Re: Eximon - on large mailqueue

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
MPhilip Hazel, mensaje del <-
M 
Eliminar este mensaje
Responder a este mensaje
Autor: Mark Murray
Fecha:  
A: Philip Hazel
Cc: exim-users
Asunto: Re: Eximon - on large mailqueue
Philip Hazel wrote:
> On Mon, 1 Jul 1996, Mark Murray wrote:
>
> > Sure there is a lot of risk - this is a root/postmaster-only operation.
>
> I know. But postmasters are not all perfect. :-)

Ain't that the truth!

> I would rather, for such extreme cases, use a scheme where one script
> produces a list of messages to be killed so that a human could vet it
> before actually going ahead.

I could live with that...

> > We are suffering from a group of spammers called kOS, and they inject
> > LARGE (1000+) number of mail items into our (and others' machines) at
> > a time.
>
> Always from the same place? Can you not block that? Exim can also block
> on senders (see sender_reject).

Sort of. There is a spam-generating program, called "upyours" which
generates lies^h^h^h^hemail and spits it directly into port 25 of a
selected host. The messages are usually quite similar, with only
the IP address being correct info. (Thanks Exim!)

It seems that every spineless wannabe cracker has a copy of this, and
is running it, so the list of IPs is kinda dynamic.

> Also, have you realized that you can have a system filter file with
> Exim, which every message addressed to a local domain is passed through?
> If the rules available in the filter are powerful enough for you, you
> might be able to do things that way. Set up a first director something
> like
>
> systemfilter:
> driver = forwardfile;
> filter,
> file = /etc/system/mailfilter
>
> and make sure that you don't do any "significant" deliveries in the
> filter file for messages that are OK. Of course, this isn't helpful if
> the spam is addressed to non-local domains.

...which it usually isnt :-(. OTOH, we are keen to allow only the following:

IF the mail originates from "#include <internal-list>" THEN
permit delivery
ELSE IF destination is "#include <internal-list>"
permit delivery
ELSE
eat/bounce mail
ENDIF

IE disallow us from being used as a staging post, with the list of
allowable domains being created "on the fly" in some file. This rule
would apply to all mail, so it would have to be hellishly fast :-)

> > The only way to kill them now is with a creative "find/grep". It would be
> > nice if the MTA would cooperate :-)
>
> The MTA-writer is eager to be helpful... :-)

:-)
Nice, Nice MTA-Writer!

M
--
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200
Finger mark@??? for PGP key


Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Re: Eximon - on large mailqueueEnhancements->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)