剛剛發現 anti-spam.org.cn 的 CBL 把 Xuite 的 smtp server 列進去了(IP 是 210.242.46.140)。
所以在 sendmail、Postfix、exim 的設定中把 anti-spam.org.cn 的 RBL 拿掉了。
另外,在 exim 中,把 前一篇 post 的 ACL 擴充成以下這樣:
check_hello:
deny message = HELO/EHLO with wrong IP address.
hosts = !+relay_hosts
log_message = HELO/EHLO my.ip
condition = ${if eq {$sender_helo_name}{###.###.###.###} {yes}{no}}
deny message = HELO/EHLO with wrong IP address.
hosts = !+relay_hosts
log_message = HELO/EHLO localhost
condition = ${if match {$sender_helo_name}{localhost} {yes}{no}}
deny message = HELO/EHLO with wrong IP address.
log_message = HELO/EHLO none
condition = ${if match {$sender_helo_name}{none} {yes}{no}}
deny message = HELO/EHLO with wrong IP address.
log_message = HELO/EHLO no dot
condition = ${if match{$sender_helo_name}{\\.}{no}{yes}}
acceptcheck_mail:
deny message = $sender_host_address is listed in $dnslist_domain
hosts = !+relay_hosts
!authenticated = *
dnslists = bl.spamcop.net : \
sbl.spamhaus.org : \
list.dsbl.org
deny message = Invalid mail-from envelope header
hosts = !+relay_hosts
!authenticated = *
log_message = Invalid mail-from envelope header
condition = ${if match {$sender_address} {\\.} {no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Yahoo
senders = *@yahoo.com
condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Yahoo
senders = *@yahoo.com.tw
condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake hotmail
senders = *@hotmail.com
condition = ${if match {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake MSN
senders = *@msn.com
condition = ${if match {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake AOL
senders = *@aol.com
condition = ${if match {$sender_host_name}{\Nmx.aol.com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Gmail
senders = *@gmail.com
condition = ${if match {$sender_host_name}{\Ngoogle.com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Hinet
senders = *@hinet.net
condition = ${if match {$sender_host_name}{\Nhinet.net$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Hinet
senders = *@msa.hinet.net
condition = ${if match {$sender_host_name}{\Nhinet.net$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Hinet
senders = *@umail.hinet.net
condition = ${if match {$sender_host_name}{\Nhinet.net$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Hinet
senders = *@cm1.hinet.net
condition = ${if match {$sender_host_name}{\Nhinet.net$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Xuite
senders = *@xuite.net
condition = ${if match {$sender_host_name}{\Nxuite.net$\N}{no}{yes}}
acceptcheck_data:
deny message = Message SHOULD have Message-ID.
hosts = !+relay_hosts
!authenticated = *
log_message = No Message-ID
condition = ${if !def:h_Message-ID: {1}}
deny message = Message SHOULD have Date.
hosts = !+relay_hosts
!authenticated = *
log_message = No Date
condition = ${if !def:h_Date: {1}}
accept
話說… 前一篇 post 的 ACL 加上去之後, reject log 的檔案大小爆跳成原本的三倍多。