[exim] greylisting selectively

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Ryan Tracey
Date:  
To: Exim users list
Subject: [exim] greylisting selectively
Hi

For various reasons (people who think email will always be like instant messenger) I am not able to greylist for all recipients. To try and ensure that the most appropriate sending hosts are greylisted I set acl_cX based on a number of conditions and then greylist based on whether at least one of those conditions is met. I have pasted the relevant acl sections below. This appears to work well -- no one has tried to lynch me yet and the log messages seem to be accurate.

My question (more of a sanity check) is: what am I not considering, or, what might come back and bite me with this approach.

Also, if this appoach is relatively problem-free, which RBLs are the most effective?

Here're the acls:

In acl_connect: 

  warn  !verify   = reverse_host_lookup
    set acl_c1  = broken rdns for $sender_host_address
    delay   = 5s



In acl_helo: 

  warn  dnslists  = sbl-xbl.spamhaus.org
    set acl_c3  = $sender_host_address is listed in $dnslist_domain=$dnslist_value
    log_message = acl_rcpt: warn, $sender_host_address is listed in $dnslist_domain=$dnslist_value
    delay   = 5s



In acl_mail: 

  warn  log_message = acl_helo: (warn-only) helo check failed $sender_helo_name
    !verify   = helo
    set acl_c2  = could not verify given HELO name $sender_helo_name
    delay   = 5s



In acl_rcpt: 

  warn  condition = ${if def:acl_c3 {1}}
    set acl_m0  = $acl_c3


  warn  condition = ${if def:acl_c1 {1}}
    condition = ${if !def:acl_m0 {1}}
    set acl_m0  = $acl_c1


  warn  condition = ${if def:acl_c2 {1}}
    condition = ${if !def:acl_m0 {1}}
    set acl_m0  = $acl_c2


  warn  local_parts = CONFDIR/greylistd_users
    condition = ${if !def:acl_m0 {1}}
    set acl_m0  = user spec


  # greylist hosts that match one the above conditions
  #
  defer message   = $sender_host_address is not yet authorized to send mail. Try again later. \
          Reason: $acl_m0
    log_message = greylistd ($acl_m0) defers triple $sender_host_address <$sender_address> <$local_part@$domain>
    !senders  = :
    !hosts    = : +relay_from_hosts : \
                   ${if exists {/etc/greylistd/whitelist-hosts}\
                    {/etc/greylistd/whitelist-hosts}{}} : \
                    ${if exists {/var/lib/greylistd/whitelist-hosts}\
                   {/var/lib/greylistd/whitelist-hosts}{}}
    domains   = +local_domains : +relay_to_domains
    verify    = recipient
    condition = ${if def:acl_m0 {1}}
    condition = ${readsocket{/var/run/greylistd/socket}\
                   {--grey \
                    $sender_host_address \
                    $sender_address \
                    $local_part@$domain}\
                  {5s}{}{false}}



Thanks,
Ryan




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Problems configuring Exim 4.20 with amavis-neRe: [exim] Very long delay after RCPT->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)