Spamhaus XBL with DCC (Was: Experience with DKIM...)

Vernon Schryver
Sun Mar 30 14:17:09 UTC 2008

> From: Gary Mills <>

> > DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 %ID %BT' -Bset:no-NS"

> Yes, I'm using XBL through DCC because I want users to be able to
> whitelist messages rejected by XBL in the same manner that they can
> for messages rejected for bulkiness.  I'm using this setting:
>     DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 id %s from %s rejected. See' -Bset:no-body -Bset:no-MX -Bset:no-NS -Bxbl.dnsbl,any"

Why turn off XBL MX and NS checks for the SMTP envelope mail sender domain?

> I don't want to use PBL, included in ZEN I believe, because it includes
> the IP networks of many of our SMTP mail submission clients.  I don't
> want to reject those.  Now that most ISPs are blocking the SMTP port,
> it may be possible to revisit that decision.

So your SMTP mail submission clients are on too many networks to whitelist?
And they don't use SMTP-AUTH or TLS and that could be automatically
whitelisted by modifying with /var/dcc/libexec/hackmc -T
and doing the things mentioned in the comments in hackmc?  Or turning
off FEATURE(`delay_checks') or setting TRUST_AUTH_MECH can't be done
in your situation?  ok.

Vernon Schryver

More information about the DCC mailing list

Contact by mail or use the form.