Re: [Exim] Delay 220 greeting to reduce spam?

Pàgina inicial
Delete this message
Reply to this message
Autor: Tor Slettnes
Data:  
A: Mike Bacher
CC: exim-users
Assumpte: Re: [Exim] Delay 220 greeting to reduce spam?
On Jun 1, 2004, at 17:23, Mike Bacher wrote:
> Is there a way to make exim delay giving the initial 220 greeting for
> an
> arbitrary amount of time (say, 40 seconds or so)? The idea is that
> most
> spamware will give up after 30 seconds (most are quite impatient from
> what I've read) and move on to the next host. Others that have
> implemented it on their MTAs have seen good results with this method.


Beware that this will interfere with sites that do callout verification
(the timeout for which is 30 seconds by default). If you send a mail
to my machine, and my machine fails to verify
<isp-list@???> within 30 seconds, your message is
rejected.

That said, you can use "delay = 40s" in an "acl_smtp_connect" ACL.
Perhaps something like:

   acl_connect:
     # Immediately accept connections from our own hosts
     accept hosts = $interface_address : +relay_from_hosts


     # Stall hosts listed in various DNSbls for 20 seconds
     accept
       dnslists   = lists.dsbl.org : \
                    dnsbl.sorbs.net : \
                    dnsbl.njabl.org : \
                    bl.spamcop.net : \
                    dsn.rfc-ignorant.org : \
                    sbl-xbl.spamhaus.org : \
                    l1.spews.dnsbl.sorbs.net
       set acl_c0 = X-RBL-Warning: $sender_host_address is listed in
$dnslist_domain\
                    ${if def:dnslist_text { ($dnslist_text)}{}}
       delay      = 20s


     # Stall hosts for which a rDNS lookup fails
     accept
       !verify    = reverse_host_lookup
       set acl_c0 = X-Broken-Reverse-DNS: \
                    Reverse DNS lookup failed for host
$sender_host_address
       delay      = 20s


     # Accept other hosts
     accept



Later, you could use the presence of "$acl_c0" to stall the sender even
further, and/or add its contents to the message headers (e.g. in the
acl_smtp_mail ACL).

BTW, some of the DNSbls above are quite overzealous, and using them to
block incoming mail may be a bit irresponsible. However, using them as
described here, to give a "degraded" service to listed hosts, may well
be worth the effort.

-tor