Re: [exim] Domain names whose MX looks-up as spammers (Spews…

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Alan J. Flavell
CC: Exim users list
Subject: Re: [exim] Domain names whose MX looks-up as spammers (Spews, SBL etc.)
On Mon, 31 Jan 2005, Alan J. Flavell wrote:
>
> Let's leave aside for the moment the policy question of whether it
> would be wise to reject on the basis of a Spews or SBL listing (as it
> happens, we create local blacklists, using Spews and SBL for guidance,
> rather than for outright rejection). What I'd like to discuss here is
> how to actually implement such a block in exim4.


There are features in the latest snapshots which make this easy. The 4.50
manual will include the following example:

  deny message  =  The mail servers for the domain $sender_address_domain \    |
                   are listed at $dnslist_domain; see $dnslist_text.           |
       dnslists =  sbl.spamhaus.org/<|${lookup dnsdb {>|a=<|\                  |
                                      ${lookup dnsdb {>|mxh=\                  |
                                      $sender_address_domain} }} }             |


You can do similar things with the zns dnsdb pseudo-type to check name
servers against blacklists.

Matching against a locally-maintained blacklist in a file is more
difficult, because in general you're trying to check multiple lookup keys
against the table. Perhaps it would be useful to extend lookups to allow a
list of multiple keys, say:

  deny
    message   =  The mail servers for the domain $sender_address_domain \
                 are controlled by spammers
    condition =  ${lookup {${lookup     dnsdb {>:a=\
                               ${lookup dnsdb {>:mxh=\
                                   $sender_address_domain} } } }} \
                   multi-lsearch {/table/of/spammers} }


> What we've done so far (and I think I've mentioned this in earlier
> discussions) is to add our local IP-based blacklist (ignore_spammers)
> to the "bogons" list that is consulted like so:


The problem with this approach is it's hard to use in testing mode, and
hard to add exemptions for contacting postmaster@.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}