Re: [exim] Replicated Mailbox Lists SOLVED

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: schmerold2@gmail.com
CC: exim-users
Subject: Re: [exim] Replicated Mailbox Lists SOLVED
On Wed, Apr 30, 2014 at 11:06 PM, schmerold2@???
<schmerold2@???> wrote:
> We are using Exim servers as a filter for a cPanel host.
>

<snip>
>
> 4) Line 3 of acl_check_rcpt performs the magic
> acl_check_rcpt:
> accept hosts = lsearch;/etc/exim/whitelist
> accept hosts = :
> require recipients = lsearch;/etc/exim/getAllEmail.txt
> deny local_parts = ^.*[@%!/|] : ^\\.
>
>   deny message   = HELO Policy Restriction: HELO is not an FQDN.
>      condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
>      condition = ${if match{$sender_helo_name}{\N[^.]\N}{no}{yes}}

>
>   deny message = rejected because $sender_host_address is in a black list at
> $dnslist_domain\n$dnslist_text
>      dnslists =
> zen.spamhaus.org/<;$sender_host_address;$sender_address_domain :\
>        bl.spameatingmonkey.net : bl.mailspike.net : dnsbl.sorbs.net :
> b.barracudacentral.org : bb.barracudacentral.org : psbl.surriel.com : \
>        cidr.bl.mcafee.com : hostkarma.junkemailfilter.com=127.0.0.2


The above all looks good.

I would consider and discuss some potential changes below. Call the
following stanza 1:

>   accept domains = +relay_to_domains
>          endpass
>          message = relay not permitted at this server
>          verify = recipient


And this is stanza 2:

> accept hosts = +relay_from_hosts


And this is stanza 3:

>   deny message = REJECTED - Sender Verify Failed and no RDNS
>        !verify = reverse_host_lookup
>        !verify = sender/callout=2m,defer_ok
>        !senders = +whitelist_senders
>        !condition =  ${if eq{$sender_verify_failure}{}}


I would consider reordering them to be 3 then 1 then 2, because
otherwise you will never do the sender verify for locally generated
emails (stanza 2). Whether stanza 1 has much impact really depends on
what you have for +relay_to_domains (on my system, it's empty because
I relay based on valid recipient, local/known ip ranges, and smtp
authenticated session). I will however, caution you that doing sender
callouts can be considered abusive by some, so it may be that you are
actually helping your reputation by less frequently performing the
sender callouts.

...Todd

--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine