On Sat, 31 Aug 2002, William Craven wrote:
> I have been noticing lately that a lot of messages in our queue have
> been frozen because Exim is sending bounce messages to non existant
> senders (eg forged senders with correct domains - for example
> bogus@???).
Indeed, this seems to be a popular hobby.
> What I would like to to is reduce the amount of bounce messages by
> verifying that the recipient address is valid on our system before
> accepting the message.
Take care that you don't simply hand the spammers an address-checking
facility for laundering their dirty lists.
> I have read the ACLs section in the manual and I
> am uncertain as to which ACL block to use and what ACL.
What is your situation? - are you the final MTA delivering to these
users, in which case [*examples only, loosely based on own settings*]
deny !verify = recipient
message = whatever you want to tell
is what our configuration says; or are you acting as a relay for other
final-delivery domains, in which case something like
deny domains = what.ever
!verify = recipient/callout
message = whatever you want to tell
could be the ticket - Of course the latter only works if the
final-delivery MTA responds usefully to such a callout.
However, I would recommend other measures first, such as IP and
envelope-sender blacklisting, to reduce the number of imposters to
whom you hand-out this kind of information, which they can use as
cleanup measures for their spamming lists.
The other increasingly-popular move seems to be to counterfeit either
some other valid local address, or even the address of the intended
local recipient, as envelope-sender. This is a real drag, since
bouncing these messages puts them straight into the hands of the
victims: but trying to block local envelope-senders on inbound mail
results in all kinds of unfortunate anomalies.
good luck
