Re: [Exim] exim-colo-01.whoc.theplanet.co.uk

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: gARetH baBB
CC: exim-users
Subject: Re: [Exim] exim-colo-01.whoc.theplanet.co.uk
On Mon, 2004-01-26 at 11:01, gARetH baBB wrote:
> On Mon, 26 Jan 2004, Nigel Metheringham wrote:
>
> > I added delays on some operations for DNSBLed addresses - however this
> > is impacting callbacks for people listed on the DNSBLs, although on the
> > upside from my point of view is that there was only one spam message in
> > the moderation queue for the weekend (normal haul is closer to 40).
>
> I'd love to know what DNSBLs you're using ... or perhaps I don't.


SORBS and Spamhaus.

I have reorganised things again today. This setup should cause fewer
problems to non-spammers, hopefully it will retain the rather
substantial reduction of spam attempting to hit the lists which was
getting too substantial to manually check.

Main changes from previous configs:-
      * Small (5s) initial delay on connect/helo for people on any of
        the SORBS lists.  This is intended to slightly inconvenience
        spammers, but also upset tools intended to pump and dump because
        if you just push data into the session here you hit the SMTP
        synchronization checking and get dumped.
      * Removal of RFC1413 checks on connect - we didn't ever use the
        data, and the 10 second timeout was impacting some people behind
        firewalls that dropped the check packets badly.
      * Better checking on HELO - we drop connections where people feed
        us our own IP address or name.
      * List address routers no longer verify if empty sender address is
        given.  There are no valid circumstances where a bounce should
        go to exim-users@??? so this is valid.  This makes it safer
        to fast track other rules intended to allow callback checks from
        other hosts.
      * Drop of messages to non-postmaster from people in the
        sbl-xbl.spamhaus.org DNSBL
      * Required callback verification of senders
      * Short delay and warning for those on any SORBS lists *if* the
        sender is <>
      * Long delay and warning for non <> senders that are on a SORBS
        DNSBL host.


The thing that seemed to be causing real problems for several people was
an increased early delay (now cranked down) combined with them
firewalling (dropping, not rejecting) RFC1413 checks.

    Nigel.


--
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]