Autor: Fernando Sanchez Data: A: Andreas J Mueller CC: exim-users Assumpte: Re: [Exim] Dealiang with broken MTAs
Hi Andy,
<snip> >
> Unfortunately, yes. You have to notify someout about the
> misconfiguration. You could tell the people who are complaining about
> not getting mail through to you to notify their admin. Another idea
> is mailing the technical contact for the domain (available from WHOIS). I thought so :) >
>
>>does the /etc/exim/smart_routes in this case just contain the domains I
>>don't want to make a callout? I think I could try to get a small list
>>just for those which I get complains about. Thanks
>
>
> In my case it actually contains also the smart routes for the domains,
> but for you, simple domain names or patterns will do, e.g., *.ac.uk to
> disable callouts to every academic institution in the UK. Be aware
> that some domains don't like callouts at all, and will block your
> server if you make too many of them, especially to invalid addresses
> (which will look like a dictionary attack to the remote admins).
Ok, I'm gonna try that >
>
>>I was thinking on something like that, and I'm right now checking
>>spamassassin. could that just repleace the callout verify? or should
>>they both work together? I'm not yet familiar with this kind of spamware
>
>
> Callouts have been "invented" to ensure that your mailer daemon is
> able to return an error message to the sender, should anything go
> wrong. They will not only discover invalid addresses, but also some
> kinds of misconfiguration of the remote MTAs (as in your case).
>
> Spamassasin is a real spam filter. The drawback is that, in order to
> use SA, you will have to receive the message first, then deal with it.
> Callouts OTOH will reject the mail *before* it enters your server. I
> currently prefer the latter, even if it sometimes bounces legit mail.
I'll start testing it as an extra element for privacy
>
> Andy