[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blacklist usage in zmailer

Matti Aarnio <mea@nic.funet.fi> wrote:
> On Thu, Aug 29, 2002 at 11:13:47AM -0300, Rik van Riel wrote:
> > On Tue, 27 Aug 2002, Mike Acar wrote:
> > > Some time ago we started using various anti-spam blacklists
> > > 
> > > I'd like to be able to make exceptions for mail destined to
> > > particular addresses (e.g. our sales mailbox) or from certain servers.
> > 
> > I'd also like to be able to do something like this. To be
> > more specific, I _always_ want to accept email to abuse@
> > and postmaster@ addresses, while filtering email to the
> > other addresses with DNSBLs.
>   This is quite easy.  You list all addresses you wish always
>   to relay to at the  smtp-policy.relay(.manual)  file.
>   On the other hand, if you are already working with DELAYED
>   RBL model, e.g. using "TestRcptDnsRBL", then the current
>   code is just fine.

Ok, I think I've gotten what I want more-or-less working, but given my
lack of experience with zmailer I'd like the group's opinion of this
simplified smtp-policy.src:


.               relaycustomer - acceptifmx - relaytarget - = _rbl0
[]/0     relaycustomer - acceptifmx - relaytarget - = _rbl0 

_rbl0           rcpt-dns-rbl    our.test.dnsbl.zone. = _rbl1
_rbl1           test-rcpt-dns-rbl       +

_full_rights    rejectnet - relaycustnet + relaycustomer + relaytarget + fulltrustnet +
_localnames     rejectnet - relaycustnet - localdomain + relaytarget + test-rcpt-dns-rbl +

[our network]   = _full_rights


I put an address into our test DNSBL zone and used smtpserver -i -T
'[address]' to test it. Mail to addresses listed in
smtp-policy.relay.manual still receive mail, though mail to other
addresses is rejected. Yippee! :)

I suppose I could actually discard the _rbl0 and _rbl1 tags and just
list the rcpt-dns-rbl and test-rcpt-dns-rbl attributes for the default

However, we have quite a number of domains in our localnames file, and
unless I added "test-rcpt-dns-rbl +" to _localnames mail to any address
with a domain which is a local name was accepted. Is adding
"test-rcpt-dns-rbl +" likely to cause any problems? Or is it too
site-specific to say in the general case?

Any other thoughts? Thanks for your input.

Brilliance and gorgeousness                        |   Mike Acar
And we tell ourselves we don't want the treasures  |   mike@trolltech.com
But we hate the glass anyway                       |
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi