Re: [exim] DNS based host name Whitelists

On 6/22/06 9:08 AM, "Marc Perkel" <marc@???> wrote:

> Then - I'm also working on the idea of a second white list of hosts that
> should never b accidentally blacklisted. The idea here is to prevent
> hosts that send some spam, yahoo.com, earthlink.net, from ending up in a
> blacklist. This will make it so that the blacklists have less falso
> positives.

Our whitelist prevents
1. Use of greylisting for whitelisted "things" (the original goal)
2. Use of our local block list for whitelisted things
3. Use of the DNS-based block list we use
4. Certain other blocking situations.

I quoted "things" in number 1 because while hosts can be listed, so can the
containing /24 subnets, also sender addresses and recipient addresses, in
any reasonable combination (or unreasonable...it is possible but useless to
list both a host address and its /24 subnet).

We for instance have about 20 or so sender/recipient pairs where the sender
uses the otherwise firmly-blocked Tiscali* empire servers, for instance (I
have to extend those blocks before the end of June, or we'll get inundated
again). (*I was surprised the other day to find some of Tiscali in New
Jersey, USA. More blocking.)

Another way to be whitelisted is for the sender address domain to be on our
(currently short) list of "trusted" SPF publisher domains, and have the MAIL
FROM: address pass SPF. (The other use we make of SPF is to add spam points
for failing SPF for domains in the same trusted list.)

Exim ACL code does some of this; our greylisting Python daemon does some of
it.

--John