Re: [Exim] Bypassing RBL check for authenticated users.

Top Page
Delete this message
Reply to this message
Author: Oren Levi
Date:  
To: Robert Kehl
CC: exim-users
Subject: Re: [Exim] Bypassing RBL check for authenticated users.
Well i did what u suggested works fine besides the span control:

here is what i have now:

begin acl

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.

require verify = sender

accept domains = +local_domains
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

  accept  hosts = +auth_relay_hosts
          endpass
          message = $sender_fullhost is currently not permitted to  relay
through this server.
          authenticated = *
          condition = ${if eq{$authenticated_id}{$sender_address}{yes}{no}}
          verify = sender


accept hosts = :
#!!# Spam control starts here:

deny message = rejected because $sender_host_address is blacklisted at
$dnslist_domain \n$dnslist_text
dnslists = bl.spamcop.net : \
           blackholes.mail-abuse.org : \
           dialup.mail-abuse.org : \
           blackholes.easynet.nl : \
           sbl.spamhaus.org : \
           opm.blitzed.org : \
           ipwhois.rfc-ignorant.org : \
           cbl.abuseat.org : \
           spamhaus.relays.osirusoft.com=127.0.0.6 : \
           sbl.spamhaus.org=127.0.0.2 : \
           relays.ordb.org
#  spamsources.relays.osirusoft.com : \
# removed  inputs.relays.osirusoft.com
#!!# Spam control stops here



  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}
}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}
}} \
                {yes}{no}}


  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{mailman-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/mailman/config.pck}}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{mailman-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/mailman/config.pck}}} \
                {yes}{no}}



deny    message = $sender_fullhost is currently not permitted to send you
must first authenticate



#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept


What's possibly wrong ?

Thanks,
Oren.

----- Original Message -----
From: "Robert Kehl" <mailinglists@???>
To: "Oren Levi" <orenlevi@???>
Cc: <exim-users@???>
Sent: Wednesday, September 17, 2003 2:13 AM
Subject: Re: [Exim] Bypassing RBL check for authenticated users.


>
> ----- Original Message -----
> From: "Oren Levi" <orenlevi@???>
> To: "Robert Kehl" <mailinglists@???>
> Cc: <exim-users@???>
> Sent: Wednesday, September 17, 2003 3:04 AM
> Subject: Re: [Exim] Bypassing RBL check for authenticated users.
>
>
> > The change you suggested left my server open to relay.
>
> Sorry, it wasn't a full acl, as you didn't post one, too.
>
> The very last block in your check_recipient acl should always be this:
>
> > deny    message = $sender_fullhost is currently not permitted to send
> you
> > must first authenticate

>
> Suggestion 1: Move the following block to the bottom of your
> check_recipient acl, but ensure that the 'deny' statement still follows.
>
> > #!!# Spam control starts here:
> > deny message = rejected because $sender_host_address is \
> > blacklisted at $dnslist_domain\n\
> > $dnslist_text
> > dnslists = bl.spamcop.net : \
> >            blackholes.mail-abuse.org : \
> >            dialup.mail-abuse.org : \
> >            blackholes.easynet.nl : \
> >            sbl.spamhaus.org : \
> >            opm.blitzed.org : \
> >            ipwhois.rfc-ignorant.org : \
> >            cbl.abuseat.org : \
> >            spamhaus.relays.osirusoft.com=127.0.0.6 : \
> >            sbl.spamhaus.org=127.0.0.2 : \
> >            relays.ordb.org
> > #  spamsources.relays.osirusoft.com : \
> > # removed  inputs.relays.osirusoft.com
> > #!!# Spam control stops here

>
> Suggestion 2: If you believe the following block to be correct, move it
> upwards before the "Spam control" block. Do not move the 'deny'
> statement, or after it nothing will ever get processed.
>
> >   accept  hosts = +auth_relay_hosts
> >           endpass
> >           message = $sender_fullhost is currently not permitted to \
> >                         relay through this server. Perhaps you \
> >                         have not logged into the pop/imap server in
> the \
> >                         last 30 minutes or do not have SMTP
> Authentication
> > turned on in your email client.
> >           authenticated = *
> >           condition = ${if
> eq{$authenticated_id}{$sender_address}{yes}{no}}
> >           verify = sender

>
> Regards,
>
> Robert Kehl
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim

details at http://www.exim.org/ ##
>
>
>