Re: [exim] Not rejecting mail forwarded from friendly hosts

Top Page
Delete this message
Reply to this message
Author: Richard Clayton
Date:  
To: Magnus Holmgren
CC: exim-users
Subject: Re: [exim] Not rejecting mail forwarded from friendly hosts
In message <200604121400.40493@???>, Magnus Holmgren
<holmgren@???> writes

>It is a good idea to reject likely to certain spam


ITYM "fail to accept"

>, because in the rare cases
>of false positives the legitimate sender will be notified. It is also a good
>idea to have at least as good spam protection at the (forwarding) secondary
>MXes as at the primary. But what is the best way(s) to handle .forward-ed
>mail coming from friendly but slightly stupid (in the sense that they lack
>adequate spam protection) hosts,


It is best to ensure that you do not use any scheme that is traffic
based (viz: "the last <n> from here were spam, hence I will make an
assumption about the next <n>") but only content-based (viz: "I will
look at each message and form an opinion about it").

It is also essential to ensure that email to your abuse team isn't
filtered -- because that just makes you look as if you don't care

>and how do you implement it with Exim?


It's more about not implementing all the off-the-wall ideas that people
come up with, rather than adding yet more cookbook recipes.

>c) Monitor mail logs to identify forwardings automatically or manually.


Monitoring incoming email logs can allow you to identify remote sites
that are sending you junk. However, if it is their smarthost (main
outgoing MTA) then you're unlikely to get enough of a pattern to be able
to provide them with any useful information.

Note that the world is full of people who are forwarding email from one
site to another, one ISP to another -- and schemes (readers are familiar
with several) which assume that you can read something into the
relationship between the source of an email, where it says it comes
from, and how legitimate it is, are doomed to fail in today's
conditions.

>d) User-managed ~/.backward (or a database or whatever) containing addresses
>and/or hosts forwarded from.


If you have 3 users, go for it. If you have 30, 300 or 3 million then
get yourself a more interesting (and less privacy invading) hobby! You
will merely end up rejecting a lot of legitimate email and dealing with
extremely annoyed users :(

- -- 
richard                                                   Richard Clayton


Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755