RE: [exim] Damn advertisers that don't get returns. What to …

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Sub Zero
Data:  
Para: 'Exim-users'
CC: exim-users, 'Magnus Holmgren'
Assunto: RE: [exim] Damn advertisers that don't get returns. What to do?
Hi Patrick,

>>    1. What should I do to make exim defer the queued
>> emails after -lets say 4H?


> Why do you accept them in the first place? Don't you
> want your mail-system to stay responsible? If you
> can't report an error to a sender, then don't accept
> the responsibility for handling their mail.


Believe me I don't (at least before exim maildir thing, those were
rejected). They are for those quota full mailboxes. I don't know why exim
lets those mail in..

> require
> verify = sender/callout


I have this ACL in the check_recipient part:

<snip>
  require verify           = sender
  accept  domains          = +local_domains
          endpass
          message          = Please check all recipients of this message to
verify they are valid.
          verify           = recipient
</snip>


Can you please help me to rewrite this to do:

<snip>
  require verify           = sender
  accept  domains          = +local_domains
          endpass
          message          = Please check all recipients of this message to
verify they are valid.
          verify           = recipient
</snip>


if the interface port is 587 but do

<snip>
  require verify           = sender/callout
  accept  domains          = +local_domains
          endpass
          message          = Please check all recipients of this message to
verify they are valid.
          verify           = recipient
</snip>


if the interface port is 25. I don't know how to add "condition = ${if
eq{$interface_port}{25}}" or "condition = ${if eq{$interface_port}{587}}" to
this thing in the "check_recipient:" part located under the "begin acl"
thing.

Hi Magnus,

> First thing - you must never accept a mail from an
> external host if it cannot be delivered. Where is
> the verify = recipient in your acl_smtp_rcpt?


Unknown accounts fail with 5xx error at the RCPT TO time. The data check
here:

<snip>
  drop    !verify          = recipient
          !hosts           = /etc/exim_deny_whitelist
          message          = Appears to be a dictionary attack
          log_message      = Dictionary attack (after $rcpt_fail_count
failures)
          condition        = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
          condition        = ${run{/etc/exim_deny.pl $sender_host_address
}{yes}{no}}
</snip>


and under that:

<snip>
  require verify           = sender/callout
  accept  domains          = +local_domains
          endpass
          message          = Please check all recipients of this message to
verify they are valid.
          verify           = recipient
</snip>


There are no more "verify = recipient" or "verify = sender" lines in my ACLs
other than the ones above. And the above are under "check_recipient:" part
located under the "begin acl" thing.

> If you've got that right you shouldn't end up with
> any undeliverable bounces - just a fair amount of
> "rejected RCPT" in the logs.


I was also expecting this...

> Then you can go on and add such things as verify =
> sender (to block senders invalid MX) and dnslists =
> dsn.rfc-ignorant.org/$sender_address_domain (to
> block senders from domains known not to accept
> bounces), etc etc.


<snip>
  deny    !sender_domains  = lsearch;/etc/localdomains
          !senders         = @@lsearch;/etc/localsenders
          !hosts           = +relay_hosts
          !hosts           = /etc/exim_rbl_whitelist
          !authenticated   = *
          message          = $sender_host_address is blacklisted at
$dnslist_domain\n$dnslist_text
          dnslists         = sbl-xbl.spamhaus.org : list.dsbl.org :
dnsbl.ahbl.org : relays.ordb.org : bl.spamcop.net
</snip>