Re: [exim] RBL check - can modify Subject?

Top Page
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: exim-users
Subject: Re: [exim] RBL check - can modify Subject?
* on the Wed, Feb 14, 2007 at 11:14:39AM +0000, Oliver Howe wrote:

>> Unless you're content to outsource the whole of your blocking policy
>> to perhaps multiple third-parties, it's sensible to have a whitelist
>> facility for just this kind of circumstance, which will bypass one or
>> more DNSBL checks for a list of sending IPs, or SPF-pass or
>> Domainkeys-pass sending domains.
> i'll look into it. thanks again.


Another good whitelist method is on $sender_host_name. If the A record
of the PTR of the connecting host matches the IP address, then
$sender_host_name contains the ptr. Eg, with the config below, any email
originating from a gmail host (amongst several other large services)
wont get looked up

warn !condition = ${if
match_domain{$sender_host_name}{*.google.com:*.hotmail.com:*.msn.com:*.lycos.com:*.yahoo.com}}
     dnslists   = dnsbl.sorbs.net


This is because 64.233.184.225 resolves to wr-out-0506.google.com which
resolves back to 64.233.184.225, and wr-out-0506.google.com matches
*.google.com.

Also. dnsbl.sorbs.net contains 12 separate lists. You might want to
check out http://www.de.sorbs.net/using.shtml to read the listing
policies and fine tune which of those lists you actually want to
use. For example, the IP in your example is listed on
recent.spam.dnsbl.sorbs.net and old.spam.dnsbl.sorbs.net...

This means, that you rejected the email because that gmail host sent
spam/UCE/UBE to the admins of SORBS within the last *year*. Do you
really want to reject email from hosts that might have sent a spam 12
months ago? That's the way your current setup is working...

Mike