Marc Perkel wrote:
>
> Here's my ACL
>
> defer senders = /var/spool/spam/suspicious-from.txt
> message = FROM Address temporarilly BLOCKED - Failed Recipient!
> !condition = ${if
> match_domain{$sender_address}{+all_mail_handled_locally}{true}{false}}
>
> warn message = Recipient Failure
> domains = +all_mail_handled_locally
> !verify = recipient/callout=2m,defer_ok,use_sender
> !hosts = +relay_from_hosts
> !senders = : postmaster@*
> condition = ${run{/etc/exim/scripts/log-file
> /var/spool/spam/suspicious-from.txt $sender_address}{yes}{yes}}
> And - then you add a 5 minute cron job to empty the list every 5 minutes.
>
> true > /var/spool/spam/suspicious-from.txt
One suggestion: make the defer senders list be:
defer senders = /var/spool/spam/suspicious-from.txt : \
/var/spool/spam/suspicious-from-2.txt
and make your cron job do:
cp -f /var/spool/spam/suspicious-from.txt \
/var/spool/spam/suspicious-from-2.txt
true > /var/spool/spam/suspicious-from.txt
That will give you blocks that last from 5-10 minutes, instead of 0-5
minutes. Probably a lot cheaper than the DB-based mechanisms for real
aging you've been looking at.
One thing worth noting is that with the ACL you mention above, it looks
like you're accepting (and then bouncing) the first message to a bad
recipient. The warn should probably be a deny instead. You don't want
it to be a defer, because once you've done a callout that actually
fails, you want a 5XX, not a 4XX. Otherwise a legitimate sender who
typos your address doesn't get a bounce for 5 days.
- Marc
