Hello,
I had the same issue. Below is what I did. Works like a charm.
begin acl
acl_check_rcpt:
deny local_parts = ^.*[@%!/|] : ^\\.
message = Unknown user
accept local_parts = postmaster
domains = +local_domains
accept local_parts = abuse
domains = +local_domains
warn condition = ${lookup
{${lc:$sender_helo_name}}lsearch{/usr/exim/MyIP}{yes}{no}}
condition = ${lookup
{${lc:$sender_host_address}}lsearch{/usr/exim/MyIP}{no}{yes}}
message = X-Helo: Forgery - Helo Name |$sender_host_address|
|$sender_helo_name| |$sender_ident|
warn condition = ${lookup
{${lc:$sender_address_domain}}lsearch{/usr/exim/MyIP}{yes}{no}}
condition = ${lookup
{${lc:$sender_host_address}}lsearch{/usr/exim/MyIP}{no}{yes}}
message = X-Helo: Forgery - Domain Address
|$sender_host_address| |$sender_helo_name| |$sender_ident|
warn condition = ${if eq
{${lc:$sender_helo_name}}{${lc:$domain}}{no}{yes}}
message = X-Sender-Domain-Verify: Failed
warn condition = ${if eq
{${lc:$sender_helo_name}}{${lc:$sender_address_domain}}{no}{yes}}
message = X-Sender-Domain-Verify: Failed
warn condition = ${if match
{${lc:$sender_ident}}{\Nsquid|cacheflow\N}{yes}{no}}
message = X-OpenRelay: $sender_ident
warn !verify = sender/callout
message = X-Sender-Verify: Failed
warn !verify = reverse_host_lookup
message = X-Reverse-DNS: Failed
warn message = X-MXRate: Recomendation: $dnslist_text
dnslists = pub.mxrate.net
warn message = X-OpenRelayDB: Listed in
$dnslist_domain/$dnslist_text
dnslists = relays.ordb.org/reject
warn message = X-BlackList: Listed in
$dnslist_domain/$dnslist_text
dnslists = opm.blitzed.org: cbl.abuseat.org: list.dsbl.org:
multihop.dsbl.org: sbl-xbl.spamhaus.org: virbl.dnsbl.bit.nl:
bulk.rhs.mailpolice.com: porn.rhs.mailpolice.com: block.rhs.mailpolice.com:
dynamic.rhs.mailpolice.com: dsn.rfc-ignorant.org:
postmaster.rfc-ignorant.org: abuse.rfc-ignorant.org:
bogusmx.rfc-ignorant.org: bl.spamcop.net: dnsbl.njabl.org: dnsbl.sorbs.net:
multi.surbl.org: multi.uribl.com: combined-hib.dnsiplists.completewhois.com
accept domains = +relay_to_domains
recipients = *
accept hosts = +relay_from_hosts
endpass
deny message = Unknown user
deny message = Unknown user
and as the LAST router (oblivion is my spamtrap user account):
spamtrap:
driver = redirect
caseful_local_part = TRUE
headers_add ="X-Status: Unknown user, possible dictionary attack"
file = /home/oblivion/.forward
user = oblivion
no_verify
no_expn
check_ancestor
allow_filter
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
Thats it... no additional transports. Its simple and effective. I use the
additional headers for filtering.
Hope that helps.
Sherwood Botsford writes:
> As you may remember in the last episode, I was looking for a way to
> create a spamtrap by salting false addresses for web harvesters,
> then rejecting out of hand any message that contained the false recipient.
>
> This is what I did:
>
> In acl_check_rcpt: (acl_smtp_rcpt)
>
> accept domains = +local_domains
> recipients = /opt/exim/spamtrap
> set acl_m0 = "SpamTrap"
>
> ... rest of content
>
> in acl_check_content: (acl_smtp_data)
> acl_check_content:
>
> deny message = "Addressed to non-existent recipient"
> condition = ${if match \
> {$acl_m0} \
> {"SpamTrap"} \
> {1}{0}}
>
> ... rest of content.
>
>
> This works.
>
> However I would like to do something less severe than denying it.
> Say, perhaps save a copy of it to a file, so that I can check through it and see if it
> is doing what I think it is.
>
> I haven't been able to configure a router to deal with a message. Routers, by their nature
> seem to deal with addresses.
>
> So, for example, this router does not do what I want:
> spamtrap_router:
> driver = accept
> domains = +local_domains
> condition = { match {$acl_m0}{"SpamTrap"}}
> transport = spamtrap_transport
