Συντάκτης: Mark Ημερομηνία: Προς: Alan J. Flavell Υ/ο: Exim users list Αντικείμενο: Re: [exim] MessageLabs 554 SMTP synchronisation error
On Tue, 2005-07-12 at 14:20 +0100, Alan J. Flavell wrote: > On Tue, 12 Jul 2005, Ian FREISLICH wrote:
>
> > Out of interest what proportion of your logs have useful ident data?
>
> Depends what you mean by "useful".
>
> I give you these, for example:
>
> 2005-07-06 22:51:54 H=(corporation.net) [168.187.205.3] U=CacheFlow Server
> F=<enquiryghstvi@???> rejected RCPT
> Rejected - appears to be an unsecured proxy: CacheFlow Server
>
> 2005-07-07 18:03:25 H=(mailhub.vianetworks.nl) [194.250.136.80]
> U=squid F=<jmazlpop@???> rejected RCPT
> Rejected - appears to be an unsecured proxy: squid
>
> There's still (years after this problem was first exposed) a moderate
> number of such rejections in our log. In due course the IPs in
> question turn up in blacklists (and indeed both of those IPs are well
> and truly blacklisted now), and could be rejected on that or on other
> grounds, but these characteristic idents seem to be a sure-fire
> rejection, on the assumption that no-one is seriously going to run
> their MTA with a user name of "squid", let alone "CacheFlow Server".
Under those conditions it would seem to be more sensible to bring the
ident lookup into an acl (is that possible?) and only test hosts on the
various dynamic IP lists.