With a lot of good help from people on this list, we finally got an acl
that checks against blocklists:
Now we want to add a per-domain whitelist from all the checking, for
those clients who complain that they don't want the spam blocked (yes,
there are a few) or who are just ornery enough to not want to tell us
what the error message said but who want to get all email addressed to
them. (We just lost such a client, a reseller, today, and I want to
add this before we lose more.)
I know this isn't necessary what everyone would think of as a good idea,
but frankly as a webhost company we can't be as strict as we'd like to
be for ourselves.
I'm looking to do this strictly on a per-domain basis.
My guess is I can add something above the second "accept" section (see
the entire acl below), something like this:
<snip>
accept domains = +whitelisted_domains
</snip>
as long as I've defined (at the top of my exim.conf file) something like
this:
<snip>
domainlist whitelisted_domains = \
lsearch;/etc/virtual/whitelisted_domains
<snip>
Does this look reasonable to you?
Here's the ACL in question; does it look reasonable to you?
<snip>
check_recipient:
accept hosts = :
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
deny message = $sender_host_address is listed at $dnslist_domain - see
http://www.spamblocked.net
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
smtp.dnsbl.sorbs.net
deny message = $sender_host_address is listed at $dnslist_domain - see
http://www.spamblocked.net
hosts = !+relay_hosts
!authenticated = *
dnslists = bl.spamcop.net : \
dnsbl.njabl.org : \
cbl.abuseat.org : \
http.dnsbl.sorbs.net : \
socks.dnsbl.sorbs.net : \
misc.dnsbl.sorbs.net : \
smtp.dnsbl.sorbs.net : \
web.dnsbl.sorbs.net : \
block.dnsbl.sorbs.net : \
zombie.dnsbl.sorbs.net : \
dul.dnsbl.sorbs.net : \
rhsbl.sorbs.net
accept domains = +local_domains
endpass
verify = recipient
accept domains = +relay_domains
endpass
verify=recipient
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
deny message = relay not permitted
</snip>
Thanks for any advice you can give me.
Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "
http://www.nobaloney.net/contactus.html"
