Denying connections based on RBLs is a snap with Exim4. Most confusion is related to ACLs and where the definition sits.
The fastest way to deny based on RBL is to add it to whatever ACL you specify in acl_smtp_rcpt
However, you MUST put the declaration AFTER any relay allow definitions. ACLs are based on first-match which means they run in order and stop when they hit a match. Implicit allow.
Here is my ACL declared as acl_check_rcpt
acl_check_rcpt: accept hosts = : deny local_parts = ^.*[@%!/|] : ^\\. accept local_parts = postmaster domains = +local_domains require verify = sender deny dnslists = zen.spamhaus.org message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text accept domains = +local_domains endpass message = unknown user verify = recipient accept domains = +relay_to_domains endpass message = unrouteable address verify = recipient accept hosts = +relay_from_hosts accept authenticated = * deny message = relay not permitted
The RBL definition is toward the bottom, after we allow everyone in that we want in. This lets people relay via SMTP-AUTH or explicit allow before checking the RBL. If they aren’t allowed via anything we allow, then we check the RBL and die with a nice message.
The Exim SMTP Mail Server
Exim: The Mail Transfer Agent
The Exim SMTP Mail Server: Official Guide for Release 4
A Practical Guide to Linux(R) Commands, Editors, and Shell Programming
Understanding the Linux Kernel
Ubuntu Hacks: Tips & Tools for Exploring, Using, and Tuning Linux (Hacks)
Linux Pocket Guide