On Mon, 31 Jan 2005, Alan J. Flavell wrote:
>
> Let's leave aside for the moment the policy question of whether it
> would be wise to reject on the basis of a Spews or SBL listing (as it
> happens, we create local blacklists, using Spews and SBL for guidance,
> rather than for outright rejection). What I'd like to discuss here is
> how to actually implement such a block in exim4.
There are features in the latest snapshots which make this easy. The 4.50
manual will include the following example:
deny message = The mail servers for the domain $sender_address_domain \ |
are listed at $dnslist_domain; see $dnslist_text. |
dnslists = sbl.spamhaus.org/<|${lookup dnsdb {>|a=<|\ |
${lookup dnsdb {>|mxh=\ |
$sender_address_domain} }} } |
You can do similar things with the zns dnsdb pseudo-type to check name
servers against blacklists.
Matching against a locally-maintained blacklist in a file is more
difficult, because in general you're trying to check multiple lookup keys
against the table. Perhaps it would be useful to extend lookups to allow a
list of multiple keys, say:
deny
message = The mail servers for the domain $sender_address_domain \
are controlled by spammers
condition = ${lookup {${lookup dnsdb {>:a=\
${lookup dnsdb {>:mxh=\
$sender_address_domain} } } }} \
multi-lsearch {/table/of/spammers} }
> What we've done so far (and I think I've mentioned this in earlier
> discussions) is to add our local IP-based blacklist (ignore_spammers)
> to the "bogons" list that is consulted like so:
The problem with this approach is it's hard to use in testing mode, and
hard to add exemptions for contacting postmaster@.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
