Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Using ORDB with Exim 4.04
William.Craven at ubc
Jun 6, 2002, 12:00 PM
Post #1 of 5 (1010 views)
Permalink
Hello....

I am attempting to use the ORDB Realtime Blackhole List in the ACL list
associated with SMTP RCPT command and it seems to have had no effect. A
message came through last night that was sent from an ORDB blocked site
and the header was not added.

The ACL set smtp_rcpt is as follows

smtp_rcpt:
accept hosts = :
deny hosts = +block_hosts
message = host $sender_host_address is blocked by this server
warn dnslists = relays.ordb.org/warn
message = X-RBL-Warning: [ORDB] possible SPAM see \
http://www.ordb.org/lookup/?host=$sender_host_address
accept authenticated = *
require verify = sender
accept domains = +local_domains
accept domains = +relay_domains
accept hosts = +relay_hosts
deny message = host $sender_host_address is not permitted to relay

The ACL in question is the "warn" ACL - and all I am doing is adding a
warning header if the message comes from the "bad" site.

The headers of the message that should have been flagged is as follows

>Delivery-date: Wed, 05 Jun 2002 19:43:10 -0700
>Received: from [208.34.34.98] (helo=Origin200)
> by cheshire.ucs.ubc.ca with smtp (Exim 4.04)
> id 17FnEy-0000zq-00
> for nmc@netcom.ubc.ca; Wed, 05 Jun 2002 19:43:08 -0700
>Received: from chem.cinvestav.mx (mail.horton-intl.com.au
[203.202.130.178]) by Origin200 (980427.SGI.8.8.8/980728.SGI.AUTOCF) via
ESMTP id VAA55154; Wed, 5 Jun 2002 21:43:40 -0500 (CDT)
>From: conniecorey@hotmail.com
>Message-ID: <0000614944c4$000033fa$00002e2e@chinapage.org>
>To: <munir57@usa.net>, <monicalonn@hotmail.com>,
<mythosboy@earthlink.net>,
> <muibitop@aol.com>
>Cc: <mmjmc@hotmail.com>, <olgmo@aol.com>, <nancyori@comcast.net>,
> <monapetersen@hotmail.com>
>Subject: Make your prints beautiful & SAVE BIG!NR
>Date: Thu, 06 Jun 2002 22:48:25 -1600
>MIME-Version: 1.0
>Content-Type: text/plain
>Reply-To: conniecorey@hotmail.com
>X-MIME-Autoconverted: from 8bit to quoted-printable by Origin200 id
VAA55154

As you can see we (cheshire.ucs.ubc.ca) received this message from
208.34.34.98 and this site is flagged by ORDB - see
http://www.ordb.org/lookup/?host=208.34.34.98

So why has the X-RBL-Warning: header not added to the message. Have I
configured the ACL incorrectly ?

Any pointers would be much appreciated.

Thanks

Wm.
--
William Craven
ITServices Email: William.Craven@ubc.ca
University of British Columbia Tel: +1-604-822-8955
Vancouver, BC, Canada V6T 1Z2 Fax: +1-604-822-5116
Re: Using ORDB with Exim 4.04 [ In reply to ]
djc at microwave
Jun 6, 2002, 1:15 PM
Post #2 of 5 (995 views)
Permalink
On Thu, 6 Jun 2002, William Craven wrote:

> Hello....
>
> I am attempting to use the ORDB Realtime Blackhole List in the ACL list
> associated with SMTP RCPT command and it seems to have had no effect. A
> message came through last night that was sent from an ORDB blocked site
> and the header was not added.
>
> The ACL set smtp_rcpt is as follows
>
> smtp_rcpt:
> accept hosts = :
> deny hosts = +block_hosts
> message = host $sender_host_address is blocked by this server
> warn dnslists = relays.ordb.org/warn
^^^^^
This seems to be something left over from your exim3 setup

Try just:

warn dnslists = relays.ordb.org


> message = X-RBL-Warning: [ORDB] possible SPAM see \
> http://www.ordb.org/lookup/?host=$sender_host_address
> accept authenticated = *
> require verify = sender
> accept domains = +local_domains
> accept domains = +relay_domains
> accept hosts = +relay_hosts
> deny message = host $sender_host_address is not permitted to relay
>
> The ACL in question is the "warn" ACL - and all I am doing is adding a
> warning header if the message comes from the "bad" site.
>
> The headers of the message that should have been flagged is as follows
>
> >Delivery-date: Wed, 05 Jun 2002 19:43:10 -0700
> >Received: from [208.34.34.98] (helo=Origin200)
> > by cheshire.ucs.ubc.ca with smtp (Exim 4.04)
> > id 17FnEy-0000zq-00
> > for nmc@netcom.ubc.ca; Wed, 05 Jun 2002 19:43:08 -0700
> >Received: from chem.cinvestav.mx (mail.horton-intl.com.au
> [203.202.130.178]) by Origin200 (980427.SGI.8.8.8/980728.SGI.AUTOCF) via
> ESMTP id VAA55154; Wed, 5 Jun 2002 21:43:40 -0500 (CDT)
> >From: conniecorey@hotmail.com
> >Message-ID: <0000614944c4$000033fa$00002e2e@chinapage.org>
> >To: <munir57@usa.net>, <monicalonn@hotmail.com>,
> <mythosboy@earthlink.net>,
> > <muibitop@aol.com>
> >Cc: <mmjmc@hotmail.com>, <olgmo@aol.com>, <nancyori@comcast.net>,
> > <monapetersen@hotmail.com>
> >Subject: Make your prints beautiful & SAVE BIG!NR
> >Date: Thu, 06 Jun 2002 22:48:25 -1600
> >MIME-Version: 1.0
> >Content-Type: text/plain
> >Reply-To: conniecorey@hotmail.com
> >X-MIME-Autoconverted: from 8bit to quoted-printable by Origin200 id
> VAA55154
>
> As you can see we (cheshire.ucs.ubc.ca) received this message from
> 208.34.34.98 and this site is flagged by ORDB - see
> http://www.ordb.org/lookup/?host=208.34.34.98
>
> So why has the X-RBL-Warning: header not added to the message. Have I
> configured the ACL incorrectly ?
>
> Any pointers would be much appreciated.
>
> Thanks
>
> Wm.
> --
> William Craven
> ITServices Email: William.Craven@ubc.ca
> University of British Columbia Tel: +1-604-822-8955
> Vancouver, BC, Canada V6T 1Z2 Fax: +1-604-822-5116
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>


--
Re: Using ORDB with Exim 4.04 [ In reply to ]
William.Craven at ubc
Jun 10, 2002, 8:23 AM
Post #3 of 5 (998 views)
Permalink
"Dave C." wrote:

> > I am attempting to use the ORDB Realtime Blackhole List in the ACL list
> > associated with SMTP RCPT command and it seems to have had no effect. A
> > message came through last night that was sent from an ORDB blocked site
> > and the header was not added.
> >
> > The ACL set smtp_rcpt is as follows
> >
> > smtp_rcpt:
> > accept hosts = :
> > deny hosts = +block_hosts
> > message = host $sender_host_address is blocked by this server
> > warn dnslists = relays.ordb.org/warn
> ^^^^^
> This seems to be something left over from your exim3 setup
>
> Try just:
>
> warn dnslists = relays.ordb.org
>
> > message = X-RBL-Warning: [ORDB] possible SPAM see \
> > http://www.ordb.org/lookup/?host=$sender_host_address

Removed '/warn' and still no joy. I must be missing something obvious.
Any other pointers - is there any person on this list who is
successfully using ORDB RBL with Exim 4.04 could forward their ACL for
me to compare.

Thanks

Wm.
--
William Craven
ITServices Email: William.Craven@ubc.ca
University of British Columbia Tel: +1-604-822-8955
Vancouver, BC, Canada V6T 1Z2 Fax: +1-604-822-5116
Re: Using ORDB with Exim 4.04 [ In reply to ]
djc at microwave
Jun 10, 2002, 9:37 AM
Post #4 of 5 (1000 views)
Permalink
On Mon, 10 Jun 2002, William Craven wrote:

> "Dave C." wrote:
>
> > > I am attempting to use the ORDB Realtime Blackhole List in the ACL list
> > > associated with SMTP RCPT command and it seems to have had no effect. A
> > > message came through last night that was sent from an ORDB blocked site
> > > and the header was not added.
> > >
> > > The ACL set smtp_rcpt is as follows
> > >
> > > smtp_rcpt:
> > > accept hosts = :
> > > deny hosts = +block_hosts
> > > message = host $sender_host_address is blocked by this server
> > > warn dnslists = relays.ordb.org/warn
> > ^^^^^
> > This seems to be something left over from your exim3 setup
> >
> > Try just:
> >
> > warn dnslists = relays.ordb.org
> >
> > > message = X-RBL-Warning: [ORDB] possible SPAM see \
> > > http://www.ordb.org/lookup/?host=$sender_host_address
>
> Removed '/warn' and still no joy. I must be missing something obvious.
> Any other pointers - is there any person on this list who is
> successfully using ORDB RBL with Exim 4.04 could forward their ACL for
> me to compare.

Try:

exim -d -bh 1.2.3.4

(where 1.2.3.4 is an IP thats listed on the ordb)

This might give you a clue..
Re: Using ORDB with Exim 4.04 [ In reply to ]
dsh8290 at rit
Jun 10, 2002, 9:48 AM
Post #5 of 5 (998 views)
Permalink
--
On Mon, Jun 10, 2002 at 08:23:26AM -0700, William Craven wrote:

| Removed '/warn' and still no joy. I must be missing something obvious.
| Any other pointers - is there any person on this list who is
| successfully using ORDB RBL with Exim 4.04 could forward their ACL for
| me to compare.

Here's what I have :

# hosts matching this will NOT be checked against DNSBL lists
# don't check on pony-express.cs.rit.edu
hostlist skip_rbl_hosts = <, 192.168.0.0/23 , 127.0.0.1/32 , ::1 , 129.21.30.24


warn hosts = !+skip_rbl_hosts
dnslists = relays.ordb.org
message = X-RBL-Warning: $sender_host_address , $dnslist_domain , $dnslist_value , $dnslist_text
log_message = RBL : $sender_host_address , $dnslist_domain , $dnslist_value , $dnslist_text

$ /usr/sbin/exim -bV
Exim version 4.04 #10 built 22-May-2002 00:51:23
Copyright (c) University of Cambridge 2002

HTH,
-D

--

A)bort, R)etry, B)ang it with a large hammer

GnuPG key : http://dman.ddts.net/~dman/public_key.gpg

--
[ Content of type application/pgp-signature deleted ]
--

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal