Re: [Exim] spam

Top Pagina
Delete this message
Reply to this message
Auteur: barry
Datum:  
Aan: Kirill Miazine
CC: exim-users
Onderwerp: Re: [Exim] spam
On Fri, Nov 30, 2001 at 05:21:38PM +0100, Kirill Miazine mumbled:
> * barry <bazza@???> [20011130 16:03]:
> > all claiming to be from various, and non existant @bazza.com addresses, so
> > all the addresses that the spams weren't reaching, were bouncing back, and
> > hitting my box (fun). I managed some investigation and got a catchall rule as
> > follows
> > catchall:
> > driver = smartuser
> > new_address = test
> > end
> >
> > where test is aliased to /dev/null, causing a bypass
> Since addresses does not exist, wouldn't receiver_try_verify help you?
> When a message comes to a nonexistent account it will be welcomed with
> something like:
> 550 Unknown local part blah in <blah@???>
> This should also save you *a lot* of bandwith.


unfortunately, no, since the emails are coming in from mailer daemons, a lot
don't have valid from: lines, so the emails end up going to my local
postmaster, and therefore to me, I put this in place to test it, and here's
what mainlog showed for the first email

2001-11-30 16:23:54 169qSA-0006qN-00 <= <> H=www.jewelermail.com
(jewelermail.com) [216.68.114.25] P=esmtp S=2612
id=10111300912.AA00249@???
2001-11-30 16:23:54 169qSA-0006qN-00 ** msi@???: unknown local-part
"msi" in domain "bazza.com"
2001-11-30 16:23:54 169qSA-0006rX-00 <= <> R=169qSA-0006qN-00 U=mail P=local
S=549
2001-11-30 16:23:54 169qSA-0006qN-00 Frozen (delivery error message)
2001-11-30 16:23:55 169qSA-0006rX-00 => |/home/bazza/bin/mailaudit.pl
(bazza@???) <postmaster@???> D=userforward T=address_pipe
2001-11-30 16:23:55 169qSA-0006rX-00 Completed

so the mail is reaching my queue and being frozen there, and postmaster
notified, which is what was going on originally before I had done anything,
mail coming in for users that don't exist, ending up at postmaster, killing
box




-- 
-Barry Hughes
Who wants to remember that escape-x-alt-control-left shift-b puts you into super-edit-debug-compile mode?
(Discussion in comp.os.linux.misc on the intuitiveness of commands, especially Emacs.)
                             http://bazza.com/