I'd prefer to have the banner as just the intial welcome message, such as
the server and other little tidbits - and once in a while maybe a brief
warning about something or other if required.
The reason I want the warnings in-line with the commands is so that it makes
more sense if someone is doing a telnet connection for testing/debugging
purposes (will happen quite a bit as other support technicians around the
world may be helping clients figure out a problem they're having trying to
send email to one of my servers). Plus, it would just look nice and help
keep my config file nice and easy.
I didn't really want to deny at helo time, since apparently denying a
connection based on their helo message is not RFC compliant (plus when
Outlook clients and such send email, they always helo with the hostname of
the system sending - so for me, that's just "eli"... I'd have tons of angry
customers if I denied on illegal helos). I thought just spitting out a
little:
250-Your greeting was not RFC2821 compliant
Just before the "250 OK" reply - and then a delay after the warning message.
It would be perfectly legal, and normal clients and such wouldn't see it
(trying to tell a client not to use Outlook is harder than taking candy from
a baby). Now since I can't really determine spammer from client at this
stage, I just wanted to give a visual warning, and then when they try to
send email and haven't authenticated, I can delay them at that time.
I've checked out sa_exim, but I didn't really want to use it since it seems
to be a bit too tedious for large systems (how it saves spam as files to be
inspected later, etc...). I've been checking out various other plugins
though, but so far I've just got my setup configured to call SA as a
transport/router combo. Also, the thought of tar-pitting connections is a
good one, however in a very busy environment, it would cause more harm than
good as it would make spammers tie up your available connections. If the
server is really active, this means that you probably receive quite a bit of
spam. It would take just a few spammers to completely tie up your server
simply because you're tar-pitting before accepting the message. I'd rather
just slightly stall the spammer (or not stall at all) and accept the spam
and let the user decide if they want it or not (of course filtered by SA and
sent as an attachment so the user never has to actually open the message to
see if its worth something).
I know this all seems pretty up-tight, but I have an excuse - I'm a
perfectionist :(
Eli.
-----Original Message-----
From: exim-users-admin@??? [
mailto:exim-users-admin@exim.org] On Behalf
Of Kevin Reed
Sent: Monday, December 22, 2003 7:47 PM
To: exim-users@???
Subject: Re: [Exim] Unable to send additional 250 lines at EHLO/HELO time
(via HELO ACL)
To warn, you can change the smtp_banner itself maybe??
smtp_banner = $primary_hostname ESMTP Generic MTA $tod_full \n \
WARNING. Hosts that do not provide proper HELO/EHLO will not be accepted...
And if they fail the test, in the RCPT ACL, you can give another message
of what it was denied and drop the connection. Add delays etc...
Attempting a deny at the HELO stage in my experience has not worked... you
normally can get a good result at the RCPT ACL stage though.
Eli said:
> I am trying to implement an ACL that will warn clients/servers that do
> not specify a proper EHLO/HELO greeting of such and impose a time delay
> (because they're probably spammer programs).
You can use either Delay or SA_exim has a better one available too.
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim
details at
http://www.exim.org/ ##
---
[This E-mail scanned for viruses]
---
[This E-mail scanned for viruses]
