Re: [Exim] Detecting open relays in Received path

Top Page
Delete this message
Reply to this message
Author: Tabor J. Wells
Date:  
To: Paul Makepeace
CC: exim-users
Subject: Re: [Exim] Detecting open relays in Received path
On Tue, Nov 30, 1999 at 10:36:29PM -0600,
Paul Makepeace <Paul.Makepeace@???> is thought to have said:

> Every single item of spam I receive through my pobox.com account has gone
> through a relay listed in ORBS (http://www.orbs.org/ ). So I like would to
> scan all hops for IPs that are in the ORBS database. This doesn't at first
> sight appear trivial--perhaps if exim had an ORBS lookup routine (along with
> its dbm file, aliasfile, etc) it would be quite simple?
>
> In the meantime, if Received: contains ".co.jp" or ".br" or ".es" seems to
> work quite well *sigh*.
>
> Thanks,
> Paul
>
> PS http://pobox.com do an excellent job and are very responsive to spam
> support queries. It's just their configuration only uses MAPS which seems to
> not have as larger or as responsive a database as ORBS.


Perhaps I'm not understanding the issue entirely. Why can't you just use
the RBL settings in exim? ORBS will list the exit points in multi-stage
relays. So you'll block things rather effectively when a server listed in
ORBS is not the server which makes the final connection to yours.

My personal preference is to use RSS (see http://www.mail-abuse.org) for
open-relay blocking as it only lists relays which are known to have been
used to propagate spam, and warn on ORBS. The false positive rate for ORBS
is alarmingly high for me. You'd be surprised at the number of significant
mail servers listed in ORBS.

Tabor

-- 
--------------------------------------------------------------------
Tabor J. Wells                                     twells@???
Fsck It!                 Just another victim of the ambient morality