RE: [Exim] IS it possible? An idea may be

Page principale
Supprimer ce message
Répondre à ce message
Auteur: David Markham
Date:  
À: 'Suresh Ramasubramanian', 'Dave C.'
CC: 'Exim User \(E-mail\)'
Sujet: RE: [Exim] IS it possible? An idea may be
Thanks for all the input. Some thing for me to look into.

-----Original Message-----
From: Suresh Ramasubramanian [mailto:mallet@efn.org]
Sent: 09 August 2002 10:51
To: dave.markham@???; 'Dave C.'
Cc: 'Exim User (E-mail)'
Subject: Re: [Exim] IS it possible? An idea may be


dave.markham@??? (David Markham) [Friday, August 09, 2002 5:50 PM]:

> We get Spam alot. Full stop. offering a freeisp people just dial up
> and then can send email through our outbound servers as they have a
> dial up ip address contained in host_accept_relay


Then at least force your Exim outbound machines to set or rewrite the sender
to his actual email address on your system. That won't stop spammers, but
it will stop header forgery and make your job easier.

> Some spammers do dictionary spamming at the same domain. Some mix
> domains. The harder ones seem to send to a few recipients at a time
> and change the from addresses, making it hard to spot in the queue.


As the body is likely to be substantially same, DCC outbound should help fix
this. Or spamassasin outbound if your volumes are low enough (I doubt if
it'd scale for decently sized outbound relays though)

> Now normally I would do a sender_verify to make sure they are in a
> list of domains we are isp for but the company wants users to be able
> to use their own domains so they can have their from addresses as
> joeblogs@???


Bugger. Didn't yer company hear about "TANSTAAFL"? Anyway DCC shouldn't
mind at all ...

And if you do allow random envelopes to be set, have some way of querying
your radius logs for the spammer on the fly, and dropping his session /
booting his account.

> I also have a system_filter in place and when I look at an actual
> mail and it is "buy this new thing from our wicked website" I add it
> with


System filter is crude, to match body patterns. Use spamassasin if you
really need to filter for specific strings. Or just use the DCC. And rate
limit your outbound mail relays heavily - that should make it a lot more
unattractive to spammers, while leaving it (barely) fit for normal use.

    -srs