# backscatter-20090930-cf.txt
#
# SDM - NDR (non-delivery-report) triggers checking if the host is on the backscatterer list
#
# My NDR test is a simple MAIL FROM: <> (aka MAILER_DAEMON or postmaster@whatever)
# It's a trade off between real NDR's likely drowned out in a sea of spam NDR
# vs losing a legit NDR from a host flagged as a backscatterer. I choose the latter.
# check_mail is never called for authenticated clients when delay_checks is enabled
# so I don't have to worry about them here. Otherwise I'd be ensuring $&{auth_type} is null
# The backscatterer dnsbl automatically lists hosts & delists after 4 weeks assuming they clean up their act.
# check pass returns <?>OK (or something) check fail returns <?>127.0.0.2 (or possibly some other last digit)
# It's like it would kill them to document return codes.
#
# for installation information see my awesome website:
# http://www.seanster.com/sendmail-backscatter
#
# Briefly, this code goes into SBasic_check_mail 
# Find this line in SBasic_check_mail (about 10 lines down):
#
# "R<>         $@ <OK>         we MUST accept <> (RFC 1123)"
#
# Insert this entire file ABOVE that line. be sure tabs and spaces are retained. It matters!
#
# share and enjoy
#
R<>				$: $&{client_addr}
R$-.$-.$-.$-	$: <?> $(dnsbl $4.$3.$2.$1.ips.backscatterer.org . $: OK $)
R<?>OK		$@	<OK>	not a listed backscatterer exit ruleset now
R<?>$+<TMP>	$@	<OK>	presumed not a backscatterer. dns failure. exit ruleset now
#
# Make sure you give the backscatterer website so victims can find out what's wrong.
# I like to add the client's ip address for logging puproses.
#
R<?>127.0.0.$+	$#error $@ 5.7.1 $: "550 Rejected: OMG DONT BOUNCE SPAM YOU FREAKING IDIOTS www.backscatterer.org Code: " $1 " BAN ["$&{client_addr} "] "
# end of file