blocklist.conf - MTA-level IP Blocker configuration options




This file is mainly intended for enabling and disabling additional tests run by the MTA-level IP Blocker.

The other settings described below should only be changed as directed by Sophos Technical Support.

You can turn on MTA IP blocking via the Local Services tab of the PureMessage Manager or with the pmx-blocklist command.

Important: Whether you choose to block IP addresses by enabling MTA-level IP blocking or by using the PureMessage policy, PureMessage requires that the IP Blocker Service be enabled. This service is enabled by default. If you opt to block IP addresses using only the PureMessage policy, enabling the <code>block_dynamic</code> option described below will cause the additional tests to occur earlier in policy processing, thus improving efficiency.

The results of each connection handled by the Blocker are stored in /opt/pmx6/var/log/blocklist_log.

The port over which the MTA-level IP Blocker communicates. If you are running IP Blocker on a dedicated server, you must replace localhost with the IP address of the IP Blocker machine. It is not recommended that you adjust this setting. Contact Sophos Technical Support before making any changes.

Default: inet:4466@localhost

The name of the log that records data associated with the MTA-level IP Blocker. It is not recommended that you adjust this setting. Contact Sophos Technical Support before making any changes.

Default: blocklist_log

The frequency with which the IP Blocker checks if data has changed on disk. It is not recommended that you adjust this setting. Contact Sophos Technical Support before making any changes.

Default: 1 minute

When enabled, PureMessage rejects messages that are sent 'Direct-to-MX,' a method spammers use to bypass the sending MTA (and any intermediate MTAs), and send messages directly to the machines hosting the MX records for the intended recipients.

The block_dynamic option makes it possible to block spam from hosts that have not yet established a reputation, but are very likely to be sending spam.

Default: No

When enabled, PureMessage rejects connections from mailers that use HELO/EHLO arguments that only appear in spam, and may not be RFC-compliant. The block_dynamic option must also be set to ``Yes'' in order for this option to take effect. This option is available to Postfix users only.

Default: No

This text forms the basis of a rejection message that is delivered to the original sender. It is not recommended that you change this setting because doing so will cause the same message to be issued in all cases, regardless of the reason for the rejection. By default, the rejection messages provided by Sophos vary, depending on the reason the message was rejected. The message string may contain the following variables:
  • %%IP%% - The IP address of the server from which the blocked message originated. Use only in the context of a custom URL. For example:

    Your message has been rejected because it is spam.

  • %%TYPE%% - The reason that the message was blocked. The reasons include:
      IP - Matched data from SophosLabs.
      DYN - Matched dynamic sender data from SophosLabs.
      HELO - The HELO string of the connecting mail transfer agent is suspicious.
      CUSTIP - Matched an IP or hostname in the IP Blocking Inclusion list.
      CUSTRDNS - A glob match has been specified in the IP Blocking Inclusion list.
      DYNR - Matched a regular expression for RDNS mail senders.

    If you are directing rejected senders to a site other than Sophos via a custom URL, the senders can, optionally, be redirected to a different page, depending on the type of block that occurred. For example:

    Your message has been rejected because your internet service provider does not permit you to send mail.

  • %%URL%% - The default URL that links to Sophos's web service. This variable must be replaced with an actual custom URL if you want the rejection message to direct recipients to a location other than the Sophos site.


See also pmx-blocklist


Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.