I am preparing a page for the spam info server, and ph10 says he'll include it
in the exim docs too. Any comments ?
Contents
* [1]Using exim to reduce SPAM email
+ [2]Rejecting invalid sender addresses
+ [3]Refusing to relay SPAM email
+ [4]Explicitly Blocking Specified Senders
+ [5]Stop your users from using false addresses
* [6]About this document ...
USING EXIM TO REDUCE SPAM EMAIL
Rejecting invalid sender addresses
It is fairly common practice for SPAMers to set the SMTP envelope
sender field to an invalid address. This causes problems if the
message subsequently fails in some way and tries to send back an error
report. The result is normally an extra item in postmaster's mailbox.
As such, exim should have sender address verification enabled. This is
achieved using
sender_verify
causing all sender addresses to be verified. If a soft verification
failures occurs (e.g. transient DNS error) a soft SMTP error is
generated, so the sender should retry later. If sender_try_verify is
used instead, soft verification failures are ignored, and the message
is accepted.
Any rejections will be reported in rejectlog.
Refusing to relay SPAM email
To reduce the load on their own machines, and to confuse people
tracing the SPAM, some people relay their traffic through some
innocent site. For simple leaf sites (not expecting to relay any SMTP
and not using MUAs which use SMTP), all relaying can be disabled using
sender_host_reject = *
Sites expecting to act as a relay _TO_ certain domains (e.g. which
have backup MX RRs for other domains) should _ALSO_ set relay_domains
to any domains for which you are willing to relay, as in
relay_domains = eng.cam.ac.uk
sender_host_reject = *
Sites expecting to as as a relay _FROM_ certain IP addresses (e.g.
client MUAs submit messages using SMTP) should _REPLACE_ the
sender_host_reject with a sender_net_accept_relay (or
sender_net_accept_relay) entry, e.g.
sender_net_accept_relay = 128.232.0.0/255.255.240.0
Explicitly Blocking Specified Senders
Having blocked SPAMers who use invalid sender addresses, attention has
to be turned to those using an (apparently) valid host sender address.
These can be found by noting which addresses repeatedly SPAM your
site, or by collecting a list from a [7]spam info site (or [8]mirror).
If there are a small number of addresses to be blocked, they can be
listed in the config file directly, as in
sender_reject = joe@???:other@???
If there is a large number of addresses, they can be stored in a file,
as in
sender_reject = dbm;/usr/exim/tables/sender_reject
Stop your users from using false addresses
To hide what they are doing, SPAMers frequently set the sender address
to point at a duff address. For sites using MUAs which submit email
over SMTP, you can avoid your users using an address other than a
valid address within your domain by restricting permitted sender
addresses.
sender_address_relay = cl.cam.ac.uk
