Re: [Exim] more on RBL's

Góra strony
Delete this message
Reply to this message
Autor: Dennis Davis
Data:  
Dla: Exim-users
Temat: Re: [Exim] more on RBL's
>From: Nico Erfurth <masta@???>
>To: Ron McKeating <R.J.Mckeating@???>,
>    Exim-users <Exim-users@???>
>Subject: Re: [Exim] more on RBL's
>Date: Thu, 17 Apr 2003 11:19:58 +0200


...

>What really helped here, was the list from wirehub.nl
>deny   message = Host or address listed in \
>                    http://basic.wirehub.nl/spamlist.txt
>        senders = cdb;/etc/exim/spamlist.cdb:*@cdb;/etc/exim/spamlist.cdb

>
>It does a great job on catching new spammers.


I'll certainly agree with this. We're using it here to great
effect. But note that you can sometimes express thing a little
more succinctly than the way that Wirehub sets things up. These
lists were designed for sendmail and you can sometimes use exim's
knowledge of regular expressions to make things more concise.

For example we've recently seen spam with envelope senders of the
form:

rachel[0-9]*@yahoo.com

The wirehub list contains >4300 examples of the above form. All
given explicitly as:

rachel10009@???   REJECT
rachel10064@???   REJECT
rachel10089@???   REJECT
rachel1010@???    REJECT
rachel10112@???   REJECT
rachel1011@???    REJECT


...

A database with the entry:

yahoo.com : ^rachel\d+$

together with:

addresslist dodgy_senders = @@cdb*;/usr/exim/etc/rejectsendersbydomain.cdb

for use in an acl makes things a little more concise at the expense
of rejecting *all* addresses of the form rachel[0-9]*@yahoo.com.
Not that I'll loose much sleep over this...