I didn't configure this setup rather the rbl was implemented by one of my
ex-employees. Frankly, I've doubts about many of the options he configured.
For example, whitelisting a domain should be good enough then why there
are two more options (ip & email) for whitelisting. I could be wrong
though.
I got hold of him today about this configuration and he told me that he
just
followed the guideline from ev1's forum & tutorial from rvskin. I already
found both of them:
http://forum.ev1servers.net/showthread.php?t=34689
http://www.rvskin.com/index.php?page=public/antispam
The tutorial from rvskin was written meticulously but I'm not very
satisfied.
So, I've been trying to go through all the exim documentation to implement
a
good solution. RBL can not be a good solution, if I can not whitelist the
desired IPs. I believe that the following strangas:
accept domains = +local_domains
local_parts = postmaster:abuse
!hosts = @[]
!authenticated = *
supposed to achieve - (1) accept all emails in postmaster & abuse, (2)
accept
authenticated users. But I don't understand the meaning of '!hosts = @[]'.
I
hope that someone can shed some light on it. I changed this strangas with
the
following though:
deny local_parts = ^.*[@%!/|]
accept local_parts = postmaster:abuse
accept hosts = 127.0.0.1:+relay_hosts
accept authenticated = *
I'm not sure if I'm doing it right but it's working and my clients can send
emails. However, I still couldn't figure out how to bypass the DNS check of
some trusted senders. None of them have rDNS configured or have no A
record in the PTR or listed in the spam database but my clients wants
emails
from these guys. So, I'm still running few experiments and of course going
through the documentation of exim as well we this huge mailing list. But so
far - I couldn't find anything. Can you give me some lead on this...
Thank you once again for all your cooperation...
Khalid
----- Original Message -----
From: "Mark Smith" <exim-users@???>
To: <exim-users@???>
Sent: Wednesday, July 13, 2005 11:20 PM
Subject: RE: [exim] how to stop exim from reverse lookup check
fortrustedIPs...
|
|
| > -----Original Message-----
| > From: KHALID SHAWKAT [mailto:iquest@bellsouth.net]
| > Sent: 14 July 2005 04:59
| > To: Mark Smith; exim-users@???
| > Subject: Re: [exim] how to stop exim from reverse lookup
| > check for trustedIPs...
| >
| > Thank you Mark. I did comment out the line "require verify
| > reverse_host_lookup" and move "!authenticated = *" just after
| > "local_parts = postmaster:abuse" but still the result is
| > same. Yes, my clients has been trying to use my mail server
| > and they can send mail comfortably using a different ISP.
| > None of them can send email with their own ISPs and the IP
| > addresses of those ISPs does not have any PTR record or 'A'
| > record in PTR.
| > They both can send emails though - if I disable the option
| > "Verify the existance of email senders" from WHM/cPanel. Some
| > of their partners can not send email even though they are in
| > the whitelist. I checked that the guys, who can not send
| > email have some issues with PTR record. I think that the
| > problem is with that WHM option since I tried with default
| > exim config setup with the same result. Do you've any
| > suggestion how to make these IPs in a trusted list even
| > before the option (Verify the existance of email senders)
| > start checking for rDNS?
|
| I find this rather strange, as I actually copied your exim.conf and tried
| running it with the IPs you listed. The place where they got rejected was
at
| the reverse lookup, and after taking that out, both IPs were accepted.
|
| As far as I know, the only thing WHM's "Verify the existence of email
| senders" option does is to add "require verify = sender" to the RCPT ACL
and
| "require verify = header_sender" to the DATA ACL, and your users are
being
| rejected before Exim even gets to those points.
|
| You shouldn't need to put local users in a trusted list. You need to have
an
| "accept authenticated = *" line in the RCPT ACL that comes before you do
all
| the RBL and lookup tests.
|
| I don't understand what this stanza is supposed to achieve:
|
| accept
| domains = +local_domains
| local_parts = postmaster:abuse
| !hosts = @[]
| !authenticated = *
|
| Why do you not want to accept mail to postmaster from authenticated
users?
|
| - Mark
|
|
|
|