Re: [exim] Seeking advice how to deal with spam faked to app…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: exim user
Date:  
À: exim-users
Sujet: Re: [exim] Seeking advice how to deal with spam faked to appear as coming from my domain
The policy of this mailserver is, that first it sends the unknown recipients
mail to the postmaster. This is to catch potentially important mail, denied
perhaps because of typos.
After that, it sends a copy of the error message to the postmaster for
further investigation of what caused the trouble.
These are the last two routers:

unknown_user:
driver = redirect
data = postmaster@???
unseen

errorcopy_postmaster:
driver = redirect
data = :fail: User unknown
allow_fail

As Nigel Metheringham wrote:
>A bounce is sent to the envelope sender address.
>A bounce is sent *with* its own envelope sender address set to <>
>A bounce message cannot be generated for an undeliverable bounce
>message, so exim is freezing the incoming bounce message.


So what do I have to add to these routers to keep them away from routing to
an empty <> ???

Thank you all
Sebastian

Am 16.11.2005 18:04 Uhr schrieb "Fred Viles" unter <fv+exim@???>:

> On 16 Nov 2005 at 12:57, Exim User wrote about
>     "Re: [exim] Seeking advice how to de":

>
> | This is my acl_check_rcpt, slightly flattened. Where is the part,
> | responsible for letting through empty senders bounce messages? I can't
> | recognize it.
>
> As I understand it, your problem is not "letting through empty
> senders bounce messages". The problem is more general: you are
> accepting mail for non-existant users in your local domain, which
> then can't be delivered.
>
> As I said, the stanza of your RCPT ACL that you originally posted
> *should* reject messages for unknown local users. I gave two reasons
> why it may not be doing so.
>
> | acl_check_rcpt:
> | 
> |   accept  hosts          = 127.0.0.1
> |   endpass
> |   message        = unknown user
> |   verify         = recipient

>
> This is your only accept above:
>
> |...
> |   drop    message        = Recipient unknown
> |           !verify        = recipient
> |           delay          = ${eval: ($rcpt_fail_count + 1) * 1}m

>
> So the problem is not in your RCPT ACL. Look to your routers. For
> some reason the non-existant local recipient is passing verification,
> which means you have a router that accepts it. Run a test like
> "exim -d -bv debian@???" to see which router is accepting the
> address.
>
> - Fred
>
>
>
>