At 12:19 am +0200 2004/06/05, ¸ukasz Grochal wrote:
>The method mentioned in subject has recently been proposed in a
>Polish anti-spam usenet group as an alternative to just rejecting spam
>if sender's IP is listed in some RBL. As it can be easily implemented
>in Exim, I'm attaching a proof of concept implementation (based on
>RBLs and their weights used by SpamAssassin). Hope someone will find
>this useful. And I hope I haven't just reinvented the wheel ;>
well, you have... many of us are already now
using acl variables to build a score from many
criteria, including RBLs. In my setup not even
failed sender callouts alone can reject (except
for those local users with a low score threshold)!
A few observations on your "wheel"
>acl_smtp_mail = check_mail
>acl_smtp_rcpt = check_recipient
>
>[...]
>
>check_mail:
> # RCVD_IN_BL_SPAMCOP_NET
> warn dnslists = bl.spamcop.net
> set acl_m0 = ${eval:$acl_m0+15}
these checks should all be done at the RCPT
phase. In a normal setup (that is without fake
secondaries traps) we observe a ratio (unknown
recipient)/(spam to known recipient) around 3,
with your method you would waste all those RBL
lookups for messages that are going to be
rejected anyway.
In presence of a fake secondary trap I noticed
this ratio to drop to 1, but you would still
waste 50% of the RBL dns lookups.
> # RCVD_IN_BSP_OTHER
> warn dnslists = sa-other.bondedsender.org
> set acl_m0 = ${eval:$acl_m0-1}
I did not know of these bondedsender.org
"positive" RBLs. I do not think though that they
are of any use in a MAIL/RCPT check only, their
contribution to the score serves to counteract
content based filtering, I doubt I want them to
counteract RBL based scoring (and it is unlikely
they will even do!).
[...]
>check_recipient:
>[...]
>
> accept local_parts = postmaster
> domains = +local_domains
>
> deny message = Sender's IP listed in too many RBLs.
> condition = ${if >{$acl_m0}{70}{yes}{no}}
Also, you should build the response out of
$dnslist_domain and $dnslist_text and store it in
a variable, so that at rejection (if any) you can
give a detailed (multiline) reason. I use an
expression like:
set acl_m2 = $acl_m2 YOUR SERVER
ADDRESS $sender_host_address IS BLACKLISTED AT
$dnslist_domain\n$dnslist_text\n
Giuliano
--
H U M P H
|| |||
software
Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/