Re: [exim] policy for MUA's

Page principale
Supprimer ce message
Répondre à ce message
Auteur: exim list subscriber
Date:  
À: Exim Users
Sujet: Re: [exim] policy for MUA's
In message <jbm.20060109140117.6bc2394c@user21>
"Edgar Lovecraft" writes:

> exim list subscriber wrote:
> >
> > On the off chance that some folks may find this useful...
> >
> > The site here is making a move to have MUA clients use the MSA port,
> > rather than using the regular SMTP port. To get a handle on laggards, we
> > wanted to get some kind of ACL to detect a MUA when it connected. The
> > way we've been deciding if a MUA is connecting, is by counting the
> > number of Received: headers in the message. If there is only one, that
> > being added by the server, then the message is from a MUA.
> >
> ..[snip]...
> >
>
> Don't try this in production, not unless that is you really want to
> reject nearly every message sent from a Microsoft Exchange server.
> It seems that Exchange does not add a 'Recieved' header for any message
> that is submitted to it by standard Outlook clients. That really sucks,
> as I tried this and it lasted for about 2 days. There were problems
> with no Recieved headers being added by other MTA's as well, but
> Exchange is by far the greatest offender.


Interesting. So far, this hasn't shown up here. But then again, the
acl is just logging what it finds, and not putting any policy into
effect, just on the possibility of encountering what you described.
The logging is already proving useful for identifying the laggards
not using the MSA port when connecting from the Internet, which was
part of the incentive to put the acl in place.

> > One of the interesting things, is that this MUA check is tagging a
> > significant portion of spam, or rather, that spam which isn't forging
>
> I thought the same thing... but...
>
> > Received: lines. That's a different problem, but this is proving to be a
> > good pre-screen by catching spam in the SMTP DATA phase.
> >
>
> Unfortunately no....


Data here shows the acl is catching about 15% of the spam. Probably
just a result of the particular spam technique being used with what
is being thrown at the DMZ mail hosts at present.

Thanks for the input...

--
eximlist@??? is whitelisted to receive only from the
the exim.org mail servers.
Randall Raemon
shikahrsoho.com, email to userid evg702y in place of eximlist