Content-type: text/html Manpage of dhf.conf


Section: User Manual (5)
Updated: 15 SEP 2007
Index Return to Main Contents


dhf.conf - The configuration file for dyn-host-filter  


The configuration file (usually: /etc/dhf.conf) consists of two parts: general settings and rules. An input to dyn-host-filter whether it is a resolved (hostname) or unresolved (IP) will be referred to as an entry.



<option> <value>
for general settings
<action> <regexp>
for rules

Lines starting with '#' are considered as comments.  


Each entry is a result of a connection to qmail (tcpserver) and can either be resolved or unresolved. An unresolved entry is usually caused by a source that does not have a reverse DNS. In some rare cases the cause may be a temporary DNS failure. Generally, one should not allow unresolved entries to the mail system. A resolved entry(hostname) is always sent through the list of rules. The first rule to match will trigger its defined action (either pass or block ) and no further checks will be performed on that entry. If no rule matches the entry, the default action will be triggered.

The general settings described bellow are the default ones. There is no need to provide dhf.conf with the default values since they will be applied automatically.

default_action <value>
The action to be applied if the resolved entry does not match any of the rules. Values: pass (default), block
default_unresolved_action <value>
Default action for unresolved entries. Values: pass, block (default)
default_ip_action <value>
If we choose to pass an unresolved entry (IP), it will be sent through the list of rules as well. If the ip does not match any rule, the default_ip_action will be triggered. Values: pass, block (default)

If an entry is to be rejected (blocked) it can be done in two ways:

SMTP code 451 : Tells legitimate clients to try again later.

SMTP code 553 : Tells the client to bounce the message immediately.

If an IP does not resolve, the reason may be a temporary DNS error. Rejecting unresolved entries (IPs) with code 451 may be a good idea, since it gives innocent relay operators a chance to detect and correct the problem. Resolved entries (hostnames) on the other hand can be rejected with code 553.

host_code <value>
Blocked resolved entries. Values: 451, 553 (default)
unresolved_code <value>
The reject code used by default_unresolved_action. Values: 451 (default), 553
ip_code <value>
The reject code used by default_ip_action. Values: 451 (default), 553

It is always a good idea to test the configuration with the dhf-test utility before applying it to dyn-host-filter.  


dyn-host-filter(1), dhf-test(1)  


dyn-host-filter Copyright (C) 2006, 2007 Simeon Simeonov

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA  


None so far.  


Simeon Simeonov




This document was created by man2html, using the manual pages.
Time: 17:41:10 GMT, September 15, 2007