NAME

lists.conf - Describes the available predefined named lists.


SYNOPSIS

/opt/pmx6/etc/lists.conf


DESCRIPTION

The lists.conf file contains zero or more named list sections.

<list list_name>
The lists.conf configuration file describes the available predefined named lists. The file contains zero or more named list sections.

For more information, enter 'perldoc PureMessage::List'.

name
The list name.

description
Description of the list.

precious
This is a boolean attribute that informs the user interface it should not be allowed to delete the entry or modify matching parameters (match_type/comparator). It is used to differentiate between lists distributed with PureMessage and custom lists defined by users.

source
The source is prefixed by a URI-style scheme that selects the source type. The source can be one of the following:
file:
The items are read from the indicated file.

If the source field does not begin with a scheme part, it is treated as if it was prefixed with 'file:'.

dbi:
Look up matches from a SQL database.

perl:
Let a custom Perl module do the matching.

multifile:
Specify the directory containing per-user whitelists and per-user blacklists.

cdbfile:
Specify the CDB list or map (e.g. cdbfile:internal-hosts).

match_type
The following match types are supported:
is
Exact match.

contains
Substring match.

matches
Glob style matching that might be modified by a comparator. The wildcards are '*' (which matches any sequence of characters) and '?' (which matches a single character). A literal '*', '?' or '\' might be matched by a backslash escaping them.

nmatches
Same as match, but list entries starting with '!' are treated as a negative rule. During matching each string to be matched is considered separately. If it matches at least one of the positive rules, but none of the negative rules, then it is a match.

As an example, if the nmatches-list contains the following two entries:

   *
   !foo*

Then it matches all strings that do not start with the string 'foo'.

re
The entries of the list are Perl5 regular expressions. If the list entry starts with '!' then it is negated as for nmatches.

mail-parts
This match type is more efficient than the "Email Globs" match type when performing the most common email address lookups. For example: someuser@sophos.com someuser@ @sophos.com

domain
Glob style domain and IPv4 address matching. Matching is always case insensitive.

If the list entry starts with a decimal number followed by '.' or '/', then it is taken to be an IP4 address with an optional mask. The format for an entry of this type is:

   <inet4>  = <ip> [ "/" <mask> ]
   <ip>     = <digits> "." <digits> "." <digits> "." <digits>
   <mask>   = <ip> | <bits>
   <digits> = integer in the range 0 .. 255
   <bits>   = integer in the range 0 .. 32

If the list entry does not start with a number, it is taken as a glob style string that will be matched against a domain name. The supported wildcards are:

   ?   match a single char, but not '.'
   *   match a sequence of chars, but not '.'.
   **  match a sequence of chars, including '.'

Matches are automatically anchored to the end of the string. A leading '@' can be used to force anchor to the beginning as well. If the list item starts with '!', then it is negated as for nmatches.

Some examples:

   127.0.0.1

Matches against the exact IP address.

   example.com

Matches any hostname in the example.com domain as well as 'example.com' itself. It does not match 'notexample.com' or 'example.com.org'.

   **.example.com

Matches the same hostnames as above, but not 'example.com' itself.

   .example.com

Matches the same hostnames as above.

   *.example.com

Matches hosts like 'foo.example.com', but not multilevel names like 'foo.bar.example.com'.

   @example.com

Only matches the host 'example.com' and not any subdomains.

mail
Glob style email address matching. The wildcards are the same as for domain, but '@' is prevented from matching on '*' and '?'. Also, if the list entry ends with '@' then the match is no longer anchored at the end.

Some examples:

   example.com

Matches all addresses ending with a domain name of 'example.com' such as 'foo@example.com', 'foo@foo.example.com'.

   @example.com

Matches all addresses with 'example.com' as the exact domain part.

   dev-**@

Matches all addresses starting with the string 'dev-'.

   foo@perl.*

Matches all addresses with 'foo' as the local part and a two level domain name with 'perl' as the first level, like 'foo@perl.com' and 'foo@perl.org'.

   foo@perl.**

Matches all addresses with 'foo' as the local part and at least a two level domain name with 'perl' as the first level, like 'foo@perl.com' and 'foo@perl.domain.com'.

</list>

Configuring LDAP Lists

LDAP-based lists can be created either by appending them to lists.conf or by placing additional files in the lists.d sub-directory. Like other lists specified in lists.conf, each list is contained within its own list section. For example:

    <list foo>
      name = "The Foo List"
      description = "Just an example"
      match_type = is
      source = ldap://localhost
      <args>
        port = 389
        dn = "CN=pmxuser,DC=activestate,DC=com"
        password = testpass
        base = "DC=activestate,DC=com"
        match = "(mail=%s)"
        version = 3
        async = 0
        debug = 0
        scope = sub
      </args>
    </list>

The list id in this case is 'foo', the name is 'The Foo List'. In addition to the standard lists.conf attributes described earlier in this section (e.g. match type, source) LDAP sections contain an args sub-section that defines specific arguments required to help define the connection and search to be performed against the LDAP server.

The source is prefixed by a URI-style scheme that indicates the source type. In the case of an LDAP list, the value provided must include the hostname for the LDAP server with which to connect.


COPYRIGHT

Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.