Re: Re[2]: [exim] Whitelisting for rDNS-check

Etusivu
Tämä viesti kuuluu seuraavaan säikeeseen:
MNäytä säikeen viestit aikajärjestyksessä
Muser therion <-
MMarc Sherman ->
Poista viesti
Vastaa
Lähettäjä: user therion
Päiväys:  
Vastaanottaja: Exim Users
Aihe: Re: Re[2]: [exim] Whitelisting for rDNS-check
Ok,
I hope I understand it correct. here the relevant
parts(I hope) of my config:

#MAIN
hostlist relay_from_hosts = 127.0.0.1 : 192.168.4.0/24
: 192.168.10.0/24
hostlist friends_with_broken_mx =
/etc/exim/friends_with_broken_mx
...
helo_try_verify_hosts = *
...
#ACL
acl_check_rcpt:
accept hosts = :
#Deny Hosts without rDNS/only mark message,deny later
via exim.filter-file! 

warn message = Broken Reverse DNS -  no host name
found for IP address $sender_host_address
     !verify = reverse_host_lookup
     condition =
     hosts = !+relay_from_hosts :
!lsearch;/etc/exim/friends_with_broken_mx
#---------------------
accept  hosts         = +relay_from_hosts


accept  domains       = +local_domains
          endpass
          verify        = recipient
....
##########################################################


Is it correct or do you have any suggestions?

another syntax question, whats the difference between
these 2 configs, are they identical???

1)
hostlist friends_with_broken_mx =
/etc/exim/friends_with_broken_mx
#in ACL
hosts = !lsearch;/etc/exim/friends_with_broken_mx

2)
hostlist friends_with_broken_mx =
lsearch;/etc/exim/friends_with_broken_mx
#in ACL
!hosts = /etc/exim/friends_with_broken_mx


thx for your help




















-----------------------------------------------------------------------
On 15 Dec 2005, at 09:28, Êîâàëåíêî Èâàí wrote:

> Yeah, thats it.
>

I wouldn't say so:

> But for your goals it can be more suitable to use it
in hostlist.
> ut> hello,
> ut> you mean this?!
>
>
> ut> ###############################
> ut> acl_check_rcpt
> ut> # Deny Hosts without reverse DNS
> ut> warn message = Broken Reverse DNS - no host
name
> ut> found for IP address $sender_host_address
> ut>      hosts = !+relay_from_hosts
> ut>      !verify = reverse_host_lookup


this does not do what it says, that is, it does not
deny. 

> ut>      accept condition =
> ut> ${lookup{$sender_address}lsearch{/etc/exim/
friends_with_broken_mx}{1}{}}
> ut> ################################
>

and if this one ends here, it might make your server a
partially open relay. Unless your
friends_with_broken_mx are also hosts you want to
relay from, it is missing two things:

domains = +local_domains
verify = recipient

but this is better accomplished by adding it as a
negative condition to the corresponding deny rule.
Leave the accept alone and instead have 

deny    message = Broken Reverse DNS -  no host name
    condition =
        hosts =
!lsearch;/etc/exim/friends_with_broken_mx
    [the broken rDNS check]


(not checked!)

Also, if a "friend" has got a badly configured mx, I
would want to check that it cannot also be a source
of virus, relay or not relay.

Oh, your MUA seems to be setting the wrong encoding
for your name, it is
?ISO-8859-1?B?yu7i4Ovl7eruIMji4O0=?=, but I presume it
should be ISO-8859-5.

Giuliano


    
        
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de


Viesti on lähetetty seuraaville postituslistoille:
Exim-users
Tietoa listasta | Läheiset viestit		<-[exim] Exim reject logRe: [exim] how to detect if address aliased?->
Tahini and Hummus and Cumin Development Archives ylläpitäjä cumin AdminsLurker (versio 2.3)