Exim Configuration
November 11th, 2007 by bacsHere is a snippet of config for use with Exim4:
warn dnslists = country.georbl.info=127.0.0.2 log_message = X-Country: $dnslist_text add_header = X-Country: $dnslist_text
Exim stores the contents of the TXT record in $dnslist_text
. Here we are logging this information, and adding a header to the email indicating which country the sending MTA was located in.
We are also restricting our matches to 127.0.0.2, which is the result returned by georbl for a successful match. If there is no match, or the server times out, Exim will log a warning and continue without further action. This behavior can be modified by adding +defer_unknown to the ACL:
warn dnslists = +defer_unknown : country.georbl.info=127.0.0.2 log_message = X-Country: $dnslist_text add_header = X-Country: $dnslist_text
This will return a temporary error to the sending MTA, asking them to try again soon.
So far we’ve taken no action based on the information returned. If we are later processing the email with a program like procmail or spamassassin, this may be all we need to do at SMTP time. However, we can whitelist or blacklist based on country or take any other MTA action we wish.
Whitelist GB emails - our clients mostly receive email from the UK, so we want to exempt GB emails from our tighter spam controls:
accept dnslists = +defer_unknown : country.georbl.info=127.0.0.2 log_message = X-Country: $dnslist_text add_header = X-Country: $dnslist_text condition = ${if eq {$dnslist_text}{"GB"}{yes}{no}}
or:
deny dnslists = country.georbl.info=127.0.0.2 message = "nasty hobbitses!" condition = ${if eq {$dnslist_text}{"NZ"}{yes}{no}}
Single Country Lookups
Each country is available as a separate dnsbl, so if you are only interested in a single country, or are unable to inspect the value of the TXT record with the software you use, this may be what you need. To whitelist Germany, we could use an acl like this:
accept dnslists = de.country.georbl.info=127.0.0.2 add_header = X-Country: DE