Re: [Exim] Two issues relating to spam

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Phil Pennock
Fecha:  
A: Exim Users
Asunto: Re: [Exim] Two issues relating to spam
On 2002-03-12 at 20:49 -0500, Dave C. wrote:
> > Are there any major gotchas with having the smtp transport refuse to
> > open a connection to 0.0.0.0?
> >
>
> remote_smtp:
> driver=smtp
> ..
> ignore_target_hosts=0.0.0.0/32:127.0.0.0/8:10.0.0.0/8:192.168.0.0/16
> ..


Thanks. I'll assume that's a "no" then. :^)

> Perhaps a better question might be - why is your host trying to deliver
> mail to these hosts? What domain's MX record points there? Maybe you
> just want to reject all mail reciepients in that/those domain(s).
>
> These might be spamtraps - if your users are trying to send mail to
> them, then perhaps your users are trying to send spam?


As stated at the top of my email, I was cleaning up the damage from some
customers who were running open relays. Those customers had already
been entered into a lookup file of barred netblocks, as /32s, manually.
That file is maintained regularly. This used to be enough. A few weeks
ago, spam volumes increased dramatically and its looking as though
manual maintenance is no longer feasible.

As stated in that second item, this cleaning was hindered by some Exim
processes having locked some of the messages which I was trying to
purge.

Hrm, perhaps a Router which comes first, applying to each of the
spam-traps which we're aware of, which catches the mails and pipes them
to a program (or just supplies the host address information to that
program); said file would notify our abuse department and automatically
enter the ip address as a key in a dbm, which dbm is then given as a
negated lookup to host_accept_relay. A couple of other tools could list
the entries in the dbm or remove entries; a reason could be the value
associated with the key.

Does this idea sound sensible to people, or am I missing something which
would make this cause even more problems?

Looks to me as though the workload is figuring out the right
router/director combination to pass the details to a pipe program,
writing the relevant filter (Perl is my Poison) to parse the data passed
to it, and two simple perl scripts as administrative utilities. And
documentation. Am I missing something here?
--
Make it idiot proof and someone will make a better idiot.