>From: Philip Hazel <ph10@???>
>Reply-To: exim-users@???
>To: Ron McKeating <R.J.Mckeating@???>
>cc: "Exim-Users (E-mail)" <exim-users@???>
>Subject: Re: [Exim] Lists supported
>Date: Thu, 29 May 2003 12:30:10 +0100 (BST)
>
>On 29 May 2003, Ron McKeating wrote:
>
>> Does exim support
>>
>> 127.1.0.13 OPS RSS RBL
>>
>> As in in
>>
>> bl-plus.mail-abuse.ja.net=127.1.0.13:\
>
>Should do.
>
>> Only the book only seems to list 127.1.0.[1..7]
>
>That's just the list of values that RBL+ happens to use.
You can find the full list of what's returned at:
http://www.ja.net/CERT/JANET-CERT/mail/mail-abuse/rbl-plus-guide.html
The above should provide enough information for you to be very
selective. As far as I'm concerned, this is far too sophisticated.
If it's in the RBL+ database, we just refuse the connection.
*However* you might like to also configure your servers to accept
authenticated connections over TLS and allow them to relay anywhere.
I'm using the following ACL *before* the RBL checking:
# This is here *before* the MAPS RBL+ stuff etc so connections
# authenticated over TLS can be accepted even if the connecting
# IP address is in an RBL list we'd usually deny. On reflection,
# this is unbelievably generous of me...must have mistakenly
# swallowed a happy pill before coding this...
accept hosts = +auth_relay_hosts
encrypted = TLS_CIPHERS_TO_USE
authenticated = *
where I've restricted encrypted connection to using high or medium
grade ciphers.
I haven't tested this as I have no need for email from the Casio
calculator I have at home. But colleagues have reported that it
works fine from their home connections using clients such as Outlook
& Mulberry. Can't say for sure if they've tried it from any host
that is in an RBL we check.