On Mon, Dec 8, 2008 at 7:05 AM, Randy Bush <randy@???> wrote:
> i got into this because one can not maintain good ip lists because goog,
> yahoo, et alia keep adding servers but not putting them in places such
> as dnswl.org.
Randy,
On my MX with Exim, I follow the example configure file's methodology
- reject for various reasons and if you get to the end, accept. I do a
lot of source filtering so that works out great for me. Whitelisting
means put an appropriate accept before any denys.
I've had to whitelist certain IPs in the past because they didn't have
rDNS or some other issue. Based on how I whitelist IPs at the server
level, you may be able to do something like this to whitelist all
Yahoo.
accept hosts = *.yahoo.com
sender_domains = yahoo.com
domains = +local_domains # make sure you're not an open relay
verify = recipient # don't accept mail to invalid users
All of the above conditions must be true for the ACL to accept the
message so if a Yahoo server were to send you an email to someone you
don't MX for, that ACL would not accept it.
I'd not use such an ACL on my setup, however. I get a good amount of
spam from Yahoo (most likely a spammer using Yahoo Mail and not Yahoo
itself spamming me). YMMV.
--
HTH, YMMV, HANW :)
Jason
The path to enlightenment is /usr/bin/enlightenment.
