[exim] deny or discard based on connecting host

Top Page
Delete this message
Reply to this message
Author: Bill Moseley
Date:  
To: exim-users
Subject: [exim] deny or discard based on connecting host
I have a policy ACL that can deny messages -- e.g. for spam, virus,
attachment reasons, etc.

The problem is with mailing list providers that disable accounts due
to rejected (bouncing) messages.

Specifically, Yahoo Groups will disable a list member due to bouncing
without sending out a probe first (like many other mailing lists do).
(Also, it seems like Yahoo doesn't clear their bounce history after
resetting the address, either, so the address goes in to "bouncing"
status again very soon).

I don't want to whitelist Yahoo Groups -- I shouldn't have to change
my polices for accepting mail based on their setup. So, I've set up
an ACL to "discard" rejected mail from specific hosts. I'm not a fan
of discarding mail like this, but I'm not sure of a better approach.

So, I set up two ACLs:

    # Discard rejected messages from specific hosts


    discard hosts       = ${if exists{DISCARD_REJECT_HOST}\
                            {DISCARD_REJECT_HOST}{}}
            !acl        = acl_content_policy_check
            log_message = message $message_id from $sender_host_address rejected due to policy, but blackholed.


    # Otherwise, deny


    deny    !acl        = acl_content_policy_check



1) Is that the way to select deny or discard based on
a condition? I have to use two ACLs since I'm using two verbs,
correct?


2) acl_content_policy_check does a spam check -- it seems from debugging
that the result is cached so I'm not hitting spamd twice. Is that
correct? Doesn't seem like the result from the
acl_content_policy_check is cached, though, as the debug output shows
the acls being processed twice (for listed hosts that pass all policy
checks).


3) The above setup means I need to know the hosts that will be
delivering, say, Yahoo's mail. Is there a better way to determine
that the connecting host is a host that is allowed to send Yahoo's
mail? Seems like it will be hard to know ahead of time what hosts
will be sending mail.


Finally, I'm not missing something obvious? -- like a 500 rejection
error code that says "message rejected due to content -- other mail
might just go through fine! So, don't consider this address
bouncing.."


Thanks,



--
Bill Moseley
moseley@???