter.com

For example. Spammers sometimes send email from a hotmail.com account and have the reply-to set to a gmail.com account. That way when the sender gets shut down for spamming the reply-to still works.

Here's an example of an Exim rule to block this.

# Freemail Tests

warn	dnslists = freemaildomains.junkemailfilter.com/${domain:${lc:$h_From:}}
	add_header = X-Freemail-From: ${domain:${lc:$h_From:}}
	set acl_c_freemail = yes
	set acl_c_freemail_from = ${domain:${lc:$h_From:}}
	
warn	dnslists = freemaildomains.junkemailfilter.com/${domain:${lc:$h_Reply-to:}}
	add_header = X-Freemail-Reply-to: ${domain:${lc:$h_Reply-to:}}
	set acl_c_freemail = yes
	set acl_c_freemail_reply = ${domain:${lc:$h_Reply-to:}}

accept	condition = ${if def:acl_c_freemail}
	condition = ${if eq{$sender_host_name}{}}
	!condition = ${if def:acl_c_nohosttests}
	set acl_c_spamsave = No RDNS and Freemail Domain
	acl = reject
	acl = report_black

accept	condition = ${if def:acl_c_freemail_reply}
	condition = ${if def:acl_c_freemail_from}
	!condition = ${if eqi{${local_part:$h_From:}@${domain:$h_From:}}{${local_part:$h_Reply-to:}@${domain:$h_Reply-to:}}}
	message = X-Spam-feed: 419
	set acl_c_spamsave = 419scam Freemail - Reply-to does not match From - R=$h_Reply-to: F=$h_From:
	acl = reject

ISP Hosts List

HELO Match List

Personal tools