{"id":20,"date":"2008-01-11T17:44:14","date_gmt":"2008-01-11T22:44:14","guid":{"rendered":"http:\/\/www.popmartian.com\/tipsntricks\/2008\/01\/11\/rbls-with-exim4-debian-friendly\/"},"modified":"2011-01-19T15:01:19","modified_gmt":"2011-01-19T20:01:19","slug":"rbls-with-exim4-debian-friendly","status":"publish","type":"post","link":"https:\/\/www.popmartian.com\/tipsntricks\/2008\/01\/11\/rbls-with-exim4-debian-friendly\/","title":{"rendered":"RBLs with Exim4 (debian friendly)"},"content":{"rendered":"<p>Denying connections based on RBLs is a snap with Exim4.  Most confusion is related to ACLs and where the definition sits.<\/p>\n<p>The fastest way to deny based on RBL is to add it to whatever ACL you specify in acl_smtp_rcpt<\/p>\n<p>However, you <strong>MUST<\/strong> put the declaration AFTER any relay allow definitions.  ACLs are based on first-match which means they run in order and stop when they hit a match.  Implicit allow.<\/p>\n<p>Here is my ACL declared as acl_check_rcpt<\/p>\n<p><code><\/p>\n<pre>\r\nacl_check_rcpt:\r\n  accept  hosts = :\r\n  deny    local_parts   = ^.*[@%!\/|] : ^\\\\.   \r\n  accept  local_parts   = postmaster\r\n          domains       = +local_domains\r\n  require verify        = sender\r\n  deny    dnslists = zen.spamhaus.org\r\n          message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text\r\n  accept  domains       = +local_domains\r\n          endpass\r\n          message       = unknown user        \r\n          verify        = recipient\r\n  accept  domains       = +relay_to_domains\r\n          endpass\r\n          message       = unrouteable address\r\n          verify        = recipient\r\n  accept  hosts         = +relay_from_hosts               \r\n  accept  authenticated = *\r\n  deny    message       = relay not permitted\r\n<\/pre>\n<p><\/code><\/p>\n<p>The RBL definition is toward the bottom, after we allow everyone in that we want in.  This lets people relay via SMTP-AUTH or explicit allow before checking the RBL.  If they aren&#8217;t allowed via anything we allow, then we check the RBL and die with a nice message.<\/p>\n<p>Adverts:<br \/>\n<a href=\"http:\/\/www.amazon.com\/gp\/product\/0954452909?ie=UTF8&#038;tag=popma-20&#038;linkCode=as2&#038;camp=1789&#038;creative=9325&#038;creativeASIN=0954452909\">The Exim SMTP Mail Server<\/a><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.assoc-amazon.com\/e\/ir?t=popma-20&#038;l=as2&#038;o=1&#038;a=0954452909\" width=\"1\" height=\"1\" border=\"0\" alt=\"\" style=\"border:none !important; margin:0px !important;\" \/><br \/>\n<a href=\"http:\/\/www.amazon.com\/gp\/product\/0596000987?ie=UTF8&#038;tag=popma-20&#038;linkCode=as2&#038;camp=1789&#038;creative=9325&#038;creativeASIN=0596000987\">Exim: The Mail Transfer Agent<\/a><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.assoc-amazon.com\/e\/ir?t=popma-20&#038;l=as2&#038;o=1&#038;a=0596000987\" width=\"1\" height=\"1\" border=\"0\" alt=\"\" style=\"border:none !important; margin:0px !important;\" \/><br \/>\n<a href=\"http:\/\/www.amazon.com\/gp\/product\/0954452976?ie=UTF8&#038;tag=popma-20&#038;linkCode=as2&#038;camp=1789&#038;creative=9325&#038;creativeASIN=0954452976\">The Exim SMTP Mail Server: Official Guide for Release 4<\/a><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.assoc-amazon.com\/e\/ir?t=popma-20&#038;l=as2&#038;o=1&#038;a=0954452976\" width=\"1\" height=\"1\" border=\"0\" alt=\"\" style=\"border:none !important; margin:0px !important;\" \/><br \/>\n<a href=\"http:\/\/www.amazon.com\/gp\/product\/0131478230?ie=UTF8&#038;tag=popma-20&#038;linkCode=as2&#038;camp=1789&#038;creative=9325&#038;creativeASIN=0131478230\">A Practical Guide to Linux(R) Commands, Editors, and Shell Programming<\/a><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.assoc-amazon.com\/e\/ir?t=popma-20&#038;l=as2&#038;o=1&#038;a=0131478230\" width=\"1\" height=\"1\" border=\"0\" alt=\"\" style=\"border:none !important; margin:0px !important;\" \/><br \/>\n<a href=\"http:\/\/www.amazon.com\/gp\/product\/0596005652?ie=UTF8&#038;tag=popma-20&#038;linkCode=as2&#038;camp=1789&#038;creative=9325&#038;creativeASIN=0596005652\">Understanding the Linux Kernel<\/a><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.assoc-amazon.com\/e\/ir?t=popma-20&#038;l=as2&#038;o=1&#038;a=0596005652\" width=\"1\" height=\"1\" border=\"0\" alt=\"\" style=\"border:none !important; margin:0px !important;\" \/><br \/>\n<a href=\"http:\/\/www.amazon.com\/gp\/product\/0596527209?ie=UTF8&#038;tag=popma-20&#038;linkCode=as2&#038;camp=1789&#038;creative=9325&#038;creativeASIN=0596527209\">Ubuntu Hacks: Tips &#038; Tools for Exploring, Using, and Tuning Linux (Hacks)<\/a><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.assoc-amazon.com\/e\/ir?t=popma-20&#038;l=as2&#038;o=1&#038;a=0596527209\" width=\"1\" height=\"1\" border=\"0\" alt=\"\" style=\"border:none !important; margin:0px !important;\" \/><br \/>\n<a href=\"http:\/\/www.amazon.com\/gp\/product\/0596006284?ie=UTF8&#038;tag=popma-20&#038;linkCode=as2&#038;camp=1789&#038;creative=9325&#038;creativeASIN=0596006284\">Linux Pocket Guide<\/a><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.assoc-amazon.com\/e\/ir?t=popma-20&#038;l=as2&#038;o=1&#038;a=0596006284\" width=\"1\" height=\"1\" border=\"0\" alt=\"\" style=\"border:none !important; margin:0px !important;\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Denying connections based on RBLs is a snap with Exim4. Most confusion is related to ACLs and where the definition sits. The fastest way to deny based on RBL is to add it to whatever ACL you specify in acl_smtp_rcpt &hellip; <a href=\"https:\/\/www.popmartian.com\/tipsntricks\/2008\/01\/11\/rbls-with-exim4-debian-friendly\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,19,3,4,43,6,8,17],"tags":[],"class_list":["post-20","post","type-post","status-publish","format-standard","hentry","category-email-servers","category-exim","category-how-to-do-stuff","category-posted-by-email","category-rbl","category-smtp","category-software","category-spam"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.popmartian.com\/tipsntricks\/wp-json\/wp\/v2\/posts\/20","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.popmartian.com\/tipsntricks\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.popmartian.com\/tipsntricks\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.popmartian.com\/tipsntricks\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.popmartian.com\/tipsntricks\/wp-json\/wp\/v2\/comments?post=20"}],"version-history":[{"count":2,"href":"https:\/\/www.popmartian.com\/tipsntricks\/wp-json\/wp\/v2\/posts\/20\/revisions"}],"predecessor-version":[{"id":47,"href":"https:\/\/www.popmartian.com\/tipsntricks\/wp-json\/wp\/v2\/posts\/20\/revisions\/47"}],"wp:attachment":[{"href":"https:\/\/www.popmartian.com\/tipsntricks\/wp-json\/wp\/v2\/media?parent=20"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.popmartian.com\/tipsntricks\/wp-json\/wp\/v2\/categories?post=20"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.popmartian.com\/tipsntricks\/wp-json\/wp\/v2\/tags?post=20"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}