Re: [Exim] Dealiang with broken MTAs

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Andreas J Mueller
Dátum:  
Címzett: Fernando Sanchez
CC: exim-users
Tárgy: Re: [Exim] Dealiang with broken MTAs
Hi Fernando!

> Do u mean sending a mail to the postmaster of all those domains which
> don't accept the MAIL FRIM: <> line to get them configured?


Unfortunately, yes. You have to notify someout about the
misconfiguration. You could tell the people who are complaining about
not getting mail through to you to notify their admin. Another idea
is mailing the technical contact for the domain (available from WHOIS).

> does the /etc/exim/smart_routes in this case just contain the domains I
> don't want to make a callout? I think I could try to get a small list
> just for those which I get complains about. Thanks


In my case it actually contains also the smart routes for the domains,
but for you, simple domain names or patterns will do, e.g., *.ac.uk to
disable callouts to every academic institution in the UK. Be aware
that some domains don't like callouts at all, and will block your
server if you make too many of them, especially to invalid addresses
(which will look like a dictionary attack to the remote admins).

> I was thinking on something like that, and I'm right now checking
> spamassassin. could that just repleace the callout verify? or should
> they both work together? I'm not yet familiar with this kind of spamware


Callouts have been "invented" to ensure that your mailer daemon is
able to return an error message to the sender, should anything go
wrong. They will not only discover invalid addresses, but also some
kinds of misconfiguration of the remote MTAs (as in your case).

Spamassasin is a real spam filter. The drawback is that, in order to
use SA, you will have to receive the message first, then deal with it.
Callouts OTOH will reject the mail *before* it enters your server. I
currently prefer the latter, even if it sometimes bounces legit mail.

Andy