> From: John Sutton
> I would like to use a dnsbl lookup on connections to port 25
> but omit the lookup for (authenticated-only) connections to
> the MSA port 587. In this way, my roaming users/dynamicIP
> users will not get locked out. I cannot use FEATURE(delay_checks)
> because this defeats the DCC hack to disable DCC for SMTP AUTHed
> connections ;-(
What happens if you move the DNSBL checks from sendmail's FEATURE(enhdnsbl)
to dccm -B?
notes:
- see the dccm man page on your system or
http://www.dcc-servers.net/dcc/dcc-tree/dccm.html
- if you have installed a recent version of dccm by running
/var/dcc/updatedcc, then there is a /var/dcc/dcc_conf-new file
containing comments with an example DNSBL setting, as well as the
settings from your current dcc_conf file.
- depending on your combination of white and blacklisting in the global
/var/dcc/whiteclnt and per-user /var/dcc/userdirs/local/$USER/whiteclnt
files, it might be necessary to add the following line to
/var/dcc/whiteclnt
option MTA-first
- dccm checks not only the SMTP client IP address against the DNS
blacklist as sendmail does, but also the SMTP Mail_From domain
name, URLs in the message body, MX servers for Mail_From domain nams,
and DNS servers for Mail_From domain names and URLs. That is wrong
for some DNSBLs such as Spamhaus's PBL and ZEN that contain IP addresses
of legitimate DNS servers. When that is the case, precede the
-B arg in DNSBL_ARGS in /var/dcc/dcc that specifies the DNSBL
with -Bset:no-envelope -Bset:no-body -Bset:no-MX and/or -Bset:no-NS
as needed.
Vernon Schryver [EMAIL PROTECTED]
_______________________________________________
DCC mailing list [email protected]
http://www.rhyolite.com/mailman/listinfo/dcc
