On 15 Dec 2005, at 09:28, Êîâàëåíêî Èâàí wrote:
> Yeah, thats it.
>
I wouldn't say so:
> But for your goals it can be more suitable to use it in hostlist.
> ut> hello,
> ut> you mean this?!
>
>
> ut> ###############################
> ut> acl_check_rcpt
> ut> # Deny Hosts without reverse DNS
> ut> warn message = Broken Reverse DNS - no host name
> ut> found for IP address $sender_host_address
> ut> hosts = !+relay_from_hosts
> ut> !verify = reverse_host_lookup
this does not do what it says, that is, it does not deny.
> ut> accept condition =
> ut> ${lookup{$sender_address}lsearch{/etc/exim/
> friends_with_broken_mx}{1}{}}
> ut> ################################
>
and if this one ends here, it might make your server a partially open
relay. Unless your friends_with_broken_mx are also hosts you want to
relay from, it is missing two things:
domains = +local_domains
verify = recipient
but this is better accomplished by adding it as a negative condition
to the corresponding deny rule. Leave the accept alone and instead have
deny message = Broken Reverse DNS - no host name
condition =
hosts = !lsearch;/etc/exim/friends_with_broken_mx
[the broken rDNS check]
(not checked!)
Also, if a "friend" has got a badly configured mx, I would want to
check that it cannot also be a source of virus, relay or not relay.
Oh, your MUA seems to be setting the wrong encoding for your name, it
is ?ISO-8859-1?B?yu7i4Ovl7eruIMji4O0=?=, but I presume it should be
ISO-8859-5.
Giuliano
