** Warning ** New poster alert :)
Richard Welty <rwelty@???> wrote:
> On Sat, 19 Jul 2003 21:43:40 -0500 Jerry Jorgenson <jerry@???> wrote:
>
> > Folks,
> >
> > I have some incoming domains that I need to let through even though they
> > are in RBL lists. While I can allow them in by:
> >
> > accept hosts = /etc/mail/allow_access_list
> > deny dnslists = relays.ordb.org : sbl.spamhaus.org
> >
> > This lets them through, but has the unfortunate effect of making an open
> > relay for every host listed in /etc/mail/allow_access_list,
>
> accept hosts = /etc/mail/allow_access_list
> domains = +local_domains
Hmmm... I like this one (over excluding from the RBL) since I also
have a blacklist. On seeing this thread, I realized I was doing the
same thing (allowing relaying from whitlisted hosts). I've modified
my config along the above lines.
Processing goes...
Accept verified names from whitlisted hosts to local domains
Deny mail from blacklisted hosts
Deny mail from RBL's hosts
... then default stuff, accept to local, accept relay, deny all else
Rules look like...
#
# Accept mail from whitlisted hosts to known users in the local domains
#
accept hosts = /usr/local/exim/whitelist, \
/usr/local/exim/whitelist.listmgr
domains = +local_domains
endpass
message = unknown user
verify = recipient
#
# Reject any mail from blacklisted hosts
#
deny hosts = /usr/local/exim/blacklist
message = Rejected
log_message = Rejected [BLACKLIST] $sender_host_name $sender_host_address
#
# Check source domain againsts various RBLs
#
deny message = rejected by $dnslist_domain
log_message = Rejected [$dnslist_domain] $sender_host_address\n$dnslist_text
dnslists = +exclude_unknown : \
relays.ordb.org : \
relays.osirusoft.com
This maintains the my logical hierarchy where whitelist trumps blacklist
and RBL without having to exclude whitelist hosts from both the blacklist
check and the RBL check.
--
Do two rights make | Kevin Smith, ShadeTree Software, Philadelphia, PA, USA
a libertarian | 001-215-487-3811 shady,com,kevin
