Re: [exim] blocking part of a relay

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Bill Hacker
Date:  
À: exim
Sujet: Re: [exim] blocking part of a relay
Larry wrote:

>
>
> I need to figure out how to block the origionator of a message.
>


Easy enough.

> I have mail relayed to me. Here is part of the header;
>
>
> Received: from mxout3.mailhop.org ([63.208.196.167] ident=mailnull)
>         by my.homeip.net with esmtp (Exim 4.60)
>         (envelope-from <widgeteye@???>)
>         id 1F0Z30-00084d-Jx
>         for larry@???; Sun, 22 Jan 2006 00:49:58 -0600
> Received: from mxin2.mailhop.org ([63.208.196.176])
>         by mxout3.mailhop.org with esmtp (Exim 4.51)
>         id 1F0Z30-0002Wz-3R
>         for larry@???; Sun, 22 Jan 2006 01:49:58 -0500
> Received: from web42207.mail.yahoo.com ([66.218.93.208])

>
>
> mailhop.org is the relaying agent. As you can see widgeteye@???
> is sending me an email. How do I block yahoo.com from sending me mail
> through my relaying address without blocking the relay address?
>


Unless you control the configuration of the *.mailhop.org relay, you cannot.

> I have tried puting yahoo.com in the acl deny hosts but it doesn't work.
> If I block the relaying agent, mailhop.org, then the logs tell me that
> yahoo.com was blocked. :)
>


You can block on *your* Exim MTA.

Use originator-specific rules, optionally applied only to
traffic that arrives from mailhop.org.

You can block on almost any field presented to, and transparently passed
by, mailhop.org,
or on a combination of such fields.

But not until the traffic is presented to an MTA you *control*.

Likewise, bouncing mail back to mailhop.org should be reviewed, less you
wear out your welcome there.

It may be better to just accept it, then drop it on the floor.

>
> I have read and read the spec.txt but I haven't figured this one out yet.
>


Look at the various 'blacklisting' options.

Then ask yourself what field(s) is/are common to the traffic you do not
want,
and reliably onpassed by the relay so you can ID the junk with confidence.

> Any help would be appreciated.
>
> BTW, I don't really want to block yahoo I'm just using it as a test.
>


You might also want to look at blocking *forged* yahoo, as many MTA's
are presented with hundreds of times more spam trying to pretend to be
from yahoo than they are with genuine correspondence from yahoo users.
Likewise hotmail, msn, and aol.

Tor Slettnes has published a full set of acl's that should give you some
interesting examples.

See:

http://slett.net/spam-filtering-for-mx/

HTH,

Bill Hacker