Vetinari's $HOME

NAME

dnswl_org_local - lookup dnswl.org information locally

DESCRIPTION

The dnswl_org_local plugin uses the whitelist from http://www.dnswl.org/ to set a connection note (dnswl_org_local) based on the score of the result.

You need the rsynced generic-dnswl database on disk (or any other file with the same format), see http://www.dnswl.org/tech#rsync on how to fetch it. Once the file changes on disk, this plugin will reread it in hook_pre_connection.

CONFIGURATION

Arguments for this plugin are key / value pairs, valid arguments are

header (1|0)

This will add a X-DNSWL: header with the score (or No if not whitelisted) to the message when set to a true value. Defaults to false, i.e. not to add a header.

file /PATH/TO/DNSWL_DB

This specifies the full path to the generic-dnswl database. This is the only required argument.

ignore_fail (1|0)

Do not set a connection note if host is not found, useful if this plugin is running a second time with a smaller override list (use this for all but the first if you're running this plugin more than once). Defaults to false.

wl_conn SCORE

Set the connection note whitelisthost if the dnswl score is greater or equal than SCORE. This note is read by several plugins from the qpsmtpd core distribution (like check_earlytalker, greylisting, dnsbl,...)

ACCESSING DNSWL INFO

Other plugins can get the score via

  my $score = $self->qp->connection->notes('dnswl');
  $score = defined $score ? $score : -1;

All other dnswl info about the connection can be found in the dnswl-info connection note:

  my $info = $self->qp->connection->notes('dnswl-info');
  if (exists $info->{id}) {
      # valid keys:
      #    id (dnswl.org ID), 
      #    domain (name or hostname), 
      #    cat_id (category id),
      #    category (category name),
      #    score (numerical score),
      #    mask (32bit netmask)...
      ## to get dnswl net/mask entry:
      ## $ip   = $self->qp->connection->remote_ip;
      ## $net  = join(".", unpack("C4", pack("C4", split(/\./, $ip)) & $mask));
      ## $mask = index(unpack("B*", $mask), "0", 0);
      ## $entry = "$net/". (($mask < 0) : 32 : $mask);
  }

NOTES

This plugin will add a memory footprint of ca. 12 MiB per process for keeping the whitelist in memory.

If dnwsl.org adds network masks < 16 (read: 15, 14, ...) the lookup mechanism has to be expanded.

To override scores locally load this plugin a second time with a modified subset of the database, put something like this in the plugins file:

 dnswl   file /var/lib/qpsmtpd/generic-dnswl
 dnswl:0 file /var/lib/qpsmtpd/local ignore_fail 1

To set some hosts more trusted than given in the DB we use something like

 DNSWL_BASE=/var/lib/qpsmtpd
 CHANGED=$( stat -c '%Y' $DNSWL_BASE/generic-dnswl ) 
 rsync --times rsync1.dnswl.org::dnswl/generic-\* $DNSWL_BASE/
 if [ $CHANGED -lt $(  stat -c '%Y' $DNSWL_BASE/generic-dnswl ) ]; then
    awk -F";" -vOFS=";" '$4 ~ /^(debian|ubuntu|freedesktop)[.]/ {
            $3 = "med";
            print $0
        }' > $DNSWL_BASE/local < $DNSWL_BASE/generic-dnswl
    echo "192.168.1.0/24;10;hi;local;0" >> $DNSWL_BASE/local
 fi

To set an entry to untrusted at all, just set $3 to some invalid value, i.e. not "none", "low", "med" or "hi". Preferred value is "No".

Add local whitelisted hosts as needed to the local DB, e.g like above

  echo "192.168.1.0/24;10;hi;local;0" >> $DNSWL_BASE/local