RE: [Exim] Question about ORBS and the validity thereof

Top Page
Delete this message
Reply to this message
Author: G.E.Fowler
Date:  
To: Andromeda
CC: Exim
Subject: RE: [Exim] Question about ORBS and the validity thereof
On 27-Jul-99 Andromeda wrote:

> after looking at my rejectlog after implementing my 3.02 upgrade, I
> noticed a LOT of my new anti-spam measures kicking in on ORBS.
>
> While I don't condone spam, I noticed that a lot of the servers being
> rejected are open to the newest spam-relay hack (the one which was
> discussed a few weeks back), and obviously got listed.
>
> Is it harsh, or should I simply remove relays.orbs.org from my
> rbl_hosts list? While I want to keep as much spam as possible from
> reaching any of my recipients, their correspondence is now being
> influenced negatively by ORBS.


You could always knock yourself up a similar system to ours:

mail arrives
exim checks agains (various blacklist systems)
match: insert X-RBL-Warning header and freezes message
exim checks against text filter lists
match: freezes message

then...

a separate script (which we call stop_and_search) is run (by hand)
through the mailqueue looking for mail which is likely to be personal.
Obviously depending on privacy restrictions etc this may not be
possible in your environment.
If the mail is obviously spam, it gets deleted from the queue and the
sender address goes into a local db file. If it's obviously personal,
it gets thawed and the sender address goes into a different file.

every 15 mins, stop_and_search runs from cron - if it finds a message
which matches either the good or bad hosts in the databases it carries
out the associated action itself.

It might be a bit crude, but it saves us a lot of time!!

Graeme

--
Graeme Fowler
Network Officer, Infrastructure & Networks Group
Loughborough University Computing Services
+44 1509 228426