On Wed, 24 Dec 2003 16:33:06 -0800 Jeff Lasman <blists@???> wrote:
> <snip>
> acl_not_smtp ACL for non-SMTP messages
> acl_smtp_auth ACL for AUTH
> acl_smtp_connect ACL for start of SMTP connection
> acl_smtp_data ACL after DATA
> acl_smtp_etrn ACL for ETRN
> acl_smtp_expn ACL for EXPN
> acl_smtp_helo ACL for HELO or EHLO
> acl_smtp_mail ACL for MAIL
> acl_smtp_rcpt ACL for RCPT
> acl_smtp_starttls ACL for STARTTLS
> acl_smtp_vrfy ACL for VRFY
> </snip>
> but I'm not sure which one of these I should use to call it.
for connect time, use something like this. in the main config
section, you have to put in one of these:
acl_smtp_connect = check_connect
for each acl group you want to turn on. then, in the acl
section, do something like this:
begin acl
check_connect:
drop condition = ${if eq{$sender_ident}{squid|CacheFlow Server|proxy}{yes}{no}}
message = we do not accept mail from proxy servers
drop message = host is listed in $dnslist_domain
dnslists = cbl.abuseat.org : \
opm.blitzed.org
accept
i consider the cbl and opm lists to be good ones for connect time
checking. i check other lists (like the the sbl) at rcpt to: time. also,
i use deny rather than drop for those, as i want to send a message
back rather than going silent.
merry christmas,
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
