Re: [Exim] Some more broken ACL's

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMAvleen Vig at <-
MAlan J. Flavell at ->
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim-users
Subject: Re: [Exim] Some more broken ACL's
Avleen Vig <lists-exim@???> wrote:
> I have a secondary MX relay mail to my server.
> I want to check the Received: header for the IP of the server sending
> mail to my secondary and do DNSBL lookups against that.
>

This is one of those really annoying 'are you sure you want to do that?'
answers. Someone else will doubtless work out why your ACL doesn't do what
it's meant to....

You really should be implementing this ACL on the secondary server. Since
this is a data acl, it won't trigger in a recipient callout from the
secondary server (even if that server does those), so by the time the
secondary is sending the message to you it's already accepted it. You do a
DENY, and the secondary server is stuck with the message. Its queues fill up
with undeliverable bounces for its downstreams. Much badness. A proper
defensive strategy has secondary MXs with policies at least as strict as the
primary server - that way the only MTA the mail sticks with is the
spammer's.

I guess the secondary isn't under your control - if you feel you really need
a secondary, maybe it's time to rent a tiny corner of the internet to run it
on.

Peter



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] Some more broken ACL'sRe: [Exim] Some more broken ACL's->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)