On 2009-07-12 at 14:31 -0700, Alex Carver wrote:
> New question: Now that I reconfigured and reinserted support for Spamhaus, I
> haven't seen Exim block an email even though I've seen plenty of emails
> coming in from domains listed in zen.spamhaus.org
>
> Under acl_check_rcpt I have:
>
> deny
> message = X-Warning: $sender_host_address is listed at $dnslist_domain
> ($dnslist_value: $dnslis
> t_text)
> log_message = $sender_host_address is listed at $dnslist_domain
> ($dnslist_value: $dnslist_text)
> dnslists = zen.spamhaus.org
Where do you have this within acl_check_rcpt? Note that the ACL is
worked through in order, so unless you have this stanza before the bit
which goes:
require message = relay not permitted
domains = +local_domains : +relay_to_domains
then Exim won't get as far as checking that.
Why do you have "X-Warning: " at the start of message? It's an SMTP
refusal message, not a header, when you're in deny.
You probably also want to add some exceptions to that, such as a local
whitelist, for the times when someone you care about ends up on an RBL.
Also "!authenticated = *"; eg, my home IP is a residential cable-modem
IP and if I send mail via my colo server, I'll be using authenticated
SMTP -- if you need to support remote workers, you'll want to make sure
that they're not blocked based on source IP. (Hey, my current home IP
is on zen, [127.0.0.10]).
> Nothing shows up in the logs that any email was blocked because it's on the
> RBL. Here's a log example of a domain that is on the RBL but exim never
> blocked:
>
> 2009-07-12 13:29:54 H=118-169-198-20.dynamic.hinet.net (www.hello.com)
> [118.169.198.20] F=<[email protected]> rejected RCPT
> <[email protected]>: relay not permitted
> 2009-07-12 13:29:55 unexpected disconnection while reading SMTP command from
> 118-169-198-20.dynamic.hinet.net (www.hello.com) [118.169.198.20]
>
>
> It only failed because it was an attempt at a relay.
>
> So is there a way to double check that Exim is querying the RBL?
$ exim -d+acl -bh $bad_ip -bs
and type in raw SMTP. This is debugging with extra debugging for ACLs
turned on.
Myself, to help remote administrators debug mail delivery, I have this
in my connect ACL (amongst other things):
accept !dnslists = [ some local whitelist stuff ]
dnslists = zen.spamhaus.org
message = ${smtp_active_hostname} ESMTP - NO UCE NO UBE ${tod_log}
(UTC)\n\
WARNING: You are on RBL $dnslist_domain: $dnslist_text\n\
Your mail will not be accepted unauthenticated.
The side-effect of multi-line SMTP responses causing problems for flaky
clients is a side-benefit.
-Phil
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
