On 11 Jan 2006, at 15:18, Bradley Walker wrote:
> domainlist local_domains = lsearch;/etc/virtual/domains
> domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
mmm, relay_domains is local_domains + localhost? Do you *relay* for
localhost??
Honestly, I do not see the reason for this relay_domains at all (and
related acls), in particular since your dnslookup router reads:
> lookuphost:
> driver = dnslookup
> domains = ! +local_domains
what happens when someone submits an email for user@localhost then?
For the rcpt acl:
> accept senders = +whitelist_senders
isn't this an narrow-open relay? (it relays anything from whitelisted
senders)
You need a
domains = +local_domains
> deny message = Email blocked by SPAMHAUS - to unblock see
> http://www.modemnet.net/spam/
> # only for domains that do want to be tested against RBLs
> domains = +use_rbl_domains
> dnslists = sbl.spamhaus.org
I think that for many of these lists you are required to return their
error messages, which is in the TXT DNS record.
>
> deny message = Email blocked by SPAMCOP - to unblock see
> http://www.modemnet.net/spam/
> hosts = !+relay_hosts
> domains = +use_rbl_domains
> !authenticated = *
> dnslists = bl.spamcop.net
>
authenticated connections should have been accepted long ago (and
instead you accept them down the acl).
These were just some comments, it does not mean that the rest is fine.
g