Re: [Exim] RBL blocking

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Alan J. Flavell
Fecha:  
A: Margrit.Lottmann
Cc: Exim users list
Asunto: Re: [Exim] RBL blocking
On Tue, 7 Aug 2001 Margrit.Lottmann@??? wrote:

> Any user think, that the new blocker rejects too much domains, also
> serious ... and important domains (example: hbs.edu )


All of the ORBS replacements exhibit the same property in this regard
as the original ORBS: they document the technical fact that the IP
address is (part of) an open relay (chain). This in practice does
also pick out quite a number of otherwise harmless and useful sites.
You have to set your own policy: there's nobody who can decide it for
you. I'm referring to these services generically as "ORB" in this
note.

One possibility is to set the configuration so that it inserts
x-rbl-warning headers, like:

rbl_domains = "XXXXXX/reject : \
                relays.ordb.org/warn : relays.osirusoft.com/warn


(where XXXXXX should be replaced by your MAPS equivalent service)...
and then in the system_filter you can freeze the "warn"-ed items for
inspection:

if   $h_x-rbl-warning contains "relays.osirusoft.com"
      and not $sender_address contains nascom.nasa.gov
[...]
     then
        freeze text "Caught osirusoft x-rbl-warning [...]"
endif


(That recipe of course goes into the part of the system_filter which
is only executed on first_delivery).


Once you have decided that a particular ORB-listed site is being used
to relay spam, you can report them to MAPS RSS if that's appropriate;
and you can list their IP in your local IP blocking list, whatever.

If, on the other hand, you decided this ORB-listed address was
harmless after all, then you can adjust your system filter so that
future mails from this address don't get frozen, or so that (see above
specimen) mails from desirable senders get through. So then those
will be delivered normally (though still with the x-rbl-warning
header, which individual users might use in their PROCMAIL recipes).

> Is there any option to configure, that blocked from RBL-blocker addresses
> will not be blocked ... (except-condition) ???


Of course:

rbl_hosts = ! *.foo.dom : ! *.bar.dom : *

good luck