First, let me apologize for not trying to figure this out first
without adding to a closed bug report - I was just really stuck!
A few weeks ago, I had mentioned the desire to be able to auto-add
whitelist entries, based on outbound mail from local users to external
domains.
ie: joe@mydomain sends to bob@aol.com, which WLs mail from bob@aol.com
to joe@mydomain.
Marc Perkel suggested I take a look at the rate limiting stuff. I
did, but actually doing the work, I put off until both noupdate was
available, and I had more time to look at it (which ended up being this
weekend).
This seems to work well for autowhitelisting:
In the rcpt_acl, for the accept stanzas that handle local mail
to non-local domains, this is added:
ratelimit = 0 / 52w / per_cmd / strict / ${lc:$sender_address:$local_part@$domain}
In the rcpt acl, for email from non-local domains to local domains, this
is added before dnsbl and similar acl checks:
warn ratelimit = 0 / 52w / per_cmd / strict / noupdate / ${lc:$local_part@$domain:$sender_address}
set acl_m7 = $sender_rate
accept condition = ${if >={${sg{$acl_m7}{[.].*}{}}}{1}}
add_header = X-Whitelisted: Auto
(I probably could have done the two stanzas above in one, but this
is what I ended up with after pulling my temp logging statements, etc).
The above is just a proof-of-concept. I may end up shrinking the period,
and using exim_dumpdb and a shell script to populate the already-existing
per-user whitelists. (since losing the ratelimit db during an upgrade
has been mentioned in the bug's comments)
Thoughts? Worth putting in the wiki? (I'll post it in exim-users
if it's not premature, considering that 4.68 isn't out yet).
Btw - I'm very impressed with ratelimit, and plan to use it for
actual ratelimiting purposes, on internal relay boxes I'm building
at work.
Thanks,
Dave
--
--------------------------------------------------------
Dave Lugo dlugo@etherboy.com LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
without adding to a closed bug report - I was just really stuck!
A few weeks ago, I had mentioned the desire to be able to auto-add
whitelist entries, based on outbound mail from local users to external
domains.
ie: joe@mydomain sends to bob@aol.com, which WLs mail from bob@aol.com
to joe@mydomain.
Marc Perkel suggested I take a look at the rate limiting stuff. I
did, but actually doing the work, I put off until both noupdate was
available, and I had more time to look at it (which ended up being this
weekend).
This seems to work well for autowhitelisting:
In the rcpt_acl, for the accept stanzas that handle local mail
to non-local domains, this is added:
ratelimit = 0 / 52w / per_cmd / strict / ${lc:$sender_address:$local_part@$domain}
In the rcpt acl, for email from non-local domains to local domains, this
is added before dnsbl and similar acl checks:
warn ratelimit = 0 / 52w / per_cmd / strict / noupdate / ${lc:$local_part@$domain:$sender_address}
set acl_m7 = $sender_rate
accept condition = ${if >={${sg{$acl_m7}{[.].*}{}}}{1}}
add_header = X-Whitelisted: Auto
(I probably could have done the two stanzas above in one, but this
is what I ended up with after pulling my temp logging statements, etc).
The above is just a proof-of-concept. I may end up shrinking the period,
and using exim_dumpdb and a shell script to populate the already-existing
per-user whitelists. (since losing the ratelimit db during an upgrade
has been mentioned in the bug's comments)
Thoughts? Worth putting in the wiki? (I'll post it in exim-users
if it's not premature, considering that 4.68 isn't out yet).
Btw - I'm very impressed with ratelimit, and plan to use it for
actual ratelimiting purposes, on internal relay boxes I'm building
at work.
Thanks,
Dave
--
--------------------------------------------------------
Dave Lugo dlugo@etherboy.com LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##