[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blacklist usage in zmailer

To: zmailer@nic.funet.fi
Subject: Re: Blacklist usage in zmailer
From: Mike Acar <mike@trolltech.com>
Date: Mon, 02 Sep 2002 19:49:08 +0200
In-Reply-To: Message from Matti Aarnio <mea@nic.funet.fi> of "Thu, 29 Aug 2002 22:00:43 +0300." <20020829220043.A26957@nic.funet.fi>
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
Sender: zmailer-owner@nic.funet.fi

Matti Aarnio <mea@nic.funet.fi> wrote:
> On Thu, Aug 29, 2002 at 11:13:47AM -0300, Rik van Riel wrote:
> > On Tue, 27 Aug 2002, Mike Acar wrote:
> > > Some time ago we started using various anti-spam blacklists
> > > 
> > > I'd like to be able to make exceptions for mail destined to
> > > particular addresses (e.g. our sales mailbox) or from certain servers.
> > 
> > I'd also like to be able to do something like this. To be
> > more specific, I _always_ want to accept email to abuse@
> > and postmaster@ addresses, while filtering email to the
> > other addresses with DNSBLs.
[...]
>   This is quite easy.  You list all addresses you wish always
>   to relay to at the  smtp-policy.relay(.manual)  file.
[...]
>   On the other hand, if you are already working with DELAYED
>   RBL model, e.g. using "TestRcptDnsRBL", then the current
>   code is just fine.

Ok, I think I've gotten what I want more-or-less working, but given my
lack of experience with zmailer I'd like the group's opinion of this
simplified smtp-policy.src:

-begin-

.               relaycustomer - acceptifmx - relaytarget - = _rbl0
[0.0.0.0]/0     relaycustomer - acceptifmx - relaytarget - = _rbl0 

_rbl0           rcpt-dns-rbl    our.test.dnsbl.zone. = _rbl1
_rbl1           test-rcpt-dns-rbl       +

_full_rights    rejectnet - relaycustnet + relaycustomer + relaytarget + fulltrustnet +
_localnames     rejectnet - relaycustnet - localdomain + relaytarget + test-rcpt-dns-rbl +

[our network]   = _full_rights

-end-

I put an address into our test DNSBL zone and used smtpserver -i -T
'[address]' to test it. Mail to addresses listed in
smtp-policy.relay.manual still receive mail, though mail to other
addresses is rejected. Yippee! :)

I suppose I could actually discard the _rbl0 and _rbl1 tags and just
list the rcpt-dns-rbl and test-rcpt-dns-rbl attributes for the default
keys.

However, we have quite a number of domains in our localnames file, and
unless I added "test-rcpt-dns-rbl +" to _localnames mail to any address
with a domain which is a local name was accepted. Is adding
"test-rcpt-dns-rbl +" likely to cause any problems? Or is it too
site-specific to say in the general case?

Any other thoughts? Thanks for your input.

-- 
Brilliance and gorgeousness                        |   Mike Acar
And we tell ourselves we don't want the treasures  |   mike@trolltech.com
But we hate the glass anyway                       |
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

Prev by Date: Re: Force independent smtp delivery sessions?
Next by Date: Blacklisted hopes not blocked if listing not accompanied by a message
Prev by thread: Re: Blacklist usage in zmailer
Next by thread: maildir TA
Index(es):
- Date
- Thread