Re: Re[2]: [exim] Whitelisting for rDNS-check

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: kig
CC: Exim Users, user therion
Subject: Re: Re[2]: [exim] Whitelisting for rDNS-check

On 15 Dec 2005, at 09:28, Êîâàëåíêî Èâàí wrote:

> Yeah, thats it.
>


I wouldn't say so:

> But for your goals it can be more suitable to use it in hostlist.
> ut> hello,
> ut> you mean this?!
>
>
> ut> ###############################
> ut> acl_check_rcpt
> ut> # Deny Hosts without reverse DNS
> ut> warn message = Broken Reverse DNS -  no host name
> ut> found for IP address $sender_host_address
> ut>      hosts = !+relay_from_hosts
> ut>      !verify = reverse_host_lookup


this does not do what it says, that is, it does not deny.

> ut>      accept condition =
> ut> ${lookup{$sender_address}lsearch{/etc/exim/ 
> friends_with_broken_mx}{1}{}}
> ut> ################################

>


and if this one ends here, it might make your server a partially open
relay. Unless your friends_with_broken_mx are also hosts you want to
relay from, it is missing two things:

domains = +local_domains
verify = recipient

but this is better accomplished by adding it as a negative condition
to the corresponding deny rule. Leave the accept alone and instead have

deny    message = Broken Reverse DNS -  no host name
    condition =
        hosts = !lsearch;/etc/exim/friends_with_broken_mx
    [the broken rDNS check]


(not checked!)

Also, if a "friend" has got a badly configured mx, I would want to
check that it cannot also be a source of virus, relay or not relay.

Oh, your MUA seems to be setting the wrong encoding for your name, it
is ?ISO-8859-1?B?yu7i4Ovl7eruIMji4O0=?=, but I presume it should be
ISO-8859-5.

Giuliano