Denying connections based on RBLs is a snap with Exim4. Most confusion is related to ACLs and where the definition sits.
The fastest way to deny based on RBL is to add it to whatever ACL you specify in acl_smtp_rcpt
However, you MUST put the declaration AFTER any relay allow definitions. ACLs are based on first-match which means they run in order and stop when they hit a match. Implicit allow.
Here is my ACL declared as acl_check_rcpt
acl_check_rcpt:
accept hosts = :
deny local_parts = ^.*[@%!/|] : ^\\.
accept local_parts = postmaster
domains = +local_domains
require verify = sender
deny dnslists = zen.spamhaus.org
message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted
The RBL definition is toward the bottom, after we allow everyone in that we want in. This lets people relay via SMTP-AUTH or explicit allow before checking the RBL. If they aren’t allowed via anything we allow, then we check the RBL and die with a nice message.
Adverts:
The Exim SMTP Mail Server
Exim: The Mail Transfer Agent
The Exim SMTP Mail Server: Official Guide for Release 4
A Practical Guide to Linux(R) Commands, Editors, and Shell Programming
Understanding the Linux Kernel
Ubuntu Hacks: Tips & Tools for Exploring, Using, and Tuning Linux (Hacks)
Linux Pocket Guide
