I've built a patch for exim to do the extended RBL handling - its
attached to
this message. Appears to work fine - I have it running on the exim
list box
(which now RBLS on MAPS and ORBS (but for 127.0.0.2 & 127.0.0.3 entries
-
single host blocks but not netblocks).
The exim.org box has the following RBL line
rbl_domains = rbl.maps.vix.com/reject:\
relays.orbs.org=127.0.0.2,127.0.0.3/reject
[wrapped]
I did not implement either explicit or default short circuiting on
/warn entries.
Nigel
[copied chunk of original message to give spec]
The ORBS enhancements involve using different A record values to denote
different forms of "sinner" in the database - ie confirmed open relay
(127.0.0.2), a manual entry (127.0.0.3) or a netblock - the politically
hot one (127.0.0.4).
There is also potentially a "white list" - an RBL like list of
(probably single host) exceptions to large netblocks.
I think we can handle these extensions to the current RBL handling with
a few (backward compatible) changes. The current format of rbl_domains
is a colon separated list of rbl domain entries, where each rbl domain
consists of a domain optionally followed by /warn or /reject:-
RBL_DOMAINS = RBLDOM [ : RBL_DOMAINS ]
RBLDOM = domain [ /warn | /reject ]
I'd like to change this to
RBLDOM = domain [ = ipaddr[,ipaddr...] ] [ /warn | /reject | /accept ]
The domain is the domain suffix to use for the RBL lookup, and an A/TXT
lookup is done in the DNS (if there are no A records for that entry
then you do not also lookup the TXT records).
if there are is an =ipaddr... section to the RBLDOM entry then the
returned A records should be compared to each of the comma separated IP
addresses in turn, and the RBLDOM entry only taken as matching iff one
of those ip addresses match.
if there is no =ipaddr section to the RBLDOM entry then any A record is
taken as a match.
[I originally thought of using regexps here rather than IP lists, but
the dots in ip addresses mean regexps need lots of backslashes and
hence the admin gets a headache]
The suffix then determines the way the lookup is handled - this
defaults as per the current exim implementation. The values are:-
/reject - reject the any recipients given by RCPT SMTP commands
except those listed in recipients_reject_except.
[accepted recipients have a warning header added to the
message]
no further rbl_domains entries are parsed (ie this short
circuits evaluation of rbl_domains)
/accept - accept any recipients given by RCPT SMTP commands
no further rbl_domains entries are parsed (ie this short
circuits evaluation of rbl_domains). This is used for
"white lists". Earlier /warn entries may have already
added warn headers - ordering within the rbl_domains
should be used if this is a problem.
/warn - accept the recipients, but add a warning header to
the message. Further rbl_domains entries are also
processed***
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
