Content-type: text/html
Manpage of dhf.conf
dhf.conf
Section: User Manual (5)
Updated: 15 SEP 2007
Index
Return to Main Contents
NAME
dhf.conf - The configuration file for dyn-host-filter
DESCRIPTION
The configuration file (usually: /etc/dhf.conf) consists of two parts: general settings and rules. An input to
dyn-host-filter
whether it is a resolved (hostname) or unresolved (IP) will be referred to as an
entry.
FILE FORMAT
- <option> <value>
-
for general settings
- <action> <regexp>
-
for rules
Lines starting with '#' are considered as comments.
OPTIONS
Each entry is a result of a connection to qmail (tcpserver) and can either be resolved or unresolved. An unresolved entry is usually caused by a source that does not have a reverse DNS. In some rare cases the cause may be a temporary DNS failure. Generally, one should not allow unresolved entries to the mail system. A resolved entry(hostname) is always sent through the list of rules. The first rule to match will trigger its defined action (either
pass
or
block
) and no further checks will be performed on that entry. If no rule matches the entry, the
default action
will be triggered.
The general settings described bellow are the default ones. There is no need to provide dhf.conf with the default values since they will be applied automatically.
- default_action <value>
-
The action to be applied if the resolved entry does not match any of the rules. Values: pass (default), block
- default_unresolved_action <value>
-
Default action for unresolved entries. Values: pass, block (default)
- default_ip_action <value>
-
If we choose to pass an unresolved entry (IP), it will be sent through the list of rules as well. If the ip does not match any rule, the
default_ip_action
will be triggered. Values: pass, block (default)
If an entry is to be rejected (blocked) it can be done in two ways:
SMTP code 451
: Tells legitimate clients to try again later.
SMTP code 553
: Tells the client to bounce the message immediately.
If an IP does not resolve, the reason may be a temporary DNS error. Rejecting unresolved entries (IPs) with code 451 may be a good idea, since it gives innocent relay operators a chance to detect and correct the problem. Resolved entries (hostnames) on the other hand can be rejected with code 553.
- host_code <value>
-
Blocked resolved entries. Values: 451, 553 (default)
- unresolved_code <value>
-
The reject code used by
default_unresolved_action.
Values: 451 (default), 553
- ip_code <value>
-
The reject code used by
default_ip_action.
Values: 451 (default), 553
It is always a good idea to test the configuration with the
dhf-test
utility before applying it to
dyn-host-filter.
SEE ALSO
dyn-host-filter(1), dhf-test(1)
COPYRIGHT
dyn-host-filter Copyright (C) 2006, 2007 Simeon Simeonov
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
BUGS
None so far.
AUTHORS
Simeon Simeonov
Index
- NAME
-
- DESCRIPTION
-
- FILE FORMAT
-
- OPTIONS
-
- SEE ALSO
-
- COPYRIGHT
-
- BUGS
-
- AUTHORS
-
This document was created by
man2html,
using the manual pages.
Time: 17:41:10 GMT, September 15, 2007