[prev in list] [next in list] [prev in thread] [next in thread]
List: exim-users
Subject: Re: [exim] Abuse Bypassing SA when in To or CC
From: Magnus Holmgren <holmgren () lysator ! liu ! se>
Date: 2008-01-27 17:45:43
Message-ID: 200801271845.44404 () proffe ! kibibyte ! se
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On tisdagen den 22 januari 2008, Gaurav Pruthi wrote:
> How can i modify this acl to run SA in case it has more recepient other
> than abuse, postmaster or MAILER-DAEMON.
I use an ACL variable rather than adding a header that can be spoofed.
accept local_parts = postmaster : abuse
deny message = Client host [$sender_host_address] is listed in \
$dnslist_domain ($dnslist_text)
dnslists = zen.spamhaus.org : list.dsbl.org : dnsbl.njabl.org
accept set acl_m0 = canreject
For the case where SA isn't supposed to run at all, I set acl_m0 to "noscan".
Then in sa-exim.conf I have
SAEximRunCond: ${if !eq {$acl_m0}{noscan}}
SAEximRejCond: ${if eq{$acl_m0}{canreject}}
You can see these as examples in sa-exim.conf if you're running Debian.
--
Magnus Holmgren holmgren@lysator.liu.se
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
["signature.asc" (application/pgp-signature)]
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic