On Wed, 18 Feb 2004, Tim Jackson wrote:
> Hi Alexander, on Wed, 18 Feb 2004 15:54:00 +0200 you wrote:
>
> > 2004-02-17 18:33:56 H=(mywankers.com) [66.9.135.151]
> > F=<aburrell_ji@???> temporarily rejected RCPT <dm
> > ac@???>: Could not complete sender verify
> > I'm regulary getting the SPAM of this kind.
> > How can Exim be configured to generate 550 (permanent) instead of 451
> > (temporarily)?
>
> You really don't want to do that (and I'm not sure it's even possible).
> Exim will already permanently reject it if there is a permanent DNS error.
However, what is technically "temporary" could persist for months or
years.
> The situation above means there is a temporary DNS error. If you started
> permanently rejecting on the basis of temporary DNS errors, then there was
> a temporary DNS problem on your own system, or that of someone sending
> legitimate mail, you would end up permanently rejecting good mail.
Fair comment. What I've done is when I see such a long series of
temporary rejections, I apply certain plausibility checks, and decide
whether to declare the domain to be unreachable. I'll come back to
that in a moment.
By the way, this pattern of faked localpart, plausible.name_xy , has
persisted for a considerable time - that pattern is evidently churned
out by some kind of spamware, although I still don't know what it is.
On actual mails, that pattern of sender local part could well be
spam-ratable, if you're doing spam rating, although at our mailer,
such mails almost always get rejected at an earlier stage (blacklisted
IP, blacklisted HELO, etc.) or rejected on spam-rating without any
extra help.
On bounces, of course, the fake address is being presented by an
innocent (albeit misguided ;-) party, and there isn't a lot you can do
about it other than report it as invalid.
Anyhow, coming back to this "unreachable domains" idea. As I say, if
a long series of retries is noticed, with the responsible MTA failing
to respond for a prolonged period with what is technically a temporary
error, then we might put the offending domain into our "unreachable
domains" list, and the configuration uses that at two points: to check
the envelope-sender, and to check the "From:" header.
In the RCPT ACL:
deny sender_domains = partial-dbm;CONFIG_DIR/unreach_domains.db
message = We are currently unable to accept mail from \
$sender_address_domain\n\
because that mail domain is persistently unreachable or not\n\
responding properly, for reasons that are outside our control.\n\
[...etc...]
and in the DATA ACL:
deny hosts = ! +relay_hosts
message = We are currently unable to accept mail from \
$h_from: \n\
because that mail domain is persistently unreachable or not\n\
responding properly, for reasons that are outside our control.\n\
[...etc...]
condition = ${lookup {${domain:$h_from:}} \
partial-dbm{CONFIG_DIR/unreach_domains.db}{1}{0}}
(Yeah, I don't quite know why I'm so inconsistent about which order
the clauses appear.)
hope this helps
