Re: [Exim] Dealiang with broken MTAs

Pàgina inicial
Delete this message
Reply to this message
Autor: Fernando Sanchez
Data:  
A: Andreas J Mueller
CC: exim-users
Assumpte: Re: [Exim] Dealiang with broken MTAs
Hi Andy,

<snip>
>>How can you deal with them?
>
>
> Tell them to fix their configuration. A good reason to do this is the
> fact that otherwise they will be unable to find out whether their
> emails are actually reaching the intended recipients. No error
> messages, no clue. ;-)


Do u mean sending a mail to the postmaster of all those domains which
don't accept the MAIL FRIM: <> line to get them configured?

>
> If that doesn't help, disable callouts for their domains. Yes, it
> makes you more vulnerable, but unless some spammer actually *uses*
> these domain names in forged addresses, you'll be ok. Below is a
> sample router you can use to disable callouts to certain domains (I
> use it in my smart routes, because it is pointless to do callouts
> against smart hosts, unless they are actually using callforwards for
> recipient verification):
>
> smart_verify:
> driver = accept
> domains = partial-lsearch*;/etc/exim/smart_routes
> verify_only

does the /etc/exim/smart_routes in this case just contain the domains I
don't want to make a callout? I think I could try to get a small list
just for those which I get complains about. Thanks
>
>
>>are there any other options I can use to filter invalid mails?
>
>
> You could keep a list of bad patterns that some spamware uses to forge
> addresses, and reject or defer mail based on that, e.g.,
> "^offer..@aol.com$". *If* you have time to maintain this list. Or use
> graylisting against a few domains that do not work well with callouts
> (yahoo.*, aol.com, lycos.*, tripod.*, ...).


I was thinking on something like that, and I'm right now checking
spamassassin. could that just repleace the callout verify? or should
they both work together? I'm not yet familiar with this kind of spamware

>
> Andy
>
>
>
>



Thanks,

--


Fernando Sanchez
Dpto. Sistemas USFQ