subject:"\[MediaWiki\-commits\] \[Gerrit\] operations\/puppet\[production\]\: MX\: Add zen.spamhaus.org DNSBL check to MTA rcpt acl"

[MediaWiki-commits] [Gerrit] operations/puppet[production]: MX: Add zen.spamhaus.org DNSBL check to MTA rcpt acl

2017-09-18 Thread Herron (Code Review)

Herron has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/378717 )

Change subject: MX: Add zen.spamhaus.org DNSBL check to MTA rcpt acl
..


MX: Add zen.spamhaus.org DNSBL check to MTA rcpt acl

Today messages from hosts listed in zen.spamhaus.org are given a spam score
of ~3.5. In some cases this allows messages from known spam sources to
continue onward towards delivery.

This change will warn (for the purposes of testing) if a blacklisted host
connects directly to the wikimedia.org mx systems. Pending successful
testing, a follow-up change will update the acl action from warn to delay
and drop (with a useful 5xx error message).

Bug: T175879
Change-Id: I0ba0441097e69784e582fb98a6d742b984ef348d
---
M modules/role/templates/exim/exim4.conf.mx.erb
1 file changed, 7 insertions(+), 0 deletions(-)

Approvals:
  Herron: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/role/templates/exim/exim4.conf.mx.erb 
b/modules/role/templates/exim/exim4.conf.mx.erb
index 5ef35c7..7cf76d4 100644
--- a/modules/role/templates/exim/exim4.conf.mx.erb
+++ b/modules/role/templates/exim/exim4.conf.mx.erb
@@ -156,6 +156,13 @@
# Check whether the sender address domain exists
require verify = sender
 
+   # Drop connections from IP addresses listed in DNSBL
+   # This is a warn for testing. After testing...
+   #   * Change to delay & drop
+   #   * Change log_message to message
+   warn log_message = $sender_host_address is listed by $dnslist_domain 
($dnslist_value: $dnslist_text)
+   dnslists = zen.spamhaus.org
+
accept
 
 acl_check_connect:

-- 
To view, visit https://gerrit.wikimedia.org/r/378717
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0ba0441097e69784e582fb98a6d742b984ef348d
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Herron 
Gerrit-Reviewer: Giuseppe Lavagetto 
Gerrit-Reviewer: Herron 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: MX: Add zen.spamhaus.org DNSBL check to MTA rcpt acl

2017-09-18 Thread Herron (Code Review)

Herron has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/378717 )

Change subject: MX: Add zen.spamhaus.org DNSBL check to MTA rcpt acl
..

MX: Add zen.spamhaus.org DNSBL check to MTA rcpt acl

Today messages from hosts listed in zen.spamhaus.org are given a spam score
of ~3.5. In some cases this allows messages from known spam sources to
continue onward towards delivery.

This change will warn (for the purposes of testing) if a blacklisted host
connects directly to the wikimedia.org mx systems. Pending successful
testing, a follow-up change will update the acl action from warn to delay
and drop (with a useful 5xx error message).

Bug: T175879
Change-Id: I0ba0441097e69784e582fb98a6d742b984ef348d
---
M modules/role/templates/exim/exim4.conf.mx.erb
1 file changed, 7 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/17/378717/1

diff --git a/modules/role/templates/exim/exim4.conf.mx.erb 
b/modules/role/templates/exim/exim4.conf.mx.erb
index 5ef35c7..7cf76d4 100644
--- a/modules/role/templates/exim/exim4.conf.mx.erb
+++ b/modules/role/templates/exim/exim4.conf.mx.erb
@@ -156,6 +156,13 @@
# Check whether the sender address domain exists
require verify = sender
 
+   # Drop connections from IP addresses listed in DNSBL
+   # This is a warn for testing. After testing...
+   #   * Change to delay & drop
+   #   * Change log_message to message
+   warn log_message = $sender_host_address is listed by $dnslist_domain 
($dnslist_value: $dnslist_text)
+   dnslists = zen.spamhaus.org
+
accept
 
 acl_check_connect:

-- 
To view, visit https://gerrit.wikimedia.org/r/378717
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0ba0441097e69784e582fb98a6d742b984ef348d
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Herron 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: MX: Add zen.spamhaus.org DNSBL check to MTA rcpt acl

[MediaWiki-commits] [Gerrit] operations/puppet[production]: MX: Add zen.spamhaus.org DNSBL check to MTA rcpt acl

2 matches

Site Navigation

Mail list logo

Footer information