Re: [exim] Seeking advice how to deal with spam faked to app…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Sebastian von Ulmenstein
Datum:  
To: exim-users
Betreff: Re: [exim] Seeking advice how to deal with spam faked to appear as coming from my domain
Thanks for your patience, but I'm stuck.

This is my acl_check_rcpt, slightly flattened. Where is the part,
responsible for letting through empty senders bounce messages? I can't
recognize it.


acl_check_rcpt:

  accept  hosts          = 127.0.0.1
  endpass
  message        = unknown user
  verify         = recipient


  deny    local_parts    = ^.*[@%!/|]


  deny    senders        = Note for this mail: some mysqlstuff here to deny
senders
          message        = Not accepted from $sender_address


  require verify         = sender


  drop condition         = ${if match{$sender_helo_name}{SERVER_IP}{yes}{no}
}
       message           = "Dropped spammer pretending to be us"


  drop condition         = ${if
match{$sender_helo_name}{^[0-9]\.[0-9]\.[0-9]\.[0-9]}{yes}{no} }
       message           = "Dropped IP-only or IP-starting helo"



drop condition = Note for this mail: some mysqlstuff to drop mail to
spam-flooded accounts
message = Sorry, outdated address. Check your contacts.


  drop    hosts          = net-lsearch;/usr/exim/reject-hosts.txt : \
                           net24-lsearch;/usr/exim/reject-hosts.txt
          message        = Connection Denied for $sender_host_address



  drop    message        = Too many bad recipients ${eval:$rcpt_fail_count}
out of $rcpt_count
          condition      = ${if = {${eval:$rcpt_fail_count}}{1}{yes}{no}}
          delay          = 3m


  drop    message        = Recipient unknown
          !verify        = recipient
          delay          = ${eval: ($rcpt_fail_count + 1) * 1}m



  accept  local_parts    = postmaster
          domains        = +local_domains



  accept  hosts          = +relay_from_hosts


accept authenticated = *

  accept  domains        = +local_domains
          endpass
          message        = unknown user
          verify         = recipient


  accept  domains        = +relay_to_domains
          endpass
          message        = unrouteable address
          verify         = recipient


  deny    message        = authentication required - relay not permitted





Am 15.11.2005 23:12 Uhr schrieb "Fred Viles" unter <fv+exim@???>:

> On 15 Nov 2005 at 21:59, Exim User wrote about
>     "Re: [exim] Seeking advice how to de":

>
> | my special problem went down around other -550 discussions.
> | What should I add to my rcpt_acl to get rid of
> | > Message IPXDKM-000KV5-KU has been frozen (delivery error message).
> | > The sender is <>.
>
> Did you see my reply? The RCPT ACL stanza you posted should do it,
> *if* it is reached (no accept stanza higher up that applies) *and*
> you don't have a router that accepts all local parts for your local
> domain, whether they are valid or not.
>
> The router you posted isn't the problem, since it only accepts
> postmaster@localdomain.
>
> - Fred
>
>
>
>