Hi Jeff, on Tue, 30 Dec 2003 10:21:36 -0800 you wrote:
> My thanks to you, Tim, for the help you gave me offlist.
Not a problem. For the archives and anyone else similarly stuck, the short
version is this:
You probably want something like this:
deny message = $sender_host_address is listed at $dnslist_domain
hosts = !+relay_from_hosts
!authenticated = *
dnslists = list.dsbl.org : \
sbl.spamhaus.org : \
bl.spamcop.net : \
relays.ordb.org : \
korea.services.net : \
china.blackholes.us : \
russia.blackholes.us
Note the "hosts = !+relay_from_hosts", which will stop checks from known
hosts with static IPs, and the "!authenticated = *" which will skip checks
for hosts that have authenticated.
HOWEVER, you might want to break up the DNSBL list, since for hosts that
are in sbl.spamhaus.org, list.dsbl.org or relays.ordb.org, you really *do*
want to reject the mail even if it's a "known" host (e.g. customer) since
there's a high chance their machine is being used for spamming and you may
be becoming an unwitting relay. Something like this:
# First deny stuff from insecure hosts & spammers. No exceptions
deny message = $sender_host_address is listed at $dnslist_domain
dnslists = list.dsbl.org : \
sbl.spamhaus.org : \
relays.ordb.org
# Now some more "fuzzy" blacklists. Known hosts/users are exempted
deny message = $sender_host_address is listed at $dnslist_domain
hosts = !+relay_from_hosts
!authenticated = *
dnslists = bl.spamcop.net : \
korea.services.net : \
china.blackholes.us : \
russia.blackholes.us
