Re: [exim] lookups in exim filters?

Góra strony
Delete this message
Reply to this message
Autor: Bill Hacker
Data:  
Dla: exim
Temat: Re: [exim] lookups in exim filters?
Sherwood Botsford wrote:

> In light of the system filter, I would like to do lookups. E.g.
>
> # Exim Filter
>
> if foranyaddress $recipients (${lookup{$thisaddress}lsearch{/opt/exim/spamtrap})
> then 
>         save /var/mail/spamtrap
> endif

>
> ... where /opt/exim/spamtrap is a set of false addresses inserted into our webpage.
>
>
> Or would this be better done in an acl.


IMNSHO, it would be better done with a reject at RECPT time and a 'warn'
or 'logwrite'.
Bounce/Error message not recommended.

Lower overhead, negligible storage needed.

A periodic grep of the ~/exim/rejectlog against a file of your chosen
'false addresses' would then harvest the 'alleged' mx and IP from whence
the offenders [pretend to be | are] arriving.

grep -f <flat file of offender addresses> /var/log/exim/rejectlog

Or *all* offenders: grep 'rejected RCPT' /var/log/exim/rejectlog


Sample of an actual log entry (two line breaks inserted manually):

=========================

2005-11-02 05:22:58 H=(cm4123.red.mundo-r.com) [213.60.4.123]
F=<convolutelymancatnip@???>
rejected RCPT <keilholz@???>

==========================

Traffic for the non-exisitent addresseee above arrived from nine
different apparent origins over a 3 day period.
Probably some donkey-orifice's pet Win-zombie farm, as no such address
has ever existed, fake or otherwise.

Bounces are not a good idea - they just trigger a flood of collateral spam.

YMMV.

Bill Hacker