Registrar Barrier DNS List
From Computer Tyme Support Wiki
Contents |
DNS Lookup to Separate the domain part of a hostname
This DNS lookup helps you find the main domain part (Registrar Barrier) of a hostname. Sometimes it is reffered to as two level TLDs and three level TLDs. Lookups are accomplished through DNS calls as follows:
dig perkel.com.rb.junkemailfilter.com - returns 127.0.0.1 dig perkel.co.uk.rb.junkemailfilter.com - returns 127.0.0.2 dig perkel.state.ca.us.rb.junkemailfilter.com - returns 127.0.0.3
This is a service of Junk Email Filter dot com. One of many technologies used in advanced email filtering.
Exim Configuration
If you are running Exim you can use this as follows:
# This example calls rb_resolve as an ACL subroutine setting acl_c_sender_host_domain # from $acl_c_rb_result. Using the acl subroutine allows you to extract the # registrar barrier part from and host string such as HELO. warn set acl_c_rb_query = $sender_host_name acl = rb_resolve set acl_c_sender_host_domain = $acl_c_rb_result
# ACL Subroutine that returns that registry barrier part of a string. The string is
# passed in acl_c_rb_query and returned in acl_c_rb_result.
# Example: mx.junkemailfilter.com returns junkemailfilter.com
rb_resolve:
# Separates the domain part of a hostname - ftp.perkel.com returns perkel.com
# DNS lookup returns 127.0.0.1 for single level domains
# DNS lookup returns 127.0.0.2 for two level domains
# DNS lookup returns 127.0.0.3 for three level domains
warn set acl_c_rb_result =
set acl_c_rb_query = ${lc:$acl_c_rb_query}
accept condition = ${if eq{$acl_c_rb_query}{}}
accept !dnslists = rb.junkemailfilter.com/$acl_c_rb_query
accept condition = ${if eq{$dnslist_value}{127.0.0.1}}
set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*)$\N}{\$2}}
accept condition = ${if eq{$dnslist_value}{127.0.0.2}}
set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*\..*)$\N}{\$2}}
accept condition = ${if eq{$dnslist_value}{127.0.0.3}}
set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*\..*\..*)$\N}{\$2}}
accept
Other DNS Lists
Junk Email Filter produces a number of other lists that return information about host names.
Free Mail Domains List
These are a list of host names of provider of free email accounts that are often used for fraud scams. The list includes names like yahoo.com, hotmail.com, gmail.com. This is not a block list. It is used to determine if the account used comes from a freemail provider.
Usage:
dig yahoo.com.freemaildomains.junkemailfilter.com
For example. Spammers sometimes send email from a hotmail.com account and have the reply-to set to a gmail.com account. That way when the sender gets shut down for spamming the reply-to still works.
Here's an example of an Exim rule to block this.
# Freemail Tests
warn dnslists = freemaildomains.junkemailfilter.com/${domain:${lc:$h_From:}}
add_header = X-Freemail-From: ${domain:${lc:$h_From:}}
set acl_c_freemail = yes
set acl_c_freemail_from = ${domain:${lc:$h_From:}}
warn dnslists = freemaildomains.junkemailfilter.com/${domain:${lc:$h_Reply-to:}}
add_header = X-Freemail-Reply-to: ${domain:${lc:$h_Reply-to:}}
set acl_c_freemail = yes
set acl_c_freemail_reply = ${domain:${lc:$h_Reply-to:}}
deny condition = ${if def:acl_c_freemail}
condition = ${if eq{$sender_host_name}{}}
deny condition = ${if def:acl_c_freemail_reply}
condition = ${if def:acl_c_freemail_from}
!condition = ${if eqi{${local_part:$h_From:}@${domain:$h_From:}} \
{${local_part:$h_Reply-to:}@${domain:$h_Reply-to:}}}
