Re: [Exim] Some more broken ACL's

Página Inicial
Delete this message
Reply to this message
Autor: Peter Bowyer
Data:  
Para: exim-users
Assunto: Re: [Exim] Some more broken ACL's
Avleen Vig <lists-exim@???> wrote:
> I have a secondary MX relay mail to my server.
> I want to check the Received: header for the IP of the server sending
> mail to my secondary and do DNSBL lookups against that.
>


This is one of those really annoying 'are you sure you want to do that?'
answers. Someone else will doubtless work out why your ACL doesn't do what
it's meant to....

You really should be implementing this ACL on the secondary server. Since
this is a data acl, it won't trigger in a recipient callout from the
secondary server (even if that server does those), so by the time the
secondary is sending the message to you it's already accepted it. You do a
DENY, and the secondary server is stuck with the message. Its queues fill up
with undeliverable bounces for its downstreams. Much badness. A proper
defensive strategy has secondary MXs with policies at least as strict as the
primary server - that way the only MTA the mail sticks with is the
spammer's.

I guess the secondary isn't under your control - if you feel you really need
a secondary, maybe it's time to rent a tiny corner of the internet to run it
on.

Peter