Re: [exim] omit sender verification to certain IPs - possibl…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ted Cooper [Exim-users]
Date:  
À: exim-users
Sujet: Re: [exim] omit sender verification to certain IPs - possible?
On Wed, 22 Apr 2009 09:01:38 +0200, Heiko Schlittermann
<hs@???> wrote:
> Mike Cardwell <exim-users@???> (Mi 22 Apr 2009 00:18:54
> CEST):
>> Heiko Schlittermann wrote:
>> > It depends on your ACL configuration. Always you can emply the
>> > $sender_host_address variable. Or you can use the 'hosts = ..' ACL
>> > item.
>>
>> Your suggestion doesn't work. The IP of the connecting host is
>> irrelevant. It's the IP that a sender callout would connect back to that


>> is relevant.
>
> True. You're right. (You told me what I'm telling other people, normally
> ...) Sorry for the noice. I should think twice before sending :-/


On that note, perhaps whitelisting based on domain is more sensible that
whitelisting based on IP addresses or a DNS lookup of the MX records.
Surely if one MX of a domain is taking assertive action against callouts,
then all of the other MX will too.

In regards to doing callouts - I don't use them except on suspect
yahoo|hotmail|aol|lycos|msn|gmail emails, such as those that don't come
from their own mail servers. For all other cases, either RDNS, HELO,
greylist, not-quit, or spamhaus has already taken care of them and those
that make it past that get killed off by header checks or SA. The wishy
washy answer of a callout - account does not exist on this server vs
account may exist on this server - just isn't that useful.

Callouts are also a listing criteria for ips.backscatterer.org which is a
bit of pain since I use that to get rid of the damn Russian servers that
insist on accepting emails pretending to be me even though I have SPF
records and then bounce the result back to me when they can't be delivered.

--
The Exim Manual
http://www.exim.org/docs.html
http://docs.exim.org/current/