[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exclude IP or mailserver name from rbl lookup

To: "Daryle A. Tilroe" <daryle@micralyne.com>
Subject: Re: Exclude IP or mailserver name from rbl lookup
From: Matti Aarnio <mea@nic.funet.fi>
Date: Fri, 2 May 2003 19:54:39 +0300
Cc: zmailer@nic.funet.fi
In-Reply-To: <3EB28B65.3000907@micralyne.com>; from daryle@micralyne.com on Fri, May 02, 2003 at 09:14:45AM -0600
Original-Recipient: rfc822;"|/home/httpd/zmailer/html/mhalist/input.sh"
References: <NBBBKPODAGKMCHCPIADOOEJPLCAA.Neal@Morgan-Systems.com> <3EB17BC5.4000701@micralyne.com> <20030502102352.F20088@nic.funet.fi> <3EB28B65.3000907@micralyne.com>
Sender: zmailer-owner@nic.funet.fi

On Fri, May 02, 2003 at 09:14:45AM -0600, Daryle A. Tilroe wrote:
> Matti Aarnio wrote:
> > I usually list my priority serviced customer networks/hosts
> > with IP address/net literals in   smtp-policy.relay   file.
> > Those will never get RBL lookups.  Often they don't get
> > any other verifications either.
> 
> I initially thought of this but for my problem, excluding
> a customer's mta from blacklist lookup, it is not the
> correct solution.  I do not want to allow them to relay
> through us.

Right.  If I were you, I would:

a) use third RBL variant:

  #| Third RBL variant: Late block with RBL+DUL+RSS
  _rbl0          rcpt-dns-rbl      +:.....
  _rbl1          test-rcpt-dns-rbl +

b) Build another aliases:

  _default_ip_norbl   relaycustomer - acceptifmx - senderokwithdns +

which is straight copy from  "[0.0.0.0]/0"  label entry without
its "= _rbl0" suffix.

Then put

  [1.2.3.0]/24  = _default_ip_norbl

address labels into   smtp-policy.relay(.manual)  file.

The trick is, that "=" refrerral operator is not recursive!
That is, items following it in produced database will be ignored:

  [1.2.3.0]/24 = _default_ip_norbl = _full_rights

That "_full_rights" 'macro' won't have effect at all.
(Consider '=' as "jump", the result is that a global buffer
 gets overwritten in the interpreter, and there is nowhere
 to return to...)

>  In this particular instance it probably was
> not a big hole but consider the case where a person might
> want to exclude a large ISP block from RBL lookups because
> they have temporarily got them selves on, say, the spamcop
> blacklist.  I do not want to create a large open relay for
> all their customers just to make sure I get email from them
> while they get off the blacklist.
> 
> Daryle A. Tilroe

-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

References:
- RE: rough zmailer treatment on .forward expansion
  - From: "Neal Morgan" <Neal@Morgan-Systems.com>
- Exclude IP or mailserver name from rbl lookup
  - From: "Daryle A. Tilroe" <daryle@micralyne.com>
- Re: Exclude IP or mailserver name from rbl lookup
  - From: Matti Aarnio <mea@nic.funet.fi>
- Re: Exclude IP or mailserver name from rbl lookup
  - From: "Daryle A. Tilroe" <daryle@micralyne.com>

Prev by Date: Re: Exclude IP or mailserver name from rbl lookup
Next by Date: Re: eliminating unbracketed numeric HELO/EHLO 's
Prev by thread: Re: Exclude IP or mailserver name from rbl lookup
Next by thread: utils/perl/Makefile.in
Index(es):
- Date
- Thread