On Sat, 6 Dec 2008, Randy Bush wrote:
| please explain why
|
| accept !hosts = *.yahoo.com
|
| accepts the following spam
|
| 2008-12-06 02:43:59 1L8n9A-000H6D-V3 <= tequilamockingbird1957@???
| H=([220.194.0.165]) [220.194.0.165] P=esmtp S=835
| id=4f119e23$517da2fb$0ec21d85@tequilamockingbird1957
|
| what am i not understanding?
The ACL statement:
accept !hosts = *.yahoo.com
means "accept, where the two-way lookup DNS hostname for the connecting IP
did NOT match *.yahoo.com". In other words, this lets in almost the
entire Internet, including anything and everything that's not properly
DNS-registered (such as the IP in the above log snippet). Only real yahoo
servers will not match - in which case processing will continue to the
next ACL statement.
I'm not sure why you'd want to do such a thing on a production system
(or anything other than a spamtrap). The advice I gave previously was
intended for your orig query relating to a "drop" ACL statement, blocking
hosts listed in various blacklists. You simply wanted a method of
excluding yahoo / google servers, which seemed very sensible.
So instead of:
drop
!dnslists = list.dnswl.org
dnslists = dialups.mail-abuse.org \
: rbl-plus.mail-abuse.org \
: qil.mail-abuse.com
you would want:
drop
!hosts = *.yahoo.com
!dnslists = list.dnswl.org
dnslists = dialups.mail-abuse.org \
: rbl-plus.mail-abuse.org \
: qil.mail-abuse.com
I'm not sure where the "accept" came from.
Note that it's very unlikely you really need to resort to a messy
"condition ... if match ... $sender_host_name". I bet a simple and
elegant "!hosts = ..." will be fine.
Hope that makes (some) sense.
Chris
