Jawaid Bazyar writes:
>
> On 13 May 1997, Neal Becker wrote:
>
> > I guess it had to happen. Now spam comes from "<>", making it
> > impossible to filter.
I am suprised Neal has only just started seeing these. We have had
them for 3+ months now.
> Is there a way to tell exim to apply at least a cursory validity check on
> the "MAIL FROM:" data?
Yes, of course: "sender_verify" and its variants - see the manual.
But this doesn't help much with <>, which is perfectly valid - see RFC 821.
> Better yet, with a list of ISO country codes the
> TLDs could be coded into exim and it could check that the rhs at least
> looked valid. None of this "great@???" type email address.
Why would you want to hard-code the country codes when the DNS is available?
There has been talk of having options to check header fields (From:, To:, ...)
for valid addresses, but at the moment that can only be done at the level
of the system filter file (i.e. after accepting the message, before delivery)
or later. One problem with doing this during the SMTP transaction is that one
cannot see the headers until the DATA phase, and as Philip has pointed out on
several occasions, there are MTAs out there that just won't believe a 5xx
error at end of DATA, and always retransmit.
Our policy is to block hosts that transmit spam with null sender by using
sender_host_reject_recipients or sender_net_reject_recipients, if possible.
Chris Thompson Cambridge University Computing Service,
Email: cet1@??? New Museums Site, Cambridge CB2 3QG,
Phone: +44 1223 334715 United Kingdom.
