[Exim] ACL using RBLs .. RESOLVED

Top Page
Delete this message
Reply to this message
Author: Jeff Lasman
Date:  
To: exim-users
Subject: [Exim] ACL using RBLs .. RESOLVED
Here's what I've finally got working. Note that whitelisted_domains is
properly defined earlier in the ACL

Note also that I learned in testing that you can't have a comment begin
on the same line as the end of dnslists, after the last list to check;
if you do nothing will match...

For example this does NOT work:

<snip>
 dnslists = bl.spamcop.net : \
      dnsbl.njabl.org : \
      cbl.abuseat.org : \
      dnsbl.sorbs.net!=127.0.0.6  # not including spam.dnsbl.sorbs.net
</snip>


But this does:

<snip>
 # dnslists not including spam.dnsbl.sorbs.net
 dnslists = bl.spamcop.net : \
      dnsbl.njabl.org : \
      cbl.abuseat.org : \
      dnsbl.sorbs.net!=127.0.0.6
</snip>


Here's the section of the ACL that handles RBLs:

<snip>
# Deny stuff from insecure hosts & spammers.
# No exceptions for known users
# But do bypass all checking for whitelisted domains
  deny message = $sender_host_address is listed at $dnslist_domain
       domains = !+whitelisted_domains
       # only smtp.dnsbl.sorbs.net = 127.0.0.5
       dnslists = sbl.spamhaus.org : \
                  relays.ordb.org : \
                  dnsbl.sorbs.net=127.0.0.5


# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted domains
  deny message = $sender_host_address is listed at $dnslist_domain
       hosts = !+relay_hosts
       domains = !+whitelisted_domains
       !authenticated = *
       # dnslists not including spam.dnsbl.sorbs.net
       dnslists = bl.spamcop.net : \
                  dnsbl.njabl.org : \
                  cbl.abuseat.org : \
                  dnsbl.sorbs.net!=127.0.0.6


  deny message = $sender_address_domain is listed at $dnslist_domain
       domains = !+whitelisted_domains
       # rhsbl list is name based
       dnslists = rhsbl.sorbs.net/$sender_address_domain
</snip>


If anyone has any more comments, I'd like to see them. If no-one has
anything negative to say for the next day or so, then anyone wishing to
use this as a template for their own, may feel free to do so.

Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"