Re: [Exim] How to exclude some hosts from dnslist access lis…

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: Re: [Exim] How to exclude some hosts from dnslist access lists?
On Fri, 11 Apr 2003 11:35:11 +0200, Marc Haber
<mh+exim-users@???> wrote:
>Thanks, that works fine. While this makes it necessary to add the
>whitelist to any acl entry that should honor the whitelist, this
>actually nicely documents the fact. It is, however, a little more
>error prone.


To complete this thread, here is the setup that I have finally settled
for:

|acl_whitelist_local_deny:
|  accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
|                        {CONFDIR/local_host_whitelist}\
|                        {}}
|  accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
|                        {CONFDIR/local_sender_whitelist}\
|                        {}}

|
|acl_check_rcpt:
|  accept hosts = :
|  deny local_parts = ^.*[@%!/|] : ^\\.
|  accept local_parts = postmaster
|         domains = +local_domains
|  require verify = sender
|  warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
|       !verify = reverse_host_lookup
|  deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
|       !acl = acl_whitelist_local_deny
|       senders = ${if exists{/etc/exim4/local_sender_blacklist}\
|                             {/etc/exim4/local_sender_blacklist}\
|                             {}}
|  deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
|       !acl = acl_whitelist_local_deny
|       hosts = ${if exists{/etc/exim4/local_host_blacklist}\
|                             {/etc/exim4/local_host_blacklist}\
|                             {}}
|  warn  message         = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|        log_message     = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|        dnslists        = inputs.relays.osirusoft.com:dialups.relays.osirusoft.com:spamhaus.relays.osirusoft.com:spamsites.relays.osirusoft.com:spews.relays.osirusoft.com:relays.ordb.org:relays.bl.kundenserver.de:relays.visi.com:sbl.spamhaus.org
|  warn  message         = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|        log_message     = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|        !senders = ${if exists{CONFDIR/local_postmaster.rfc-ignorant.org_whitelist}\
|                        {CONFDIR/local_postmaster.rfc-ignorant.org_whitelist}\
|                        {}}
|        dnslists        = postmaster.rfc-ignorant.org/$sender_address_domain
|  warn  message         = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|        log_message     = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|        !senders = ${if exists{CONFDIR/local_abuse.rfc-ignorant.org_whitelist}\
|                        {CONFDIR/local_abuse.rfc-ignorant.org_whitelist}\
|                        {}}
|        dnslists        = abuse.rfc-ignorant.org/$sender_address_domain
|  warn  message         = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|        log_message     = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|        !senders = ${if exists{CONFDIR/local_whois.rfc-ignorant.org_whitelist}\
|                        {CONFDIR/local_whois.rfc-ignorant.org_whitelist}\
|                        {}}
|        dnslists        = whois.rfc-ignorant.org/$sender_address_domain
|  warn  message         = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|        log_message     = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
|        !senders = ${if exists{CONFDIR/local_dsn.rfc-ignorant.org_whitelist}\
|                        {CONFDIR/local_dsn.rfc-ignorant.org_whitelist}\
|                        {}}
|        dnslists        = dsn.rfc-ignorant.org/$sender_address_domain
|  accept domains = +local_domains
|         endpass
|         message = unknown user
|         verify = recipient
|  accept domains = +relay_to_domains
|         endpass
|         message = unrouteable address
|         verify = recipient
|  accept hosts = +relay_from_hosts
|  accept authenticated = *
|  deny message = relay not permitted


Greetings
Marc

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29