Spamhaus XBL with DCC (Was: Experience with DKIM...)

Vernon Schryver vjs@calcite.rhyolite.com
Sun Mar 30 14:17:09 UTC 2008


> From: Gary Mills <mills@cc.umanitoba.ca>

> > DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 %ID %BT http://www.spamhaus.org/query/bl?ip=%BIP' -Bsbl-xbl.spamhaus.org -Bset:no-NS -Bzen.spamhaus.org"

> Yes, I'm using XBL through DCC because I want users to be able to
> whitelist messages rejected by XBL in the same manner that they can
> for messages rejected for bulkiness.  I'm using this setting:
>
>     DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 id %s from %s rejected. See http://www.spamhaus.org/xbl/' -Bset:no-body -Bset:no-MX -Bset:no-NS -Bxbl.dnsbl,any"

Why turn off XBL MX and NS checks for the SMTP envelope mail sender domain?

> I don't want to use PBL, included in ZEN I believe, because it includes
> the IP networks of many of our SMTP mail submission clients.  I don't
> want to reject those.  Now that most ISPs are blocking the SMTP port,
> it may be possible to revisit that decision.

So your SMTP mail submission clients are on too many networks to whitelist?
And they don't use SMTP-AUTH or TLS and that could be automatically
whitelisted by modifying sendmail.cf with /var/dcc/libexec/hackmc -T
and doing the things mentioned in the comments in hackmc?  Or turning
off FEATURE(`delay_checks') or setting TRUST_AUTH_MECH can't be done
in your situation?  ok.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.