[Greylist-users] Exim 4 ACL - greylisting only outside hosts

William Blunn bill--greylist at blunn.org
Wed Mar 3 06:36:20 PST 2004

I was pondering on my ACL hook for doing greylisting.

So far, I had come up with this:

  require  condition = ${run{ \
      /usr/local/lib/bagley/bagley \
        $sender_host_address \
        "${sg{$sender_address}{([\\\\"])}{\\\\\$1}}" \
        "${sg{${quote_local_part:$local_part}@$domain}{([\\\\"])}{\\\\\$1}}" \
This rule runs for all messages.

On my system, I have a custom Exim 4 which only handles mail coming in
from "outside", so it doesn't matter if it processes all messages.

But I was wondering what to do in the general case where people would
have one instance of Exim which handles both incoming and outgoing

We would not want the greylister to be invoked for outgoing mail.

I could put a whitelist rule in the greylist database.  But looking
around at the Exim 4 ACLs suggests that we might get a smoother and
more self-configuring solution by doing it in the Exim 4 ACLs.

So we need to have the rule run only if it is an "outside" host.

If we negate the greylist condition condition, we can turn the
"require" into "deny".

We can then put in a prior condition to make the rule only run if the
calling host is an "outside" host.  We can do that by testing the
calling host against the host list "relay_from_hosts".  These hosts
will be ones that we basically trust.  This should give us a sensible
default configuration.

So that gives us this:

  deny  !hosts     = +relay_from_hosts
        !condition = ${run{ \
          /usr/local/lib/bagley/bagley \
            $sender_host_address \
            "${sg{$sender_address}{([\\\\"])}{\\\\\$1}}" \
            "${sg{${quote_local_part:$local_part}@$domain}{([\\\\"])}{\\\\\$1}}" \
I have tried it out and it seems to work.


More information about the Greylist-users mailing list