Re: [Exim] Re[2]: Demise of ORBZ

Top Pagina
Deze boodschap maakt deel uit van devolgende draad:
M---\de volledige draad-boom gesorteerd op datum
M+-\MGreg Ward op <-
MM\MSean Rima op ->
Delete this message
Reply to this message
Auteur: Exim Users Mailing List
Datum:  
Aan: Greg Ward
CC: Exim Users Mailing List
Onderwerp: Re: [Exim] Re[2]: Demise of ORBZ
[ On Thursday, March 21, 2002 at 10:46:01 (-0500), Greg Ward wrote: ]
> Subject: Re: [Exim] Re[2]: Demise of ORBZ
>
> I wonder if it would be possible/practical to put this information in a
> DNS-style blacklist. Eg. when an MTA receives
>
> MAIL FROM:<spammer@???>
>
> then it does a DNS query for some-string-derived-from
> "spammer@???" against an "address blacklist" DNS zone, and then
> for "jerks.net" against a "domain blacklist" DNS zone. If either
> matches, boot the jerk out now. Same idea as Exim's sender_reject, but
> with all the advantages of an IP address DNS blacklist. It could
> probably work with Exim's "dnsdb" lookup method; dunno if other MTAs
> would support it though.

Smail does (as of about 3.2.0.114 I think, though the regular expression
support for the exceptions list are not supported until 3.2.0.115 comes
out RSN): 

       smtp_sender_rhsbl_domains
           type: string
           default value: (none)


           This is a colon-separated list of Realtime Right-Hand
           Side Blocking/Black Lists (RHSBL) domains in which a
           DNS A record for the target domain of the sender
           address is looked up as a subdomain.


           The de facto standard set of DNS blacklists for check-
           ing sender addresses are managed by rfc-ignorant.org.
           Like the MAPS RBL they also use an A record value of
           127.0.0.2 to indicate that a domain is listed.


           A match in any domain will cause the connection to be
           rejected by a 550 status message that includes the
           blacklist name in the text of the message, along with
           the content any associated DNS TXT record for the same
           domain.


           An example:


               smtp_sender_rhsbl_domains="rhsbl1.domain;127.0.0.1,10/8\
               :rhsbl2.domain;127.0.0/24"


       smtp_sender_rhsbl_except
           type: string
           default value:


               "${rxquote:hostname}:${rxquote:more_hostnames}"


           This is a colon-separated list of sender address tar-
           get domain regular expressions that should not trigger
           RHSBL lookups.


           An example:


               smtp_sender_rhsbl_except="some.domain:another.domain"


           As you can see from the default value any configura-
           tion items and/or variable are expanded, complete with
           meta-expansion features, when this item is used, as
           described in smail(5).  This allows other colon-sepa-
           rated lists of hostnames, including those derived at
           run time, to be included in this list.


           Note also that any semicolon separated sub-field value
           is simply ignored.



> Has anyone heard of something like this being tried? 

    http://www.rfc-ignorant.org/


--
                                Greg A. Woods


+1 416 218-0098; <gwoods@???>; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>


Deze boodschap werd naar devolgende mailinglijsten gestuurd:
Exim-users
Mailing Lijst Info | Nabije Berichten		<-Re: [Exim] Re[4]: Demise of ORBZ[Exim] mail relay through secure SMTP->
Tahini and Hummus and Cumin Development Archives beheerd door cumin AdminsLurker (versie 2.3)