On Wednesday 11 January 2006 08:39 am, Giuliano Gavazzi wrote:
> On 11 Jan 2006, at 15:18, Bradley Walker wrote:
> > domainlist local_domains = lsearch;/etc/virtual/domains
> > domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
>
> mmm, relay_domains is local_domains + localhost? Do you *relay* for
> localhost??
I think we do... The exim.conf file was written specifically for use in
a webhosting environment (DirectAdmin). We don't control how
webhosting clients inject mail from the server. If they inject using
the sendmail alias we're not relaying their email. But if they inject
using smtp, I believe exim sees it as relaying.
I'd appreciate clarification from anyone who has better insight. Dr
Hazel?
> Honestly, I do not see the reason for this relay_domains at all (and
>
> related acls),
I've just looked over the acls, and from my point of view they're
required. Can you show me specific ones that aren't, and explain why
the same action occurs without them? I've only been using exim about
three years, and I'm certainly willing to learn.
> in particular since your dnslookup router reads:
> > lookuphost:
> > driver = dnslookup
> > domains = ! +local_domains
>
> what happens when someone submits an email for user@localhost then?
My mind is drawing a blank right now <frown>. Do you mean specifically
"@localhost" as a literal? Something that resolves to 127.0.0.1? Or
something that resolves to any IP# on the server?
> For the rcpt acl:
> > accept senders = +whitelist_senders
>
> isn't this an narrow-open relay? (it relays anything from whitelisted
> senders)
> You need a
>
> domains = +local_domains
The purpose of whitelist_senders is for whitelist specific senders that
may be on servers otherwise blacklisted. It's a list that must be
added to manually. For example when people visit that (admittedly
non-existent for this particular server)
http://www.modemnet.net/spam/
page, they see instructions on how to get whitelisted, and the
postmaster will then vet the email address, and if acceptable, will add
it to whitelist_senders.
Do you see a problem with it that I don't? Please teach me.
> > deny message = Email blocked by SPAMHAUS - to unblock see
> > http://www.modemnet.net/spam/
> > # only for domains that do want to be tested against RBLs
> > domains = +use_rbl_domains
> > dnslists = sbl.spamhaus.org
>
> I think that for many of these lists you are required to return their
> error messages, which is in the TXT DNS record.
I'm not sure what you mean by "required". I'm drawing a complete blank.
What we return is a reader-friendly message directing the sender to a
page where the problem is explained.
> > deny message = Email blocked by SPAMCOP - to unblock see
> > http://www.modemnet.net/spam/
> > hosts = !+relay_hosts
> > domains = +use_rbl_domains
> > !authenticated = *
> > dnslists = bl.spamcop.net
>
> authenticated connections should have been accepted long ago (and
> instead you accept them down the acl).
Bradley left out a comment right above the SPAMCOP-block. It would have
explained why I'm checking for authentication here:
<snip>
# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
# and for authenticated users
</snip>
We made an arbitrary decision to block unconditionally, even for our own
senders, for some blocklists, but not for others.
> These were just some comments, it does not mean that the rest is
> fine.
Thanks very much; I appreciate your help.
Jeff
--
Jeff Lasman, Nobaloney Internet Services
1254 So Waterman Ave., Suite 50, San Bernardino, CA 92408
Our blists address used on lists is for list email only
Phone +1 909 266-9209, or see: "
http://www.nobaloney.net/contactus.html"