RBLs with Exim4 (debian friendly)

Posted on January 11, 2008 by admin

Denying connections based on RBLs is a snap with Exim4. Most confusion is related to ACLs and where the definition sits.

The fastest way to deny based on RBL is to add it to whatever ACL you specify in acl_smtp_rcpt

However, you MUST put the declaration AFTER any relay allow definitions. ACLs are based on first-match which means they run in order and stop when they hit a match. Implicit allow.

Here is my ACL declared as acl_check_rcpt

acl_check_rcpt:
  accept  hosts = :
  deny    local_parts   = ^.*[@%!/|] : ^\\.   
  accept  local_parts   = postmaster
          domains       = +local_domains
  require verify        = sender
  deny    dnslists = zen.spamhaus.org
          message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
  accept  domains       = +local_domains
          endpass
          message       = unknown user        
          verify        = recipient
  accept  domains       = +relay_to_domains
          endpass
          message       = unrouteable address
          verify        = recipient
  accept  hosts         = +relay_from_hosts               
  accept  authenticated = *
  deny    message       = relay not permitted

The RBL definition is toward the bottom, after we allow everyone in that we want in. This lets people relay via SMTP-AUTH or explicit allow before checking the RBL. If they aren’t allowed via anything we allow, then we check the RBL and die with a nice message.

Adverts:
The Exim SMTP Mail Server
Exim: The Mail Transfer Agent
The Exim SMTP Mail Server: Official Guide for Release 4
A Practical Guide to Linux(R) Commands, Editors, and Shell Programming
Understanding the Linux Kernel
Ubuntu Hacks: Tips & Tools for Exploring, Using, and Tuning Linux (Hacks)
Linux Pocket Guide

Posted in Email Servers, Exim, How Tos, Mail Post, RBL, SMTP, Software, spam | Leave a comment

Updating RedHat 9

Posted on December 17, 2007 by admin

Simply: You can’t. up2date will not run and RedHat does not provide updated packages. In 2003 RedHat switched from RedHat9 to Fedora. If you have an old RedHat box, you will have to migrate to Fedora. If it is really old, you may just be out of luck. Next time keep up with those updates.

Posted in How Tos, linux, redhat | Leave a comment

Quick Character Escaping in PHP

Posted on October 10, 2007 by admin

When writing PHP web apps, I tend to run in to a portability issue when dealing with SQL connectivity. Since I can’t count on having the PEAR DB module available, I rolled my own set of functions to interact with a MySQL database.

The problem lies in escaping characters in your SQL queries. Do I addslashes()? Is magic_quotes_gpc enabled?

My quick-and-dirty solution is the following function:


function request_cleanup()
{
  if(get_magic_quotes_gpc() == 0)
  {
    foreach($_REQUEST as $req_key => $req_value)
    {
      $_REQUEST[$req_key]=addslashes($_REQUEST[$req_key]);
    }
  }
}

By calling that function on every page that deals with inserting content in to the database, I know will will get my content escaped correctly.

Of course it escapes all submitted content, including that which isn’t going in to the database so don’t forget to stripslashes() when you are working with data that doesn’t need it.

Example:

request_cleanup();

$notes = $_REQUEST['notes '];
$confirmation = stripslashes($_REQUEST['notes ']);

$SQL = "INSERT INTO notes (note) VALUES ('$notes')";
sql_proc($SQL);

print "Your note was: $confirmation";

Posted in php, Programming, SQL | Leave a comment