Author: James P. Roberts Date: To: Avleen Vig, exim-users Subject: Re: [Exim] Checking DNSBL's based on Received: headers
----- Original Message -----
From: "Avleen Vig" <lists-exim@???>
> A common problem people using secondary MX servers, is that they are
> sometimes out of the control of the owner of the primary MX.
>
> We know spammers frequently send directly to the secondart MX to bypass
> ACL checks on the primary in a number of ways.
>
> What I want to know, is if it's possible for me to scan an incoming
> message (probably in the data ACL?) for an IP address and then apply a
> dnslists acl to it??
>
Yes, it can be done, I am doing it. The catch is, you can't do the reject at
SMTP time. It has to be done in the DATA ACL. As a result, when I run the
check, I add an X header to the mail, then divert it to a holding pen account.
(No bounces! Otherwise, the secondary would be overwhelmed and probably stop
providing the free service.) No complaints so far, but I haven't got that
many users.
I can share my recipe with the list if people want.