Re: [Exim] ACL using RBLs .. RESOLVED

Góra strony
Delete this message
Reply to this message
Autor: Fred Viles
Data:  
Dla: exim-users
Temat: Re: [Exim] ACL using RBLs .. RESOLVED
On 3 Jan 2004 at 23:10, Jeff Lasman wrote about
    "[Exim] ACL using RBLs .. RESOLVED":


| Here's what I've finally got working. Note that whitelisted_domains is
| properly defined earlier in the ACL


FWIW, I have one comment:

|...
| <snip>
| # Deny stuff from insecure hosts & spammers.
| # No exceptions for known users
| # But do bypass all checking for whitelisted domains
|   deny message = $sender_host_address is listed at $dnslist_domain
|        domains = !+whitelisted_domains


Using a domain list for the whitelist means having to update the
config file and restart exim each time you add or delete a whitelist
entry. I like to use external files for that reason.

If you run your own DNS server, you can set up your own DNSBL style
zone for whitelisting (not to mention supplemental blacklisting)
sender MTAs. You can also use lsearch to check for whitelisted
sender domains, and/or to whitelist individual sender addresses, all
without restarting exim when you update the whitelist(s).

I use all three types in my ACL:

      !dnslists    = whitelist
      !sender_domains = lsearch;/usr/exim/domain_whitelist
      !senders    = @@lsearch;/usr/exim/sender_whitelist


I use domain_whitelist for things like customer domains where the
sending MTA is not predictable, and sender_whitelist for cases where
I don't want to whitelist the entire domain (eg someuser@???).

| If anyone has any more comments, I'd like to see them. If no-one has
| anything negative to say for the next day or so, then anyone wishing to
| use this as a template for their own, may feel free to do so.


Mine is not a negative comment, as there is nothing wrong with your
approach AFAIK. I like to keep "code" (config file) and "data"
(whitelists) separate, but there's also something to be said for
making all your changes in one place.

- Fred