[exim] Open Relay testing in Exim (Re: greylistd)

Top Page
Delete this message
Reply to this message
Author: Tor Slettnes
Date:  
To: Daniel Webb
CC: Exim User's Mailing List
Subject: [exim] Open Relay testing in Exim (Re: greylistd)

On Sep 5, 2004, at 21:32, Daniel Webb wrote:

> Thanks again for your greylisting implimentation, it's working great!
>
> I got my first spam of the day today (yeah, from 20-30 to 1-2 a day!)
> and
> was checking it out to see what is different about it. I checked the
> sending server, and sure enough it appears to be an open relay
> (67.108.104.165) and of course it's a Microsoft server. This got me to
> thinking: assuming a lot of the spam that's getting through to me is
> through recently discovered open mail relays, the blacklists won't have
> them yet. In this case, is there some way to probe each server that
> attempts to send me mail and refuse mail from them if they are an open
> relay?
>
> This seems to be what I'm thinking of for Postfix:
> http://www.zonque.org/projects/grinch/
>
> Does this sound like a productive way to finish off the last 10% of
> spams
> which are coming through newly discovered open relays, or would it be
> more
> effective for me to set up DNS-based blocking or SpamAssasin?
>
> It's pretty much academic for me, since 2/day isn't exactly a burden,
> I'm
> just curious.



Hairy! :-)

I suppose what you want to do is something similar to "Sender
Verification Callout", only instead of asking the MX for the sender's
domain, you are asking the actual machine that delivered the mail to
you; and instead of trying to validate the sender's address, you could
validate e.g. your own...

I'm afraid that in the case of Exim, this will be fairly complex,
unless you are willing to modify the Exim source code itself. (Perhaps
to add more options to the "verify=sender/callout" feature, e.g.
"addr=test.address", and "host=senders.ip.address").

As of now, this would probably involve launching an external program
(perhaps Exim itself) in a "${run...}" expansion to do the callback.

Do you subscribe to the "exim-users" mailing list? Phil Hazel, the
author/maintainer, hangs out there; he just loves it when people make
"esoteric" feature requests like this.. ;-)

-tor