On Saturday 27 December 2003 05:04 pm, Tabor J. Wells wrote:
> All you need to do is put
>
> accept authenticated = *
>
> in your ACL before the DNSBL checks.
I tried this:
<snip>
check_connect:
accept authenticated = *
deny message = $sender_host_address is listed at $dnslist_domain - see
http:/
dnslists = relays.ordb.org : \
sbl.spamhaus.org : \
bl.spamcop.net : \
dnsbl.njabl.org : \
cbl.abuseat.org : \
http.dnsbl.sorbs.net : \
socks.dnsbl.sorbs.net : \
misc.dnsbl.sorbs.net : \
smtp.dnsbl.sorbs.net : \
web.dnsbl.sorbs.net : \
spam.dnsbl.sorbs.net : \
block.dnsbl.sorbs.net : \
zombie.dnsbl.sorbs.net : \
dul.dnsbl.sorbs.net : \
rhsbl.sorbs.net
</snip>
but I get this in my mainlog file:
<snip>
2003-12-27 17:13:48 H=[157.22.112.98] temporarily rejected connection in
"connect" ACL: cannot test authenticated in connection ACL
</snip>
which makes perfect sense, since I try at connect time:
<snip>
acl_smtp_connect = check_connect
</snip>
So I took it back out, pending a reasonable solution based on my next
questions...
What are the ramifications of checking later, after auth? Will I still
be able to deny, and if I do, will the sending server consider it a
temporary or permanent error?
I'd really like to use the dul.dnsbl.sorbs.net to check against dialup
and other dynamic IP users, but still accept email from authenticated
users, so I hope there's a reasonable solution.
Thanks for your help.
Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "
http://www.nobaloney.net/contactus.html"
