----- Original Message -----
From: "Oren Levi" <orenlevi@???>
To: "Robert Kehl" <mailinglists@???>
Cc: <exim-users@???>
Sent: Wednesday, September 17, 2003 3:04 AM
Subject: Re: [Exim] Bypassing RBL check for authenticated users.
> The change you suggested left my server open to relay.
Sorry, it wasn't a full acl, as you didn't post one, too.
The very last block in your check_recipient acl should always be this:
> deny message = $sender_fullhost is currently not permitted to send
you
> must first authenticate
Suggestion 1: Move the following block to the bottom of your
check_recipient acl, but ensure that the 'deny' statement still follows.
> #!!# Spam control starts here:
> deny message = rejected because $sender_host_address is \
> blacklisted at $dnslist_domain\n\
> $dnslist_text
> dnslists = bl.spamcop.net : \
> blackholes.mail-abuse.org : \
> dialup.mail-abuse.org : \
> blackholes.easynet.nl : \
> sbl.spamhaus.org : \
> opm.blitzed.org : \
> ipwhois.rfc-ignorant.org : \
> cbl.abuseat.org : \
> spamhaus.relays.osirusoft.com=127.0.0.6 : \
> sbl.spamhaus.org=127.0.0.2 : \
> relays.ordb.org
> # spamsources.relays.osirusoft.com : \
> # removed inputs.relays.osirusoft.com
> #!!# Spam control stops here
Suggestion 2: If you believe the following block to be correct, move it
upwards before the "Spam control" block. Do not move the 'deny'
statement, or after it nothing will ever get processed.
> accept hosts = +auth_relay_hosts
> endpass
> message = $sender_fullhost is currently not permitted to \
> relay through this server. Perhaps you \
> have not logged into the pop/imap server in
the \
> last 30 minutes or do not have SMTP
Authentication
> turned on in your email client.
> authenticated = *
> condition = ${if
eq{$authenticated_id}{$sender_address}{yes}{no}}
> verify = sender
Regards,
Robert Kehl
