Hi again,
I appreciate everyones' help with my last question, which I
interpreted as "the ISP is not RFC compliant, but here's a way around
their ignorance". This time around I again seek expert advice about
reading and understanding what Exim is telling me.
I would like to say that with callback in place, a great deal of spam
my users were getting is no longer seen in their Inbox. Out of 22634
messages received a day, 6970 (30%) are rejected outright, and about
0.8% of the total are being delayed. I now begin tracking down the
reasons why some still slips through, and will decide if there is need
to install either a blacklist, or a self-maintaining whitelist (TMDA).
Here are some lines I am concerned with from eximstats:
Top 7 sending hosts by message count
-------------------------------------
5426 34248603 local
495 732000 (ronald.free4all.com)
423 583836 (offer888.com)
404 597530 (rachel.free4all.com)
184 1701322 (hispeedmailer.com)
183 701221 isp-lists.sparklist.com
163 2422516 om32.yourmailsource.com
I'm sorry if I missed this in the documentation or the FAQ, but I'm
questioning the meaning of the parenthesis. It looks like these hosts
fail the gethostbyip() system call, but I was under the impression
that Exim will refuse mail coming from these machines.
Let me begin with <*.free4all.com>. There is a ridiculous amount of
bounce messages coming to/from this domain. It almost makes me
believe it is a DOS of some sort. I'm not exactly sure what is
happening, so I ran Exim in debugging level 2 for a short period of
time. This is the basic pattern without debugging:
2002-06-18 10:13:14 17KJjO-0000dA-00 <=
bounce-35707122-1@??? H=(ronald.free4all.com)
[193.110.136.21] P=smtp S=1500
2002-06-18 10:13:15 17KJjO-0000dA-00 Error message sent to
bounce-35707122-1@???
2002-06-18 10:13:16 17KJjP-0000dR-00 =>
bounce-35707122-1@??? R=lookuphost T=remote_smtp
H=ronald.free4all.com [193.110.136.21]
[...]
The debugging output is attached. I would rather not add this domain to
host_reject (I cannot say that all of my clients don't want to hear about
viagra alternatives), but I would really like these bounces to cease;
any suggestions are most welcome.
thanks,
hank
