[Exim] Appeal For Testing: Relay-containment RBLing patch

Top Page
Delete this message
Reply to this message
Author: Michael Deutschmann
Date:  
To: exim-users
Subject: [Exim] Appeal For Testing: Relay-containment RBLing patch
I've created a patch for Exim to add more RBL options, to deal with four
stage open relay (Spammer -> Open Relay -> otherwise-secure Exim
Smarthost -> Victim).

I do not administer any servers that need this, so I can't test it
adequately. It may be horribly broken and I wouldn't know. So I'm
asking anybody who has a good RBL test harness, (or a mailserver that can
use it and some risk tolerance ;) ) to try it out.

I've shown an earlier prototype to Mr. Hazel, and he saw no problem
with it (but he's not accepting new official features at this time).

--

In addition to the "/warn", and "/reject" RBL flags, the patch adds to more:

"/block" mostly acts like "/reject". However, if the host trys to do an
outgoing relay, it will kick in *even if the host is not listed in
rbl_hosts*. This is to allow a smarthost to enforce ORBS checking even
against `trusted' hosts, and satifsy the ORBS mail-hub requirements.
Local messages from the host ("Help! Why has your smarthost stopped
working?") are not blocked.

"/contain" also blocks relaying regardless of "rbl_hosts", but only acts
as Warn for incoming mail. This is for people who want to aggresively
block 4-stage relay while not applying ORBS against incoming mail.

It's on ftp.ocis.net, /pub/users/ldeutsch/alpha/exim-3.12.rcp1.diff.gz.
The patch adds some self-documentation to NewStuff.

---- Michael Deutschmann <michael@???>