Re: [Exim] blackhole router for http user

Pàgina inicial
Delete this message
Reply to this message
Autor: Arkadiusz Miskiewicz
Data:  
A: Suresh Ramasubramanian
CC: exim-users
Assumpte: Re: [Exim] blackhole router for http user
Suresh Ramasubramanian <mallet@???> writes:

> > Mine problem is that spam is going through my server via ...
> > php mail(). Unfortunately mail() in php is so bad that I can't
> > even check which php script was used to send mail :\
>
> That's there. So disabling mail in your php.ini should do the trick.

I can't do that. Customers need this.

> There are lots of secure mailers your users can use, if want them to have
> access to form <-> email scripts.

I don't know any of these secure mailers that can be set up
as php mail() replacement.

> > So I'm going to allow emails only when sender or recipient
> > domain of message is local.
>
> Which can be trivially forged, or the spammer might simply set (say)
> nobody@??? as the envelope sender.

Yes, I'm only making things a bit harder. Today this simple filter
catched and bounced (now I'm blackholing and bouncing some of these mails)
about 12 000 spam mails.

> Even without that, leaving mail() around is a major nuisance.

http://bugs.php.net/bug.php?id=19538

> If you do leave stuff like that around -
>
> * Have exim on that webserver throttled
> * Set up something like spamassasin to catch and trash outbound spam

spamassassin is on TODO list (well amavisd-new which can use spamassassin)
but anyway that's problematic thing since I can't blackhole customers mail
(which sometimes are wrongly recognized by spamassassin as spam).

> [outbound spam could be php_mail, or it could be a spammer who gets an
> account on your server, uploads a bulk mailer cgi / php script and a db
> with several million addresses...]

I'm waiting for php bug 19538 issue resolved and then everything will be
much easier for me.

> mallet@??? (Suresh Ramasubramanian)


Thanks for hints but I still don't know where I did syntax error
in that rule (see previous mail).

--
Arkadiusz Miśkiewicz   kloczek lubi być dyktatorem i dysortografem
arekm@???        AM2-6BONE, 1024/3DB19BBD, arekm(at)ircnet, PWr