Re: [Exim] RBL protection

Top Page
Delete this message
Reply to this message
Author: Sean Rima
Date:  
To: Raphael Berghmans
CC: 'exim-users@exim.org'
Subject: Re: [Exim] RBL protection
On Wed, 13 Mar 2002, Raphael Berghmans outgrape:

>> >> I would like to check every IP address or domain name containing in a
>> >> mail (enveloppe, header and body) , and reject or drop the mail if at
>> >> least one IP address or domain name is found in a RBL ?
>> >
>> > RTFM. Check the index for "RBL" and I bet you'll find something.
>> >
>> > BTW, you forgot to mention which version of Exim you're using.
>>
>> I may be wrong ( and usualy am) but doesn't RBL checks only do the
>> incoming IP and not the IPs listed in the headers of an email. If you
>> can get Exim to check all IPs then I will switch it on :)
>
> That's right !
>
> Since two weeks somebodies send to an 'non-existent user@??? or
> @hotmail.com' with as FROM address a non-existent user@ourdomain. And we
> receive a bounce for non-existent user, this bounce is fozen because the
> destination doesn't exist.
>
> But, in the body of the bounce, there is the full header of the original
> mail. And this orignial mail has been sent via an openrelay server !! Then by
> checking the complete message, the first mailserver (know as openrelay) could
> be checked and the mail will be rejected or even dropped!
>


Ouch, I am testng a perl script that is only supposed to check the
actual headers, stopping at the blank line, This is one of the things
that I am checking for. I am in the middle of a set of receipes for
Maildrop and to date, using Razor and the receipes, I am catching around
80% of spam with one or two false hits, but I am working on those.

Sean
- --
                            ,,,
                           (o o)
- -=-=-=-=-=-=-=-=-=-=-=-oOOo-(_)-oOOo-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Offering feeds for Fidonet, Adventurenet, and many other nets
              See http://www.tcob1.net for more details
 ICQ: 679813  Linux User: 231986  TCOB1 BBS: 095 43852 Yahoo: tcob_1
                     Jabber: tcobone@???