On 26 November 2001, Malcolm Ferguson said:
> I've tried to implement a system anti-spam filter. For example, I fail
> messages with the header field X-YahooFilteredBulk. However, it seems
> to me that this just moves my spam problem from my inbox to my message
> queue (now I get lots of error messages frozen due to incorrect return
> addresses). I could just silently dump the message, but I would prefer
> to send some kind of failure feedback.
Look at the sender_verify option to avoid those frozen bounces. That
prevents messages with a fictitious sender domain from ever getting into
your system. It doesn't keep out spammer999@???, but that's OK:
your rejection message will be (in SMTP)
mail from:<>
rcpt to:<spammer999@???>
so hotmail.com should just drop the rejection on the floor. You don't
bounce bounces.
> It seems to me that the system filter is applied after Exim has accepted
> a message for delivery. This seems too late in the process - I don't
> want to take responsibility for these messages. I would much rather
> return 550 (or whatever the code is) to the client MTA instead of 220
> and not accept the message at all, and make them deal with error. Is
> there anyway of filtering at this earlier stage?
Unfortunately, Exim 3 doesn't have this capability, so you can't filter
based on headers or body content at SMTP-time. However, it's really
easy to have a local sender address blacklist. Here's what I have in
exim.conf:
# Manual spam-blocking: any address matching a patten listed in
# /etc/exim/spammers is blocked from sending mail to us.
sender_reject = /etc/exim/spammers
/etc/exim/spammers is this:
# See section 7.16 of the Exim spec for rules on the patterns
# in this file.
chris@???
chris@???
chris@???
sales@???
trafficmagnet.net
powerhiring.com
spfuser@???
megawebservers.com
^FreeEmailSoftware\d*@yahoo\.com
unlimited
ftp.com
chinatungsten.com
seekercenter.net
Ted_De_La_Rosa@???
Every time somebody pi**es me off, I put either their address or their
whole domain in this blacklist. Works like a charm.
For sender verification, I do this:
# Reject mail with a bogus sender domain, but if the envelope sender
# is bogus, look in the headers for a valid sender domain before rejecting.
sender_verify
sender_verify_fixup
sender_verify_reject
RTFM to understand those options.
Together, these two seem to keep the spam to a dull roar. They don't do
anything for viral email though; if you're using just Exim, I think
you're stuck with accepting the message, scanning it, and rejecting it.
sender_verify will keep you from getting lots of frozen undeliverable
bounce messages, though.
Greg
--
Greg Ward - software developer gward@???
MEMS Exchange http://www.mems-exchange.org
