Re: [Exim] How do I filter spam earlier in the delivery?

Top Page
Delete this message
Reply to this message
Author: Greg Ward
Date:  
To: Malcolm Ferguson
CC: exim-users
Subject: Re: [Exim] How do I filter spam earlier in the delivery?
On 26 November 2001, Malcolm Ferguson said:
> I've tried to implement a system anti-spam filter. For example, I fail
> messages with the header field X-YahooFilteredBulk. However, it seems
> to me that this just moves my spam problem from my inbox to my message
> queue (now I get lots of error messages frozen due to incorrect return
> addresses). I could just silently dump the message, but I would prefer
> to send some kind of failure feedback.


Look at the sender_verify option to avoid those frozen bounces. That
prevents messages with a fictitious sender domain from ever getting into
your system. It doesn't keep out spammer999@???, but that's OK:
your rejection message will be (in SMTP)
mail from:<>
rcpt to:<spammer999@???>
so hotmail.com should just drop the rejection on the floor. You don't
bounce bounces.

> It seems to me that the system filter is applied after Exim has accepted
> a message for delivery. This seems too late in the process - I don't
> want to take responsibility for these messages. I would much rather
> return 550 (or whatever the code is) to the client MTA instead of 220
> and not accept the message at all, and make them deal with error. Is
> there anyway of filtering at this earlier stage?


Unfortunately, Exim 3 doesn't have this capability, so you can't filter
based on headers or body content at SMTP-time. However, it's really
easy to have a local sender address blacklist. Here's what I have in
exim.conf:

# Manual spam-blocking: any address matching a patten listed in
# /etc/exim/spammers is blocked from sending mail to us.
sender_reject = /etc/exim/spammers

/etc/exim/spammers is this:

# See section 7.16 of the Exim spec for rules on the patterns
# in this file.
chris@???
chris@???
chris@???
sales@???
trafficmagnet.net
powerhiring.com
spfuser@???
megawebservers.com
^FreeEmailSoftware\d*@yahoo\.com
unlimitedftp.com
chinatungsten.com
seekercenter.net
Ted_De_La_Rosa@???

Every time somebody pi**es me off, I put either their address or their
whole domain in this blacklist. Works like a charm.

For sender verification, I do this:

# Reject mail with a bogus sender domain, but if the envelope sender
# is bogus, look in the headers for a valid sender domain before rejecting.
sender_verify
sender_verify_fixup
sender_verify_reject

RTFM to understand those options.

Together, these two seem to keep the spam to a dull roar. They don't do
anything for viral email though; if you're using just Exim, I think
you're stuck with accepting the message, scanning it, and rejecting it.
sender_verify will keep you from getting lots of frozen undeliverable
bounce messages, though.

        Greg
-- 
Greg Ward - software developer                gward@???
MEMS Exchange                            http://www.mems-exchange.org