[exim-dev] re Bug 428 and auto-whitelisting

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Dave Lugo
Date:  
To: exim-dev
Subject: [exim-dev] re Bug 428 and auto-whitelisting

First, let me apologize for not trying to figure this out first
without adding to a closed bug report - I was just really stuck!


A few weeks ago, I had mentioned the desire to be able to auto-add
whitelist entries, based on outbound mail from local users to external
domains.

ie: joe@mydomain sends to bob@???, which WLs mail from bob@???
to joe@mydomain.

Marc Perkel suggested I take a look at the rate limiting stuff. I
did, but actually doing the work, I put off until both noupdate was
available, and I had more time to look at it (which ended up being this
weekend).


This seems to work well for autowhitelisting:

In the rcpt_acl, for the accept stanzas that handle local mail
to non-local domains, this is added: 

  ratelimit     = 0 / 52w / per_cmd / strict / ${lc:$sender_address:$local_part@$domain}



In the rcpt acl, for email from non-local domains to local domains, this
is added before dnsbl and similar acl checks: 

  warn ratelimit  = 0 / 52w / per_cmd / strict / noupdate / ${lc:$local_part@$domain:$sender_address}
       set acl_m7 = $sender_rate


  accept condition = ${if >={${sg{$acl_m7}{[.].*}{}}}{1}}
        add_header = X-Whitelisted: Auto


(I probably could have done the two stanzas above in one, but this
is what I ended up with after pulling my temp logging statements, etc). 


The above is just a proof-of-concept. I may end up shrinking the period,
and using exim_dumpdb and a shell script to populate the already-existing
per-user whitelists.    (since losing the ratelimit db during an upgrade
has been mentioned in the bug's comments)


Thoughts? Worth putting in the wiki? (I'll post it in exim-users
if it's not premature, considering that 4.68 isn't out yet).

Btw - I'm very impressed with ratelimit, and plan to use it for
actual ratelimiting purposes, on internal relay boxes I'm building
at work.

Thanks,

Dave 

-- 
--------------------------------------------------------
Dave Lugo   dlugo@???    LC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.
--------------------------------------------------------
Are you the police?  . . . .  No ma'am, we're sysadmins.


This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 467] SPF checking doesn't fallback to HELO with null senderRe: [exim-dev] Autoconf - Please don't->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)