On Sun, Mar 30, 2008 at 02:17:09PM +0000, Vernon Schryver wrote: > > From: Gary Mills <[EMAIL PROTECTED]> > > > > DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 %ID %BT > > > http://www.spamhaus.org/query/bl?ip=%BIP' -Bsbl-xbl.spamhaus.org > > > -Bset:no-NS -Bzen.spamhaus.org" > > > Yes, I'm using XBL through DCC because I want users to be able to > > whitelist messages rejected by XBL in the same manner that they can > > for messages rejected for bulkiness. I'm using this setting: > > > > DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 id %s from %s rejected. See > > http://www.spamhaus.org/xbl/' -Bset:no-body -Bset:no-MX -Bset:no-NS > > -Bxbl.dnsbl,any" > > Why turn off XBL MX and NS checks for the SMTP envelope mail sender domain?
I was trying to minimize the amount of nameserver queries done for each e-mail message. I assume that other envelope checks are still done. I could ramp it up a bit to see what happens. > > I don't want to use PBL, included in ZEN I believe, because it includes > > the IP networks of many of our SMTP mail submission clients. I don't > > want to reject those. Now that most ISPs are blocking the SMTP port, > > it may be possible to revisit that decision. > > So your SMTP mail submission clients are on too many networks to whitelist? Yes, that's correct. They could be anywhere in the world. It's the old problem that SMTP servers can't distinguish between clients and other SMTP servers. > And they don't use SMTP-AUTH or TLS and that could be automatically > whitelisted by modifying sendmail.cf with /var/dcc/libexec/hackmc -T > and doing the things mentioned in the comments in hackmc? Or turning > off FEATURE(`delay_checks') or setting TRUST_AUTH_MECH can't be done > in your situation? ok. Yes, I am using some of those features. Most clients will use SMTP authentication or DRAC, but a few still use plain SMTP. Our two large local ISPs now block the SMTP port. For clients there we do require SMTP authentication. I just can't tell what other clients will be affected if I start using the PBL. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
