Looking for more safe ways to reject on connect. Here's what I'm doing now:
connect ...............
# --- Spamhaus is the only blacklist I fully trust
drop dnslists = sbl-xbl.spamhaus.org
message = REJECTED - Host $sender_host_address is Blacklisted in
$dnslist_domain=$dnslist_value - $dnslist_text
# --- Blacklisted and no reverse DNS
drop message = REJECTED - Host $sender_host_address is Blacklisted in
$dnslist_domain=$dnslist_value - $dnslist_text
!verify = reverse_host_lookup
dnslists = dnsbl.sorbs.net : dnsbl.njabl.org : relays.ordb.org :
bl.spamcop.net : opm.blitzed.org
helo ....................
# If the remote host greets with an IP address, then reject the mail.
deny message = REJECTED - Bad HELO - IP address not allowed
($sender_helo_name)
condition = ${if isip {$sender_helo_name}{true}{false}}
# Can't impersonate one of our domains
drop message = REJECTED - Bad HELO - Host impersonating
[$sender_helo_name]
condition = ${if
match_domain{$sender_helo_name}{+all_mail_handled_locally}{true}{false}}
recipient ...................
drop message = Legitimate bounces are never sent to more than one recipient.
senders = : postmaster@*
condition = ${if >{$recipients_count}{1}{true}{false}}
# --- Drop if the verify fails during the "recipient" part of the test.
drop message = REJECTED - Sender Verify Failed - error code \"$sender_verify_failure\"\n\n\
The return address you are using for this email message <$sender_address>\
does not seem to be a working account.
log_message = REJECTED - Sender Verify Failed - error code \"$sender_verify_failure\"
!hosts = +no_verify
!verify = sender/callout=2m,defer_ok
condition = ${if eq{recipient}{$sender_verify_failure}}
# --- Sender Verify Failed and Blacklisted
drop message = REJECTED - Sender Verify Failed and Host $sender_host_address is Blacklisted in $dnslist_domain=$dnslist_value - $dnslist_text
log_message = REJECTED - Sender Verify Failed and Host $sender_host_address is Blacklisted in $dnslist_domain=$dnslist_value - $dnslist_text
dnslists = dnsbl.sorbs.net : dnsbl.njabl.org : relays.ordb.org : bl.spamcop.net : opm.blitzed.org
!verify = sender/callout=2m,defer_ok
!condition = ${if eq{$sender_verify_failure}{}}
# --- Sender Verify Failed and no Reverse DNS
drop message = REJECTED - Sender Verify Failed and no RDNS
log_message = REJECTED - Sender Verify Failed and no RDNS
!verify = reverse_host_lookup
!verify = sender/callout=2m,defer_ok
!condition = ${if eq{$sender_verify_failure}{}}
# Deny if too many failed recipients
drop message = REJECTED - Too many failed recipients - count = $rcpt_fail_count
log_message = REJECTED - Too many failed recipients - count = $rcpt_fail_count
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
condition = ${run{/etc/exim/scripts/log-file /var/spool/spam/host-spam.txt $sender_host_address}{yes}{yes}}
!verify = recipient/callout=2m,defer_ok,use_sender
--
Marc Perkel - marc@???
Spam Filter: http://www.junkemailfilter.com
My Blog: http://marc.perkel.com
My Religion: http://www.churchofreality.org
~ "If it's real - we believe in it!" ~
