Re: [Exim] Lists supported

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Dennis Davis
Data:  
Para: exim-users
Asunto: Re: [Exim] Lists supported
>From: Philip Hazel <ph10@???>
>Reply-To: exim-users@???
>To: Ron McKeating <R.J.Mckeating@???>
>cc: "Exim-Users (E-mail)" <exim-users@???>
>Subject: Re: [Exim] Lists supported
>Date: Thu, 29 May 2003 12:30:10 +0100 (BST)
>
>On 29 May 2003, Ron McKeating wrote:
>
>> Does exim support
>>
>> 127.1.0.13 OPS RSS RBL
>>
>> As in in
>>
>> bl-plus.mail-abuse.ja.net=127.1.0.13:\
>
>Should do.
>
>> Only the book only seems to list 127.1.0.[1..7]
>
>That's just the list of values that RBL+ happens to use.


You can find the full list of what's returned at:

http://www.ja.net/CERT/JANET-CERT/mail/mail-abuse/rbl-plus-guide.html

The above should provide enough information for you to be very
selective. As far as I'm concerned, this is far too sophisticated.
If it's in the RBL+ database, we just refuse the connection.

*However* you might like to also configure your servers to accept
authenticated connections over TLS and allow them to relay anywhere.
I'm using the following ACL *before* the RBL checking:


  # This is here *before* the MAPS RBL+ stuff etc so connections
  # authenticated over TLS can be accepted even if the connecting
  # IP address is in an RBL list we'd usually deny.  On reflection,
  # this is unbelievably generous of me...must have mistakenly
  # swallowed a happy pill before coding this...
  accept  hosts = +auth_relay_hosts
          encrypted = TLS_CIPHERS_TO_USE
          authenticated = *



where I've restricted encrypted connection to using high or medium
grade ciphers.

I haven't tested this as I have no need for email from the Casio
calculator I have at home. But colleagues have reported that it
works fine from their home connections using clients such as Outlook
& Mulberry. Can't say for sure if they've tried it from any host
that is in an RBL we check.