Re: [Exim] Using ACLs to verify RCPT TO

Pàgina inicial
Delete this message
Reply to this message
Autor: Matt Bernstein
Data:  
A: Alan J. Flavell
CC: Exim users list
Assumpte: Re: [Exim] Using ACLs to verify RCPT TO
At 16:28 -0000 Alan J. Flavell wrote:

>On Thu, 1 Jan 2004, Tim Jackson wrote:
>
>> Hi Tony, on Thu, 01 Jan 2004 15:33:18 +0000 you wrote:
>>
>> > It's a very bad idea to accept email for invalid addresses,
>
>Right. If I refuse to accept their mail on the grounds that they're
>blacklisted, the mail has still been refused.
>
>> I think what Alan was getting at was not that it's good to accept
>> invalid addresses, but rather to check DNSBLs *before* checking the
>> recipient validity (rather than the other way round, as was
>> suggested), on the basis that it prevents spammers who are listed in
>> a blacklist from checking lists of users.
>
>Just so.


Warning: pathlogist at work here. This is really not more than a toy.

Sometimes you want to tag rather than reject, so here's a rather silly
recipe. [Change the second line for your verification criteria; I'm using
an LMTP callforward.]

  deny    hosts = +rbl_hosts
    !verify = recipient/defer_ok/callout=10s/callout_defer_ok
    message = sender_host_address is listed in $dnslist_domain\n\
        $dnslist_text
    log_message = said $dnslist_domain; really
    dnslists = my.favourite.rbl : ...


This lies: it tells the spammers nonexistent (or :fail: or whatever)
recipients were rejected because their host is blacklisted. It might
possibly alert some postmaster somewhere, though of course the spammers
aren't interested in the extra CPU/net cycles you've burnt..

Matt