Re: [exim] Anti SPAM Exim configuration

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Mark Hynes
CC: Exim users list
Subject: Re: [exim] Anti SPAM Exim configuration
On Wed, 15 Dec 2004, Mark Hynes wrote:
>
> It's very useful, but not always cheap and can be open to obvious
> misinterpretation - it's cheap until someone attempts a dictionary attack
> or similar against you from, say, aol.com addresses, you hit AOL with an
> equivalent attack of callouts which looks like the same sort of wrong-doing
> and your calling-out address (or more) gets blocked.


You can avoid this by ordering your ACL sensibly. Sender callback
verification is almost the last thing in our RCPT ACL.

acl_rcpt_mx:

# This service is only available on port 25.

  require
    message        = No SMTP service for unauthorized users
    condition      = PORT25


# Make it easy to get help

  accept
    domains        = +our_domains
    local_parts    = +postmasterish


# We accept email only for domains that we know about.
# This check is cheap so we do it early to save time.

  require
    message        = Relaying is not permitted
    domains        = +our_domains


# Do some anti-spam checking for non-friendly machines.

  deny
  ! hosts          = +relay_hosts
  ! acl            = aux_check_spam


# For friendly machines, just check the sender domain.

  deny
    hosts          = +relay_hosts
  ! verify         = sender


# All recipient addresses must be valid, more or less.

  require
    message        = ${acl_verify_message}\n\
                     See http://www.cam.ac.uk/cs/email/bounce.html
    verify         = recipient/callout=use_sender,defer_ok


# Do more thorough sender address checks. We do this after verifying the
# recipient address to reduce the number of sender callouts.

  require
    acl            = aux_verify_sender


# Don't accept email if we are too busy. We keep this check at the end
# of the ACLs and ensure we do it only once because it can be expensive.

  defer
    message        = Sorry, too busy. Try again later.
    condition      = ${if or{{ eq{$acl_c2}{busy} } \
                             { <{300}{${run {/opt/exim/sbin/exim_incount} }} }} }
    set acl_c2     = busy



# Every check has been passed.

accept

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}