From 95d520f50a08511d7bc9a05c77929ffb7c3bcf47 Mon Sep 17 00:00:00 2001 From: Mirek Kratochvil Date: Sat, 19 Jul 2014 18:29:05 +0200 Subject: [PATCH] exim: act correctly on dnsbl+authentication When an (possibly) authenticated user tried to send mail from an address listed on any DNSBL, he was rejected without any chance to authenticate, thus proving he is not a spammer. This commit rearranges the order of checks so that authentication is possible even from DNSBL'd IP. --- install/debian/exim4.conf.template | 6 ++++-- install/rhel/exim-smarthost.conf | 6 ++++-- install/rhel/exim.conf | 6 ++++-- install/ubuntu/exim4.conf.template | 6 ++++-- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/install/debian/exim4.conf.template b/install/debian/exim4.conf.template index a5d353a33..30c13d4af 100644 --- a/install/debian/exim4.conf.template +++ b/install/debian/exim4.conf.template @@ -51,8 +51,6 @@ acl_check_spammers: drop message = Your host in blacklist on this server. log_message = Host in blacklist hosts = +spammers - deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text - dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} accept acl_check_mail: @@ -102,6 +100,10 @@ acl_check_rcpt: accept authenticated = * control = submission/domain= + deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + require message = relay not permitted domains = +local_domains : +relay_to_domains diff --git a/install/rhel/exim-smarthost.conf b/install/rhel/exim-smarthost.conf index 99b1c90c7..1f649a9e7 100644 --- a/install/rhel/exim-smarthost.conf +++ b/install/rhel/exim-smarthost.conf @@ -51,8 +51,6 @@ acl_check_spammers: drop message = Your host in blacklist on this server. log_message = Host in blacklist hosts = +spammers - deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text - dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}} accept acl_check_mail: @@ -102,6 +100,10 @@ acl_check_rcpt: accept authenticated = * control = submission/domain= + deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}} + require message = relay not permitted domains = +local_domains : +relay_to_domains diff --git a/install/rhel/exim.conf b/install/rhel/exim.conf index 8567cb181..25d99fbd5 100644 --- a/install/rhel/exim.conf +++ b/install/rhel/exim.conf @@ -51,8 +51,6 @@ acl_check_spammers: drop message = Your host in blacklist on this server. log_message = Host in blacklist hosts = +spammers - deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text - dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}} accept acl_check_mail: @@ -102,6 +100,10 @@ acl_check_rcpt: accept authenticated = * control = submission/domain= + deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}} + require message = relay not permitted domains = +local_domains : +relay_to_domains diff --git a/install/ubuntu/exim4.conf.template b/install/ubuntu/exim4.conf.template index a5d353a33..30c13d4af 100644 --- a/install/ubuntu/exim4.conf.template +++ b/install/ubuntu/exim4.conf.template @@ -51,8 +51,6 @@ acl_check_spammers: drop message = Your host in blacklist on this server. log_message = Host in blacklist hosts = +spammers - deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text - dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} accept acl_check_mail: @@ -102,6 +100,10 @@ acl_check_rcpt: accept authenticated = * control = submission/domain= + deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + require message = relay not permitted domains = +local_domains : +relay_to_domains