Re: [exim] 5 Minute Penalty Box

Top Page
Delete this message
Reply to this message
Author: Marc Sherman
Date:  
To: Marc Perkel
CC: exim-users
Subject: Re: [exim] 5 Minute Penalty Box
Marc Perkel wrote:
>
> Here's my ACL
>
> defer    senders = /var/spool/spam/suspicious-from.txt
>         message = FROM Address temporarilly BLOCKED - Failed Recipient!
>         !condition = ${if 
> match_domain{$sender_address}{+all_mail_handled_locally}{true}{false}}

>
> warn    message   = Recipient Failure
>        domains   = +all_mail_handled_locally
>        !verify   = recipient/callout=2m,defer_ok,use_sender
>        !hosts    = +relay_from_hosts
>        !senders  = : postmaster@*
>        condition = ${run{/etc/exim/scripts/log-file 
> /var/spool/spam/suspicious-from.txt  $sender_address}{yes}{yes}}
>   And - then you add a 5 minute cron job to empty the list every 5 minutes.

>
> true > /var/spool/spam/suspicious-from.txt


One suggestion: make the defer senders list be:

defer senders = /var/spool/spam/suspicious-from.txt : \
                 /var/spool/spam/suspicious-from-2.txt


and make your cron job do:
cp -f /var/spool/spam/suspicious-from.txt \
       /var/spool/spam/suspicious-from-2.txt
true > /var/spool/spam/suspicious-from.txt


That will give you blocks that last from 5-10 minutes, instead of 0-5
minutes. Probably a lot cheaper than the DB-based mechanisms for real
aging you've been looking at.

One thing worth noting is that with the ACL you mention above, it looks
like you're accepting (and then bouncing) the first message to a bad
recipient. The warn should probably be a deny instead. You don't want
it to be a defer, because once you've done a callout that actually
fails, you want a 5XX, not a 4XX. Otherwise a legitimate sender who
typos your address doesn't get a bounce for 5 days.

- Marc