Re: [Exim] block lists

Top Page
Delete this message
Reply to this message
Author: Richard Welty
Date:  
To: exim-users
Subject: Re: [Exim] block lists
On Wed, 24 Dec 2003 16:33:06 -0800 Jeff Lasman <blists@???> wrote:
> <snip>
>   acl_not_smtp      ACL for non-SMTP messages
>   acl_smtp_auth     ACL for AUTH
>   acl_smtp_connect  ACL for start of SMTP connection
>   acl_smtp_data     ACL after DATA
>   acl_smtp_etrn     ACL for ETRN
>   acl_smtp_expn     ACL for EXPN
>   acl_smtp_helo     ACL for HELO or EHLO
>   acl_smtp_mail     ACL for MAIL
>   acl_smtp_rcpt     ACL for RCPT
>   acl_smtp_starttls ACL for STARTTLS
>   acl_smtp_vrfy     ACL for VRFY
> </snip>


> but I'm not sure which one of these I should use to call it.


for connect time, use something like this. in the main config
section, you have to put in one of these:

acl_smtp_connect = check_connect

for each acl group you want to turn on. then, in the acl
section, do something like this:

begin acl

check_connect:
  drop    condition = ${if eq{$sender_ident}{squid|CacheFlow Server|proxy}{yes}{no}}
          message       = we do not accept mail from proxy servers
  drop    message = host is listed in $dnslist_domain
          dnslists = cbl.abuseat.org : \
             opm.blitzed.org
  accept


i consider the cbl and opm lists to be good ones for connect time
checking. i check other lists (like the the sbl) at rcpt to: time. also,
i use deny rather than drop for those, as i want to send a message
back rather than going silent.

merry christmas,
   richard
--
Richard Welty                                         rwelty@???
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security