On 23 September 2002, Toralf Lund said:
> I have noticed that a large proportion of all the spam messages we are
> getting have an invalid sender address, so I've considered enabling the
> sender address verification of Exim. It does, however, seem a bit drastic
> to plainly reject all messages that can't be verified. Also, the
> alternative of adding failure messages to the log files doesn't seem to
> helpful. Is some other kind of verification failure notification, like
> updated headers, available?
Since you haven't specified which version of Exim you're using, I'll
assume Exim 4. You can do exactly what you want with a "warn" ACL,
something like this:
acl_smtp_rcpt = check_rcpt
[...]
check_rcpt:
warn message = X-warning: sender verify failed
!verify = sender
Eventually you'll notice that some spam has a valid envelope sender, but
no valid sender addresses in the header. You can handle that in the
DATA ACL something like this:
acl_smtp_data = check_data
[...]
check_data:
warn message = X-warning: no valid sender address in headers
!senders = :
!verify = header_sender
The "!senders = :" means to skip this warning for empty envelope
senders: lots of misconfigured MTAs do something like this:
MAIL FROM:<>
RCPT TO:<you@???>
DATA
From: postmaster@???
[...]
where, you guessed it, mta324.stupid.com does not resolve. Depending on
how valuable you think DSNs are, and how much you want to accomodate
stupid MTAs, you might want to turn off header sender verification for
these messages.
Greg
--
Greg Ward <gward@???> http://www.gerg.ca/
I hope something GOOD came in the mail today so I have a REASON to live!!
