Author: Tim Jackson Date: To: exim-users Subject: Re: [Exim] callbacks and <>
Hi Bruce, on Tue, 09 Dec 2003 12:28:22 -0500 you wrote:
> Some of our commercial clients are fussing about what they consider
> false positives on our spam control system. We have determined that
> most of this comes from sites running IPSWITCH's IMAIL product. This
> has a configuration option to reject mail from <>. <snip> > So yesterday morning I turned sender_verify off. That action permitted
> about 2000 additional mails into our system in the last 24 hours
Two suggestions:
1. You use the fact that there was so much additional spam after turning
it off as a factual argument to your clients (and their contacts who have
broken mailers) to justify your reasons for not accepting mail from
domains that refuse null senders.
I know your trouble - non-technical people aren't really interested in the
complexities of e-mail handling and want it to "just work". So the trick,
where you're in the right (assuming that doing callouts is "in the right"
- I know some people consider this wrong, and I don't do it myself,
although in this case we're talking about people who refuse MAIL FROM:<>
so how you determine it is largely irrelevant as long as your reason for
rejection is "you refuse MAIL FROM:<>", not "you refuse callouts") is to
use the simplistic but understandable argument "well, look at all the mail
you *do* get - clearly our systems are working". The inevitable response
will be "but our contacts can mail 'everyone' else", to which you can say
"they may not have problems with some other people, but as a consequence
the other people get more spam. Now, either we stop the spam and this
means that your friends need to correct their malfunctioning mailservers,
or we accept malfunctioning mailservers and you get more spam. If you opt
for the latter, I suggest you ask your friends why they are forcing you to
receive extra spam just because they (or their IT suppliers) are
incompetent and cannot set up their mailserver correctly"
2. You take the easy route, and disable sender verification for selected
senders and/or recipients. You can do this by jiggling the 'verify =
sender' ACL rule and adding some conditions. This is a pretty good
compromise by most accounts, except for the fact that the senders get away
with having broken mailservers for that bit longer, until the increasing
amount of problems they (will) have forces them to do something about it.