[Exim] whitelisting domains from rbl checking

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jeff Lasman
Dátum:  
Címzett: exim-users
Tárgy: [Exim] whitelisting domains from rbl checking
With a lot of good help from people on this list, we finally got an acl
that checks against blocklists:

Now we want to add a per-domain whitelist from all the checking, for
those clients who complain that they don't want the spam blocked (yes,
there are a few) or who are just ornery enough to not want to tell us
what the error message said but who want to get all email addressed to
them. (We just lost such a client, a reseller, today, and I want to
add this before we lose more.)

I know this isn't necessary what everyone would think of as a good idea,
but frankly as a webhost company we can't be as strict as we'd like to
be for ourselves.

I'm looking to do this strictly on a per-domain basis.

My guess is I can add something above the second "accept" section (see
the entire acl below), something like this:

<snip>
accept  domains     = +whitelisted_domains
</snip>


as long as I've defined (at the top of my exim.conf file) something like
this:

<snip>
domainlist whitelisted_domains = \
lsearch;/etc/virtual/whitelisted_domains
<snip>

Does this look reasonable to you?

Here's the ACL in question; does it look reasonable to you?

<snip>
check_recipient:

accept hosts = :

  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]


  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./


  accept  local_parts = postmaster
          domains     = +local_domains


require verify = sender

  deny message = $sender_host_address is listed at $dnslist_domain - see
http://www.spamblocked.net
       dnslists = sbl.spamhaus.org : \
                  relays.ordb.org : \
                  smtp.dnsbl.sorbs.net


  deny message = $sender_host_address is listed at $dnslist_domain - see
http://www.spamblocked.net
       hosts = !+relay_hosts
       !authenticated = *
       dnslists = bl.spamcop.net : \
                  dnsbl.njabl.org : \
                  cbl.abuseat.org : \
                  http.dnsbl.sorbs.net : \
                  socks.dnsbl.sorbs.net : \
                  misc.dnsbl.sorbs.net : \
                  smtp.dnsbl.sorbs.net : \
                  web.dnsbl.sorbs.net : \
                  block.dnsbl.sorbs.net : \
                  zombie.dnsbl.sorbs.net : \
                  dul.dnsbl.sorbs.net : \
                  rhsbl.sorbs.net


  accept  domains = +local_domains
          endpass
          verify = recipient


  accept  domains = +relay_domains
          endpass
          verify=recipient


  accept  hosts = +relay_hosts
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
  deny    message = relay not permitted


  deny    message = relay not permitted
</snip>


Thanks for any advice you can give me.

Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"