MTX Policy records implemented.

Mon, 15 Feb 2010 18:57:42 -0800 

http://www.chaosreigns.com/mtx/policy/

Be sure to check out the flow chart at the bottom.  It doesn't include
delegation.  Thanks to Jonas Eckerman for getting me to do it.

The SA plugin is still on http://www.chaosreigns.com/mtx/

MTX Policy enables new tests which can be used in place of MTX_FAIL:
MTX_NONE
MTX_NEUTRAL
MTX_SOFTFAIL
MTX_HARDFAIL

If you don't use them, and use MTX_FAIL instead, it skips the policy check.

The values are determined by A records named policy.mtx.example.com.  The
value of that record also indicates whether the subdomain should be
checked.  My implementation has an arbitrary limit of 20 levels of domains
to avoid abuse.

Mail::SpamAssassin::Util::RegistrarBoundaries::trim_domain has been great
for picking the domain level to start out at.  Thanks again to Jonas for
pointing me to it.


MTX's debug output showing policy delegation:

mtx: Doing the necessary DNS lookups.
mtx: Testing IP: 159.134.118.53 (last untrusted relay).
mtx: Host name ('A' record) is mail24.svc.cra.dublin.eircom.net.
mtx: Relevant MTX record is: 53.118.134.159.mtx.mail24.svc.cra.dublin.eircom.net
mtx: Checking blacklist.
mtx: Failed to get A record for 
53.118.134.159.mtx.mail24.svc.cra.dublin.eircom.net.
mtx: Checking MTX Policy.
mtx: Policy mindepth: 2, maxdepth: 6
mtx: MTX Policy record name: policy.mtx.eircom.net, depth: 2
mtx: MTX Policy record value: 127.0.1.2.
mtx: Delegated.
mtx: Found HardFail.
mtx: MTX Policy record name: policy.mtx.dublin.eircom.net, depth: 3
mtx: MTX Policy record value: 127.0.1.1.
mtx: Delegated.
mtx: Found SoftFail.
mtx: MTX Policy record name: policy.mtx.cra.dublin.eircom.net, depth: 4
mtx: MTX Policy record value: 127.0.0.0.
mtx: Not delegated.
mtx: Found Neutral.
rules: ran eval rule MTX_FAIL ======> got hit (1)
rules: ran eval rule MTX_NEUTRAL ======> got hit (1)


My post to the Anti-Spam Research Group's list:
http://www.ietf.org/mail-archive/web/asrg/current/msg16232.html

-- 
"To my mind it is wholly irresponsible to go into the world incapable of
preventing violence, injury, crime, and death. How feeble is the mindset
to accept defenselessness. How unnatural. How cheap. How cowardly. How
pathetic." - Ted Nugent
http://www.ChaosReigns.com

Reply via email to