Re: [Exim] Exim 4.20 - Not denying hosts without reverse DNS…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [Exim] Exim 4.20 - Not denying hosts without reverse DNS....
On Wed, Jun 18, 2003 at 06:27:44PM -0700, Kevin W. Reed wrote:
[...]
> we blocked any site that arrived without a valid reverse
> dns lookup. We didn't care what the result was, just that there was one.
> We also overrode that with a list of users that would get email anyway.


> The configuration looked like:


> host_lookup = !/usr/local/exim4/host_lookup-exempt : \
>     !/usr/local/exim4/net_lookup-exempt : \
>     0.0.0.0/0

[...]

Hello,
Unless I am completely wrong, this does not reject anything, it just
tells exim to try to make a reverse lookup for every incoming host for
logging. I am not that fit with exim3, but you'd probably have to use
something like
host_reject = ${if eq {$host_lookup_failed}{1} {*}{}}

For exim4 you'd use something *similar* (completely untested!) to this
as acl_smtp_connect:
        # accept connections from whitelisted hosts.
        accept hosts = /usr/local/exim4/host_lookup-exempt : \
                       /usr/local/exim4/net_lookup-exempt
        # deny if reverse_host_lookup fails, continue acl otherwise.
        require verify = reverse_host_lookup


        # accept all other connections
        accept


     cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"