Registrar Barrier DNS List
From Computer Tyme Support Wiki
Contents |
DNS Lookup to Separate the domain part of a hostname
This DNS lookup helps you find the main domain part (Registrar Barrier) of a hostname. Sometimes it is reffered to as two level TLDs and three level TLDs. Lookups are accomplished through DNS calls as follows:
dig perkel.com.rb.junkemailfilter.com - returns 127.0.0.1 dig perkel.co.uk.rb.junkemailfilter.com - returns 127.0.0.2 dig perkel.state.ca.us.rb.junkemailfilter.com - returns 127.0.0.3
This is a service of Junk Email Filter dot com. One of many technologies used in advanced email filtering.
Exim Configuration
If you are running Exim you can use this as follows:
# This example calls rb_resolve as an ACL subroutine setting acl_c_sender_host_domain # from $acl_c_rb_result. Using the acl subroutine allows you to extract the # registrar barrier part from and host string such as HELO. warn set acl_c_rb_query = $sender_host_name acl = rb_resolve set acl_c_sender_host_domain = $acl_c_rb_result
# ACL Subroutine that returns that registry barrier part of a string. The string is # passed in acl_c_rb_query and returned in acl_c_rb_result. # Example: mx.junkemailfilter.com returns junkemailfilter.com rb_resolve: # Separates the domain part of a hostname - ftp.perkel.com returns perkel.com # DNS lookup returns 127.0.0.1 for single level domains # DNS lookup returns 127.0.0.2 for two level domains # DNS lookup returns 127.0.0.3 for three level domains warn set acl_c_rb_result = set acl_c_rb_query = ${lc:$acl_c_rb_query} accept condition = ${if eq{$acl_c_rb_query}{}} accept !dnslists = rb.junkemailfilter.com/$acl_c_rb_query accept condition = ${if eq{$dnslist_value}{127.0.0.1}} set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*)$\N}{\$2}} accept condition = ${if eq{$dnslist_value}{127.0.0.2}} set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*\..*)$\N}{\$2}} accept condition = ${if eq{$dnslist_value}{127.0.0.3}} set acl_c_rb_result = ${sg{$acl_c_rb_query}{\N^(.*\.)?(.*\..*\..*\..*)$\N}{\$2}} accept
Other DNS Lists
Junk Email Filter produces a number of other lists that return information about host names.
Free Mail Domains List
These are a list of host names of provider of free email accounts that are often used for fraud scams. The list includes names like yahoo.com, hotmail.com, gmail.com. This is not a block list. It is used to determine if the account used comes from a freemail provider.
Usage:
dig yahoo.com.freemaildomains.junkemailfilter.com
For example. Spammers sometimes send email from a hotmail.com account and have the reply-to set to a gmail.com account. That way when the sender gets shut down for spamming the reply-to still works.
Here's an example of an Exim rule to block this.
# Freemail Tests warn dnslists = freemaildomains.junkemailfilter.com/${domain:${lc:$h_From:}} add_header = X-Freemail-From: ${domain:${lc:$h_From:}} set acl_c_freemail = yes set acl_c_freemail_from = ${domain:${lc:$h_From:}} warn dnslists = freemaildomains.junkemailfilter.com/${domain:${lc:$h_Reply-to:}} add_header = X-Freemail-Reply-to: ${domain:${lc:$h_Reply-to:}} set acl_c_freemail = yes set acl_c_freemail_reply = ${domain:${lc:$h_Reply-to:}} deny condition = ${if def:acl_c_freemail} condition = ${if eq{$sender_host_name}{}} deny condition = ${if def:acl_c_freemail_reply} condition = ${if def:acl_c_freemail_from} !condition = ${if eqi{${local_part:$h_From:}@${domain:$h_From:}} \ {${local_part:$h_Reply-to:}@${domain:$h_Reply-to:}}}
ISP Hosts List
The ISP list are domains that provide DSL or cable modem access to end users. We use the list internally as an exclusion list when we test for conditions excepting ISPs. This list is generated by using the registry barrier of hosts that are classified as dynamic IP ranges. We don't know how useful this list is to you but if you find a good use for it let us know.
dig comcast.com.isphosts.junkemailfilter.com
HELO Match List
This is another list we generate that seems like it should be useful but haven't yet figures out how. This list matches the registry barrier of the FCrDNS of the connecting host with the registry barrier of the HELO. If they match it is more likely to be not spam than spam. If you find a use for this let us know.
dig yahoo.com.helomatch.junkemailfilter.com