[Exim] FAQ(4) Q/A5023 about ident

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: [Exim] FAQ(4) Q/A5023 about ident
Greetings,

the FAQ about ident is fine as far as it goes, but I have a couple of
suggestions. Which I thought I would put up for discussion first
before trying to draft a proposed change. Consequently, there's far
more detail in this mail than I would ever expect to find its way into
the FAQ - just to pre-empt any misunderstandings.

a) We've found it effective against two rather prevalent kinds of open
proxy (whether already blacklisted at the RBLs or not) to recognise
ident strings of "squid" and "CacheFlow Server" and reject mail from
them. Snippets such as this in the RCPT ACL do the trick:

deny condition = ${if eq{$sender_ident}{CacheFlow Server}{1}{0}}
message = Rejected - appears to be an unsecured proxy: $sender_ident

I think the likelihood that a genuine mail process would return
those specific ident strings would be vanishingly small, no?

b) When I first encountered exim's use of ident, it was set with a
timeout (rfc1413_query_timeout) of 30s, and I had the distinct
impression that the delay was causing some impatient spammers to give
up on the primary MX and go and hassle our backup MX, which wasn't
very nice; so I cut the timeout back, first to 10s and later to 7s,
which seems a reasonable compromise. The FAQ already hints at this
being a reasonable idea (though without suggesting any actual value),
so maybe that's sufficient; but I thought I'd mention it anyway and
see if folks thought it worth saying a bit more about it.

cheers