Registrar Barrier DNS List

From Computer Tyme Support Wiki

Revision as of 14:53, 26 May 2008 by Marc (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


DNS Lookup to Separate the domain part of a hostname

This DNS lookup helps you find the main domain part (Registrar Barrier) of a hostname. Sometimes it is reffered to as two level TLDs and three level TLDs. Lookups are accomplished through DNS calls as follows:

dig         - returns
dig       - returns
dig - returns

This is a service of Junk Email Filter dot com. One of many technologies used in advanced email filtering.

Exim Configuration

If you are running Exim you can use this as follows:

# This example calls rb_resolve as an ACL subroutine setting acl_c_sender_host_domain
# from $acl_c_rb_result. Using the acl subroutine allows you to extract the 
# registrar barrier part from and host string such as HELO.

warn	set acl_c_rb_query = $sender_host_name
	acl = rb_resolve
	set acl_c_sender_host_domain = $acl_c_rb_result
# ACL Subroutine that returns that registry barrier part of a string. The string is
# passed in acl_c_rb_query and returned in acl_c_rb_result.
# Example: returns


# Separates the domain part of a hostname - returns 
# DNS lookup returns for single level domains
# DNS lookup returns for two level domains
# DNS lookup returns for three level domains

warn	set acl_c_rb_result =
	set acl_c_rb_query = ${lc:$acl_c_rb_query}

accept	condition = ${if eq{$acl_c_rb_query}{}}

accept	!dnslists =$acl_c_rb_query

accept	condition = ${if eq{$dnslist_value}{}}
	set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*)$\N}{\$2}}

accept	condition = ${if eq{$dnslist_value}{}}
	set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*\..*)$\N}{\$2}}

accept	condition = ${if eq{$dnslist_value}{}}
	set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*\..*\..*)$\N}{\$2}}


Other DNS Lists

Junk Email Filter produces a number of other lists that return information about host names.

Free Mail Domains List

These are a list of host names of provider of free email accounts that are often used for fraud scams. The list includes names like,, This is not a block list. It is used to determine if the account used comes from a freemail provider.



For example. Spammers sometimes send email from a account and have the reply-to set to a account. That way when the sender gets shut down for spamming the reply-to still works.

Here's an example of an Exim rule to block this.

# Freemail Tests

warn	dnslists =${domain:${lc:$h_From:}}
	add_header = X-Freemail-From: ${domain:${lc:$h_From:}}
	set acl_c_freemail = yes
	set acl_c_freemail_from = ${domain:${lc:$h_From:}}
warn	dnslists =${domain:${lc:$h_Reply-to:}}
	add_header = X-Freemail-Reply-to: ${domain:${lc:$h_Reply-to:}}
	set acl_c_freemail = yes
	set acl_c_freemail_reply = ${domain:${lc:$h_Reply-to:}}

deny	condition = ${if def:acl_c_freemail}
	condition = ${if eq{$sender_host_name}{}}

deny	condition = ${if def:acl_c_freemail_reply}
	condition = ${if def:acl_c_freemail_from}
	!condition = ${if eqi{${local_part:$h_From:}@${domain:$h_From:}} \

ISP Hosts List

The ISP list are domains that provide DSL or cable modem access to end users. We use the list internally as an exclusion list when we test for conditions excepting ISPs. This list is generated by using the registry barrier of hosts that are classified as dynamic IP ranges. We don't know how useful this list is to you but if you find a good use for it let us know.


HELO Match List

This is another list we generate that seems like it should be useful but haven't yet figures out how. This list matches the registry barrier of the FCrDNS of the connecting host with the registry barrier of the HELO. If they match it is more likely to be not spam than spam. If you find a use for this let us know.

Personal tools