RE: [Exim] Rbl checking only for incoming messages

Top Page
Delete this message
Reply to this message
Author: Somuchfun
Date:  
To: exim-users
Subject: RE: [Exim] Rbl checking only for incoming messages
Well,
I tried the recommendations from here and it did not work again.
Here is my whole ACL. It seems that now no more rbl checking is done.
The reason why I want to turn rbl checking off for authenticated local users
is that DSL subscribers in Europe seem to be included in the dnsbl.njabl.org
list and that would mean they are prevented from sending out mail even
though they have a valid account on the machine.
Here is the ACL:

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :



  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}
}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}
}} \
                {yes}{no}}


  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{mailman-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/mailman/config.pck}}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{mailman-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/mailman/config.pck}}} \
                {yes}{no}}






require verify = sender

deny message = $sender_host_address is listed \
at $dnslist_domain
hosts = !+auth_relay_hosts
!authenticated = *
dnslists = list.dsbl.org : \
sbl.spamhaus.org : \
bl.spamcop.net : \
dnsbl.njabl.org : \
relays.ordb.org : \
korea.services.net : \
china.blackholes.us : \
russia.blackholes.us
deny local_parts = ^.*[@%!/|]
message = I've never seen @, %, !, /, or | in an e-mail. Neither should you.

  accept  domains = +local_domains
           endpass
           message = unknown user
           verify = recipient
  accept  domains = +relay_domains
  accept  hosts = +relay_hosts
  accept  condition = ${perl{checkrelayhost}{$sender_host_address}}


  accept  hosts = +auth_relay_hosts
          endpass
          message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication
turned on in your email client.
          authenticated = *


  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication
turned on in your email client.


#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept

> -----Original Message-----
> From: Odhiambo Washington [mailto:wash@wananchi.com]
> Sent: Monday, December 08, 2003 7:52 AM
> To: Somuchfun
> Subject: Re: [Exim] Rbl checking only for incoming messages
>
> * Somuchfun <somuchfun@???> [20031208 17:25]: wrote:
> > Kevin,
> > I tried your suggestion but it does not work. I wonder if
> it even could work
> > the way you suggested it because local_domains has domain
> names in it and
> > the rbl lists do ip address lookups so both are not really
> compatible.
> > Perhaps the solution is to not run authenticated senders
> through the rbl
> > lists?
>
> Show your config. Kevin's suggestion is quite okay. It works for many.
> Another way (the way you want it)
>
>   deny message       = $dnslist_text
>        hosts         = !+relay_from_hosts
>       !authenticated = *
>       dnslists       = whatever

>
> but actually I see nothing wrong with Kevin's suggestion. It
> might only be
> meaningless if above that, you already had done an
>
> accept domains = +local_domains
>
>
>
>
> >
> >
> > > -----Original Message-----
> > > From: exim-users-admin@???
> > > [mailto:exim-users-admin@exim.org] On Behalf Of Kevin Reed
> > > Sent: Saturday, December 06, 2003 5:52 PM
> > > To: exim-users@???
> > > Subject: Re: [Exim] Rbl checking only for incoming messages
> > >
> > > Somuchfun said:
> > > > Hello everyone,
> > > > I am using rbl checking on Exim 4 right now but it
> seems to check
> > > incoming
> > > > and outgoing message which is annoying if you check for
> > > dynablocks. Is
> > > there a way to restrict the rbl checking only for incoming
> > > smtp traffic?
> > > >
> > > > This is what I have right now as part of my ACLs:
> > >
> > > This ACL needs to change...
> > >
> > > > deny message = $sender_host_address is listed \
> > > > at $dnslist_domain
> > > > dnslists = list.dsbl.org : \
> > > > sbl.spamhaus.org : \
> > > > bl.spamcop.net : \
> > > > relays.ordb.org : \
> > > > korea.services.net : \
> > > > china.blackholes.us : \
> > > > russia.blackholes.us
> > >
> > > Assuming you have a domain list of your local domains you can
> > > use hosts
> > > with a negated local_domains list to accomplish this...
> > >
> > > deny message = $sender_host_address is listed at $dnslist_domain
> > >      hosts = !+local_domains
> > >      dnslists = list.dsbl.org : \
> > >          sbl.spamhaus.org : \
> > >          bl.spamcop.net : \
> > >          relays.ordb.org : \
> > >          korea.services.net : \
> > >          china.blackholes.us : \
> > >          russia.blackholes.us

> > >
> > > --
> > > Kevin W. Reed - TNET Services, Inc.
> > > Unoffical Exim MTA Info Forums - http://exim.got-there.com/forums
> > >
> > >
> > >
> > >
> > > --
> > >
> > > ## List details at
> > > http://www.exim.org/mailman/listinfo/exim-users Exim details
> > > at http://www.exim.org/ ##
> > >
> > >
> >
> >
> > --
> >
> > ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim details
> at http://www.exim.org/ ##
>
> -Wash
>
> http://www.netmeister.org/news/learn2quote.html
>
> --
> +=============================================================
> =========+
>     |\      _,,,---,,_     | Odhiambo Washington
> <wash@???>
> Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
>    |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
>   '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
> +=============================================================
> =========+
> Real software engineers work from 9 to 5, because that is the way the
> job is described in the formal spec.  Working late would feel like
> using an undocumented external procedure.

>