On Fri, 11 Apr 2003 11:35:11 +0200, Marc Haber
<mh+exim-users@???> wrote:
>Thanks, that works fine. While this makes it necessary to add the
>whitelist to any acl entry that should honor the whitelist, this
>actually nicely documents the fact. It is, however, a little more
>error prone.
To complete this thread, here is the setup that I have finally settled
for:
|acl_whitelist_local_deny:
| accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
| {CONFDIR/local_host_whitelist}\
| {}}
| accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
| {CONFDIR/local_sender_whitelist}\
| {}}
|
|acl_check_rcpt:
| accept hosts = :
| deny local_parts = ^.*[@%!/|] : ^\\.
| accept local_parts = postmaster
| domains = +local_domains
| require verify = sender
| warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
| !verify = reverse_host_lookup
| deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
| !acl = acl_whitelist_local_deny
| senders = ${if exists{/etc/exim4/local_sender_blacklist}\
| {/etc/exim4/local_sender_blacklist}\
| {}}
| deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
| !acl = acl_whitelist_local_deny
| hosts = ${if exists{/etc/exim4/local_host_blacklist}\
| {/etc/exim4/local_host_blacklist}\
| {}}
| warn message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
| log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
| dnslists = inputs.relays.osirusoft.com:dialups.relays.osirusoft.com:spamhaus.relays.osirusoft.com:spamsites.relays.osirusoft.com:spews.relays.osirusoft.com:relays.ordb.org:relays.bl.kundenserver.de:relays.visi.com:sbl.spamhaus.org
| warn message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
| log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
| !senders = ${if exists{CONFDIR/local_postmaster.rfc-ignorant.org_whitelist}\
| {CONFDIR/local_postmaster.rfc-ignorant.org_whitelist}\
| {}}
| dnslists = postmaster.rfc-ignorant.org/$sender_address_domain
| warn message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
| log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
| !senders = ${if exists{CONFDIR/local_abuse.rfc-ignorant.org_whitelist}\
| {CONFDIR/local_abuse.rfc-ignorant.org_whitelist}\
| {}}
| dnslists = abuse.rfc-ignorant.org/$sender_address_domain
| warn message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
| log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
| !senders = ${if exists{CONFDIR/local_whois.rfc-ignorant.org_whitelist}\
| {CONFDIR/local_whois.rfc-ignorant.org_whitelist}\
| {}}
| dnslists = whois.rfc-ignorant.org/$sender_address_domain
| warn message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
| log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
| !senders = ${if exists{CONFDIR/local_dsn.rfc-ignorant.org_whitelist}\
| {CONFDIR/local_dsn.rfc-ignorant.org_whitelist}\
| {}}
| dnslists = dsn.rfc-ignorant.org/$sender_address_domain
| accept domains = +local_domains
| endpass
| message = unknown user
| verify = recipient
| accept domains = +relay_to_domains
| endpass
| message = unrouteable address
| verify = recipient
| accept hosts = +relay_from_hosts
| accept authenticated = *
| deny message = relay not permitted
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
