Vernon Schryver
vjs@calcite.rhyolite.com
Sun, 30 Mar 2008 14:17:09 GMT
> From: Gary Mills <mills@cc.umanitoba.ca> > > DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 %ID %BT http://www.spamhaus.org/query/bl?ip=%BIP' -Bsbl-xbl.spamhaus.org -Bset:no-NS -Bzen.spamhaus.org" > Yes, I'm using XBL through DCC because I want users to be able to > whitelist messages rejected by XBL in the same manner that they can > for messages rejected for bulkiness. I'm using this setting: > > DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 id %s from %s rejected. See http://www.spamhaus.org/xbl/' -Bset:no-body -Bset:no-MX -Bset:no-NS -Bxbl.dnsbl,any" Why turn off XBL MX and NS checks for the SMTP envelope mail sender domain? > I don't want to use PBL, included in ZEN I believe, because it includes > the IP networks of many of our SMTP mail submission clients. I don't > want to reject those. Now that most ISPs are blocking the SMTP port, > it may be possible to revisit that decision. So your SMTP mail submission clients are on too many networks to whitelist? And they don't use SMTP-AUTH or TLS and that could be automatically whitelisted by modifying sendmail.cf with /var/dcc/libexec/hackmc -T and doing the things mentioned in the comments in hackmc? Or turning off FEATURE(`delay_checks') or setting TRUST_AUTH_MECH can't be done in your situation? ok. Vernon Schryver vjs@rhyolite.com