Re: [Exim] spam

Top Pagina
Delete this message
Reply to this message
Auteur: Dave C.
Datum:  
Aan: barry
CC: Kirill Miazine, exim-users
Onderwerp: Re: [Exim] spam
On Fri, 30 Nov 2001, barry wrote:

> On Fri, Nov 30, 2001 at 05:21:38PM +0100, Kirill Miazine mumbled:
> > * barry <bazza@???> [20011130 16:03]:
> > > all claiming to be from various, and non existant @bazza.com addresses, so
> > > all the addresses that the spams weren't reaching, were bouncing back, and
> > > hitting my box (fun). I managed some investigation and got a catchall rule as
> > > follows
> > > catchall:
> > > driver = smartuser
> > > new_address = test
> > > end
> > >
> > > where test is aliased to /dev/null, causing a bypass
> > Since addresses does not exist, wouldn't receiver_try_verify help you?
> > When a message comes to a nonexistent account it will be welcomed with
> > something like:
> > 550 Unknown local part blah in <blah@???>
> > This should also save you *a lot* of bandwith.
>
> unfortunately, no, since the emails are coming in from mailer daemons, a lot
> don't have valid from: lines, so the emails end up going to my local
> postmaster, and therefore to me, I put this in place to test it, and here's
> what mainlog showed for the first email


Its not the From: (either the header or the envelope) this is concerened
with, its the To: (the envelope, sepcifically.

If the server that has some message that was for some account on their
system that doesnt exist, and say they are from fakeperson@???,
then that server will connect to you and say:

HELO domainname
MAIL FROM: <>
RCPT TO: <fakeperson@???>

Using receiver_verify, could arrange your server so that it said
"550 No such user" after the RCPT TO command, and your server would then
never have to receive the message at all. You specifically want to
*disable* that catchall director, you only want to receive message that
are to valid recipients at your server, you dont want to receve mail
that is sent to somerandommadeupaddress@???, you want to reject
it.

>
> 2001-11-30 16:23:54 169qSA-0006qN-00 <= <> H=www.jewelermail.com
> (jewelermail.com) [216.68.114.25] P=esmtp S=2612
> id=10111300912.AA00249@???
> 2001-11-30 16:23:54 169qSA-0006qN-00 ** msi@???: unknown local-part
> "msi" in domain "bazza.com"
> 2001-11-30 16:23:54 169qSA-0006rX-00 <= <> R=169qSA-0006qN-00 U=mail P=local
> S=549
> 2001-11-30 16:23:54 169qSA-0006qN-00 Frozen (delivery error message)
> 2001-11-30 16:23:55 169qSA-0006rX-00 => |/home/bazza/bin/mailaudit.pl
> (bazza@???) <postmaster@???> D=userforward T=address_pipe
> 2001-11-30 16:23:55 169qSA-0006rX-00 Completed
>
> so the mail is reaching my queue and being frozen there, and postmaster
> notified, which is what was going on originally before I had done anything,
> mail coming in for users that don't exist, ending up at postmaster, killing
> box
>
>
>
>
>


--