Autor: Alan J. Flavell Fecha: A: Exim users list Cc: Rossz Vamos-Wentworth Asunto: Re: [Exim] Yahoo Groups misconfigured?
On Sat, 15 Feb 2003, Rossz Vamos-Wentworth wrote:
[...] > Yesterday, one of the persons on the blacklist joined a yahoo
> groups mail list and his postings bounced (a good thing), except it
> looks like yahoo groups might be misconfigured.
I can't comment on yahoo groups specifically, but this general class
of problem isn't unknown to us...
> Over the course
> of the night there were approximately 150 blocked attempts to
> deliver mail list posts by this blacklisted person. I can't believe he
> stayed up all night posting, so I am guessing that yahoogroups is
> not properly handling 550 codes and just keeps attempting to send
> the same few messages.
That would seem pretty dumb. You _are_ doing this in the RCPT TO ACL,
aren't you? Then a 5xx at that point might be indicative of
non-existent user etc. etc. and in my experience is the most
efficacious place to reject - what actually appears in your rejection
log for these incidents? Do they all have the same message-id? Can
you try a manual presentation of such a message using exim -bh and
follow the diagnostics to see just what you would send to them?
> When I turned of the filter temporarily,
> the first one through showed a sent time of sometime yesterday
> (about when the first bounce message appeared in my log).
We really need to know more about the details, and whether they are
really the same message-id being presented repeatedly or perhaps some
error report attempting to report the previous rejection.
I can say there are some mailing lists I receive, whose behaviour is
slightly suboptimal: the mailing list will occasionally send me some
spam, our spamassassin will reject it, the mailing list will compose a
report to tell me that we refused an item off the mailing list, and
will include a complete copy of the spam, with the result that our
spamassassin rejects it again. After another round of this it tells
me that it's going to send a final probe and if we were to reject
that, it would unsubscribe me from the list. Fortunately, the probe
doesn't come with yet another copy of the spam, so it all ends happily
at that point. But it still seems rather a performance.
> Any thoughts on this? Or suggestions on a better way to handle the
> filtering?
5xx at RCPT TO time is the surest way I know to be rid of anything!
Deferring it to the DATA ACL would in my experience offer less chance
of success.
> I have considered just sending the messages to /dev/null,
Normally speaking that isn't considered acceptable policy for an MTA.
If it accepts the mail, it's in effect taking responsibility for best
efforts to deliver it - or to report its non-delivery back to the
envelope sender. (The latter is of course increasingly problematic
with spammer-counterfeited genuine-but-innocent envelope senders)
> but want the sender to know they are blacklisted.
Well, many mailing lists have owner-listname as their envelope sender,
not the address of the person who actually composed the mail. But
from what you are saying, it appears that you're dealing with the
latter situation.