On Mon, 2004-01-26 at 11:01, gARetH baBB wrote:
> On Mon, 26 Jan 2004, Nigel Metheringham wrote:
>
> > I added delays on some operations for DNSBLed addresses - however this
> > is impacting callbacks for people listed on the DNSBLs, although on the
> > upside from my point of view is that there was only one spam message in
> > the moderation queue for the weekend (normal haul is closer to 40).
>
> I'd love to know what DNSBLs you're using ... or perhaps I don't.
SORBS and Spamhaus.
I have reorganised things again today. This setup should cause fewer
problems to non-spammers, hopefully it will retain the rather
substantial reduction of spam attempting to hit the lists which was
getting too substantial to manually check.
Main changes from previous configs:-
* Small (5s) initial delay on connect/helo for people on any of
the SORBS lists. This is intended to slightly inconvenience
spammers, but also upset tools intended to pump and dump because
if you just push data into the session here you hit the SMTP
synchronization checking and get dumped.
* Removal of RFC1413 checks on connect - we didn't ever use the
data, and the 10 second timeout was impacting some people behind
firewalls that dropped the check packets badly.
* Better checking on HELO - we drop connections where people feed
us our own IP address or name.
* List address routers no longer verify if empty sender address is
given. There are no valid circumstances where a bounce should
go to exim-users@??? so this is valid. This makes it safer
to fast track other rules intended to allow callback checks from
other hosts.
* Drop of messages to non-postmaster from people in the
sbl-xbl.spamhaus.org DNSBL
* Required callback verification of senders
* Short delay and warning for those on any SORBS lists *if* the
sender is <>
* Long delay and warning for non <> senders that are on a SORBS
DNSBL host.
The thing that seemed to be causing real problems for several people was
an increased early delay (now cranked down) combined with them
firewalling (dropping, not rejecting) RFC1413 checks.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
