Re: [Exim] blocking fake yahoo and hotmail

Pàgina inicial
Delete this message
Reply to this message
Autor: Giuliano Gavazzi
Data:  
A: Rossz Vamos-Wentworth, exim-users
Assumpte: Re: [Exim] blocking fake yahoo and hotmail
At 11:07 pm -0800 2003/11/20, Rossz Vamos-Wentworth wrote:
>A friend wrote these two rules for addition to the rcpt acl. They
>seem to work rather well. A good portion of spam says it is from
>yahoo or hotmail, so these rules keep them out.
>
>drop   message   = Faked yahoo, so you must be spam.
>    log_message   = Fake yahoo
>            senders   = *@yahoo.com
>          condition   = ${if match
>{$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}

>
>drop   message   = Faked hotmail, so you must be spam.
>    log_message   = Fake hotmail
>            senders   = *@hotmail.com
>          condition   = ${if match
>{$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}


one of the many recurring arguments (no, not just topics) in this list...

Problems:

1) drop is unnecessary at RCPT, and some MTA will not react to well to it.

2) more importantly, one can set his return address to a valid
yahoo/hotmail address but use his own ISP SMTP server to send mail.
You would reject these messages. This is not too common, but how
uncommon is it?
A safer approach is, independently from the sender domain, check the
HELO argument, if it contains (yahoo|hotmail)\.com check the reverse
DNS, if the reverse does not contain the same string, defer it. Use
defer and not deny, because the DNS might be wrong sometimes, and
give an answer which is not correct instead of giving an error, which
would cause a defer anyway.

Giuliano