Re: [Exim] Looking at Exim for anti-spam filtering

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Lorens Kockum
CC: exim-users
Subject: Re: [Exim] Looking at Exim for anti-spam filtering
On 1 Feb 2000, Lorens Kockum wrote:

> 2) per-domain, per-user, and per-alias incoming mail filtering on
> remote IP, MAIL FROM, RCPT TO, which would reject before DATA
> (hmmm... size and things like that in an ESMTP session would
> probably be good too, though I wouldn't have the use for it
> myself)


Exim can do that.

>
> 3) per-domain, per-user, and per-alias incoming mail filtering on
> message DATA, which would reject after the <CRLF>.<CRLF>


Exim cannot do that. All it can do is check the syntax of header lines
that contain addresses, and ensure that there is a valid sender in one
of them. It can only filter on message content at the start of a
delivery, i.e. after it has received the message.

> (Does
> this happen often enough for one to be able to expect X.Random
> MTA to handle it correctly?


It is certainly the case that some MTAs treat any error after CRLF.CRLF
as a temporary error. See various comments in the Exim manual.

> There might be a problem in that
> the only permitted error codes are for transaction error and
> storage exceeded, but well. I can uphold that storage space on
> my system is 0 for spam :-)) If multiple RCPT, then reject
> after DATA if all the RCPTs reject in the same way!
>
> Basically what I want is to be able to execute code after RCPT
> and after the message DATA, which would specify the action to be
> taken.


If you turn verification on, you can in effect "execute code" after
RCPT. Indeed, you could get a Perl script run via the embedded Perl
facility. Of course, the more you execute, the longer it holds down the
SMTP connection, which might matter on a busy system. However, there is
no facility for doing this after DATA.

>    At RCPT:

>
>       if the RCPT is postmaster or abuse, the RCPT is accepted.


recipients_reject_except = postmaster : abuse

>       if the originating IP is in the RBL or the DUL, the mail
>       is rejected with a permanent error.


Set approprite RBL options. The rejection is done by rejecting every
RCPT command.

>       if the RCPT matches a certain regexp A, and the MAIL FROM
>       matches another regexp, the RCPT TO is rejected with a
>       permanent error.


Set receiver_verify, and supply a suitable director (assuming we are
talking about a local domain) for verification only, that does the test.
Something like

xxx:
  driver = smartuser
  domains = the.dom.ain
  local_parts = ^regex
  senders = ^regex
  verify_only
  no_more
  new_address = :fail: I don't like you      


>       if the RCPT matches a certain regexp B, and the same SMTP
>       session has already made other RCPTs also matching B, the
>       RCPT TO is rejected, and all subsequent RCPTs and the DATA
>       are rejected.


Cannot do. Each recipient is treated independently. (Unless, I suppose,
you make a director call Perl and get it to create a file per process in
which it stuffs/reads data. But when do you delete the file? Far too
expensive and error-prone. I would not like to try it.)

>       if the RCPT matches a certain regexp C, and the same SMTP
>       session has already made other RCPTs matching a regexp D,
>       that RCPT TO is rejected with a temporary error.


Ditto.

>    After the <CR><LF>.<CR><LF> terminating the DATA:

>
>       For each RCPT, execute appropriate code.  


This cannot be done. It *can* be done as part of the delivery process,
after the message has been accepted.

> Is this feasible with Exim? With a bit of hacking maybe? Or
> just some of it?


Some of it.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.