Re: [exim] Verifying that Spamhaus is working within Exim

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: Alex Carver
CC: exim-users
Sujet: Re: [exim] Verifying that Spamhaus is working within Exim
On 2009-07-12 at 14:31 -0700, Alex Carver wrote:
> New question: Now that I reconfigured and reinserted support for Spamhaus, I haven't seen Exim block an email even though I've seen plenty of emails coming in from domains listed in zen.spamhaus.org
>
> Under acl_check_rcpt I have:
>
>   deny
>     message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslis
> t_text)
>     log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
>     dnslists = zen.spamhaus.org


Where do you have this within acl_check_rcpt?  Note that the ACL is
worked through in order, so unless you have this stanza before the bit
which goes:
  require message = relay not permitted
          domains = +local_domains : +relay_to_domains
then Exim won't get as far as checking that.


Why do you have "X-Warning: " at the start of message? It's an SMTP
refusal message, not a header, when you're in deny.

You probably also want to add some exceptions to that, such as a local
whitelist, for the times when someone you care about ends up on an RBL.
Also "!authenticated = *"; eg, my home IP is a residential cable-modem
IP and if I send mail via my colo server, I'll be using authenticated
SMTP -- if you need to support remote workers, you'll want to make sure
that they're not blocked based on source IP. (Hey, my current home IP
is on zen, [127.0.0.10]).

> Nothing shows up in the logs that any email was blocked because it's on the RBL. Here's a log example of a domain that is on the RBL but exim never blocked:
>
> 2009-07-12 13:29:54 H=118-169-198-20.dynamic.hinet.net (www.hello.com) [118.169.198.20] F=<mike87694@???> rejected RCPT <candy59839@???>: relay not permitted
> 2009-07-12 13:29:55 unexpected disconnection while reading SMTP command from 118-169-198-20.dynamic.hinet.net (www.hello.com) [118.169.198.20]
>
>
> It only failed because it was an attempt at a relay.
>
> So is there a way to double check that Exim is querying the RBL?


$ exim -d+acl -bh $bad_ip -bs
and type in raw SMTP. This is debugging with extra debugging for ACLs
turned on.

Myself, to help remote administrators debug mail delivery, I have this
in my connect ACL (amongst other things):
  accept  !dnslists = [ some local whitelist stuff ]
          dnslists = zen.spamhaus.org
          message = ${smtp_active_hostname} ESMTP - NO UCE NO UBE ${tod_log} (UTC)\n\
                    WARNING: You are on RBL $dnslist_domain: $dnslist_text\n\
                    Your mail will not be accepted unauthenticated.


The side-effect of multi-line SMTP responses causing problems for flaky
clients is a side-benefit.

-Phil