I've created a patch for Exim to add more RBL options, to deal with four
stage open relay (Spammer -> Open Relay -> otherwise-secure Exim
Smarthost -> Victim).
I do not administer any servers that need this, so I can't test it
adequately. It may be horribly broken and I wouldn't know. So I'm
asking anybody who has a good RBL test harness, (or a mailserver that can
use it and some risk tolerance ;) ) to try it out.
I've shown an earlier prototype to Mr. Hazel, and he saw no problem
with it (but he's not accepting new official features at this time).
--
In addition to the "/warn", and "/reject" RBL flags, the patch adds to more:
"/block" mostly acts like "/reject". However, if the host trys to do an
outgoing relay, it will kick in *even if the host is not listed in
rbl_hosts*. This is to allow a smarthost to enforce ORBS checking even
against `trusted' hosts, and satifsy the ORBS mail-hub requirements.
Local messages from the host ("Help! Why has your smarthost stopped
working?") are not blocked.
"/contain" also blocks relaying regardless of "rbl_hosts", but only acts
as Warn for incoming mail. This is for people who want to aggresively
block 4-stage relay while not applying ORBS against incoming mail.
It's on
ftp.ocis.net, /pub/users/ldeutsch/alpha/exim-3.12.rcp1.diff.gz.
The patch adds some self-documentation to NewStuff.
---- Michael Deutschmann <michael@???>