NAME

blocklist.conf - MTA-level IP Blocker configuration options


SYNOPSIS

/opt/pmx/etc/pmx.d/blocklist.conf


DESCRIPTION

This file is mainly intended for enabling and disabling additional DNS checks run by the MTA-level IP Blocker. When the block_dynamic option is enabled, PureMessage performs reverse DNS (RDNS) look-ups and other checks, in addition to the standard DNS tests run by the Blocker. The other settings described below should only be changed as directed by Sophos support.

You can turn on MTA IP blocking via the Local Services tab of the PureMessage Manager or with the pmx-blocklist command.

Important: Whether you choose to block IP addresses by enabling MTA-level IP blocking or by using the PureMessage policy, PureMessage requires that the IP Blocker Service be enabled. This service is enabled by default. If you opt to block IP addresses using only the PureMessage policy, enabling the <code>block_dynamic</code> option described below will cause the additional tests to occur earlier in policy processing, thus improving efficiency.

The results of each connection handled by the Blocker are stored in /opt/pmx/var/log/blocklist_log.

port
The port over which the MTA-level IP Blocker communicates. If you are running Blocker on a dedicated server, you must replace localhost with the IP address of the Blocker machine. It is not recommended that you adjust this setting. Contact Sophos support before making any changes.

Default: inet:4466@localhost

blocklist_log
The name of the log that records data associated with the MTA-level IP Blocker. It is not recommended that you adjust this setting. Contact Sophos support before making any changes.

Default: blocklist_log

refresh_interval
The frequency with which the Blocker checks if data has changed on disk. It is not recommended that you adjust this setting. Contact Sophos support before making any changes.

Default: 1 minute

block_dynamic
When enabled, PureMessage performs reverse DNS (RDNS) checks and other DNS tests, in addition to the standard DNS tests that occur when MTA-level IP blocking is turned on.

Default: No

block_helo
When enabled, PureMessage will reject connections from mailers that use HELO/EHLO arguments that are not RFC-compliant. The block_dynamic option must also be set to ``Yes'' in order for this option to take effect. This option is available to Postfix users only.

Default: No

reject_message
This text forms the basis of a rejection message that is delivered to the original sender. It is not recommended that you change this setting because doing so will cause the same message to be issued in all cases, regardless of the reason for the rejection. By default, the rejection messages provided by Sophos vary, depending on the reason the message was rejected. The message string may contain the following variables:


SEE ALSO

See also pmx-blocklist


COPYRIGHT

Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.