Marc Sherman wrote:
> Marc Perkel wrote:
>
>>
>> Here's my ACL
>>
>> defer senders = /var/spool/spam/suspicious-from.txt
>> message = FROM Address temporarilly BLOCKED - Failed Recipient!
>> !condition = ${if
>> match_domain{$sender_address}{+all_mail_handled_locally}{true}{false}}
>>
>> warn message = Recipient Failure
>> domains = +all_mail_handled_locally
>> !verify = recipient/callout=2m,defer_ok,use_sender
>> !hosts = +relay_from_hosts
>> !senders = : postmaster@*
>> condition = ${run{/etc/exim/scripts/log-file
>> /var/spool/spam/suspicious-from.txt $sender_address}{yes}{yes}}
>> And - then you add a 5 minute cron job to empty the list every 5
>> minutes.
>>
>> true > /var/spool/spam/suspicious-from.txt
>
>
> One suggestion: make the defer senders list be:
>
> defer senders = /var/spool/spam/suspicious-from.txt : \
> /var/spool/spam/suspicious-from-2.txt
>
> and make your cron job do:
> cp -f /var/spool/spam/suspicious-from.txt \
> /var/spool/spam/suspicious-from-2.txt
> true > /var/spool/spam/suspicious-from.txt
>
> That will give you blocks that last from 5-10 minutes, instead of 0-5
> minutes. Probably a lot cheaper than the DB-based mechanisms for real
> aging you've been looking at.
>
> One thing worth noting is that with the ACL you mention above, it
> looks like you're accepting (and then bouncing) the first message to a
> bad recipient. The warn should probably be a deny instead. You don't
> want it to be a defer, because once you've done a callout that
> actually fails, you want a 5XX, not a 4XX. Otherwise a legitimate
> sender who typos your address doesn't get a bounce for 5 days.
>
> - Marc
>
That would be an easy way to extend the window - but I think I'm happy
with the way I have it for now.
What my code does is the first one is accepted but triggers the block
for the next 5 minutes. And I do want to return a 4XX code because this
is where message are probably spam - but may not be - and I want the
non-spam to try again. I'm counting on the spammer email to go away.
--
Marc Perkel - marc@???
Spam Filter: http://www.junkemailfilter.com
My Blog: http://marc.perkel.com
My Religion: http://www.churchofreality.org
~ "If it's real - we believe in it!" ~
