Re: [Exim] spam delay trick and smtp_accept_count patch.

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] spam delay trick and smtp_accept_count patch.
On Mon, 2 Feb 2004, Martin Evans wrote:

> > warn set acl_m2 = $tod_epoch
> >
> > and then, when I decide that I'm going to try the timeout trick, I
> > compute the residual time
> >
> >               set acl_m2 = ${eval:XX+$acl_m2-$tod_epoch}

> >
> > where XX is the desired delay in seconds. If the result is positive,
> > then the delay is started. Usually the adjustment, compared to the
> > fixed delay, is only a couple of seconds, but occasionally the
> > adjustment is as much as 10-20 seconds.


[...]

> Thats very precise. However, I dont think the absolute value of the
> timeout matters too much just as long as it is less that 5 mins.


I'm sure you're right, and that the extra complication was more
for my own amusement than any functional necessity. But it _does_
illustrate what can be done in an ACL with very little extra "coding".

> > - unqualified HELO
> > - HELO is one from a common list of fraudulent HELOs (such as
> > hotmail.com, compuserve.com, msn.com, yahoo.co.uk...) that doesn't
> > jive with the calling IP's PTR
> > - calling host name contains the substring dsl or dial(up|in|-|\.)


> do you delay all messages with the above properties


Yes...

But the selection of criteria is very flexible.

In fact, the RCPT ACL has a list of criteria for which we don't want
outright rejection, but we might want to try the delay and/or we might
want to "award" spam points.

For this, each stanza in this list can cut an extra header (which can
subsequently be spam-rated), and/or set the flag to cause a delay.
Here's an example:

          warn hosts = +rbl_hosts
               condition = ${if match{$sender_host_name}\
                       {\N(^|\W)(a?dsl|dial(up|in|\.|-))\N}{1}{0}}
               set acl_m3 = $acl_m3 hostname-dsl-or-dialup


As you see, the flag (initially null) is set by appending an
explanatory string to it. Other stanzas include "message" lines to
cut an extra header.

At the end of the stanzas, the flag is tested, and if non-null, the
delay is invoked, and a log message written to show which reasons had
been triggered.

The ACL can be tuned by adding or taking away this flag-setting line
at the end of each stanza. Or commenting it out entirely if it's
doing nothing useful ;)

> or just the RBLed ones?


We use RBL lookups (aside from what's shown above) it two ways: some
for outright rejection at RCPT time, and some for adding spam-rating
points at the spamassassin phase.

Hope that's useful. I don't claim there's one right recipe that would
suit everyone - that's why I'm only sketching out a few details of
what we currently came up with.

cheers