Re: [exim] 5 Minute Penalty Box

Pàgina inicial
Delete this message
Reply to this message
Autor: Marc Perkel
Data:  
A: exim-users
Assumpte: Re: [exim] 5 Minute Penalty Box


Marc Sherman wrote:

> Marc Perkel wrote:
>
>>
>> Here's my ACL
>>
>> defer    senders = /var/spool/spam/suspicious-from.txt
>>         message = FROM Address temporarilly BLOCKED - Failed Recipient!
>>         !condition = ${if 
>> match_domain{$sender_address}{+all_mail_handled_locally}{true}{false}}

>>
>> warn    message   = Recipient Failure
>>        domains   = +all_mail_handled_locally
>>        !verify   = recipient/callout=2m,defer_ok,use_sender
>>        !hosts    = +relay_from_hosts
>>        !senders  = : postmaster@*
>>        condition = ${run{/etc/exim/scripts/log-file 
>> /var/spool/spam/suspicious-from.txt  $sender_address}{yes}{yes}}
>>   And - then you add a 5 minute cron job to empty the list every 5 
>> minutes.

>>
>> true > /var/spool/spam/suspicious-from.txt
>
>
> One suggestion: make the defer senders list be:
>
> defer senders = /var/spool/spam/suspicious-from.txt : \
>                 /var/spool/spam/suspicious-from-2.txt

>
> and make your cron job do:
> cp -f /var/spool/spam/suspicious-from.txt \
>       /var/spool/spam/suspicious-from-2.txt
> true > /var/spool/spam/suspicious-from.txt

>
> That will give you blocks that last from 5-10 minutes, instead of 0-5
> minutes. Probably a lot cheaper than the DB-based mechanisms for real
> aging you've been looking at.
>
> One thing worth noting is that with the ACL you mention above, it
> looks like you're accepting (and then bouncing) the first message to a
> bad recipient. The warn should probably be a deny instead. You don't
> want it to be a defer, because once you've done a callout that
> actually fails, you want a 5XX, not a 4XX. Otherwise a legitimate
> sender who typos your address doesn't get a bounce for 5 days.
>
> - Marc
>

That would be an easy way to extend the window - but I think I'm happy
with the way I have it for now.

What my code does is the first one is accepted but triggers the block
for the next 5 minutes. And I do want to return a 4XX code because this
is where message are probably spam - but may not be - and I want the
non-spam to try again. I'm counting on the spammer email to go away.

--
Marc Perkel - marc@???

Spam Filter: http://www.junkemailfilter.com
    My Blog: http://marc.perkel.com
My Religion: http://www.churchofreality.org
~ "If it's real - we believe in it!" ~