Chris Lightfoot wrote:
> On Mon, Jul 03, 2006 at 06:43:43PM +0200, Anthony wrote:
>
>>Hello.
>>
>>In order to prevent spam, I'd like Exim 4 (I run Debian) to reject
>>incoming mail
>>if sender's domain doesn't exist.
>>What should be modified in the configuration files for this ?
>
>
> you could switch on callout verification of senders, which
> will test that the sender's address is deliverable, rather
> than just that their domain exists -- add,
>
> require verify = sender/callout
>
> to the MAIL ACL. You could also check just that the
> domain-part of the address exists with the dns lookup at
> the same point, but I haven't an example to hand.
>
This can result in a rather high 'false positive' rejection if
you use a 'hard' test, and for any of several reasons:
- many 'major' ISP's utilize 'pools' or clusters of servers,
often arranged as 'incoming' and 'outbound'. Your users may have
correspondents form many such. Or not.
- these do not necessarily respond as expected, if at all, to
sender verification callouts. (Does your own Exim server do so?)
- some otherwise-legitimate sending MX may not resolve. (Does
your own?)
- others may locally blacklist sources that attempt frequent
sender verification.
For our part, we DO seek sender verification, but only with a
'warn' verb that assigns 'demerit' points on fail.
Other protocol violations are also point-scored, then the
cumulative score tested against thresholds at key points in the
smtp process.
Spam attempts, especially from zombie-farms, usually exhibit
*many* such errors, legitimate servers only one or two, though
not necessarily the *same* one or two as some other legitimate
server may.
The 'weight' of a score assigned for an infraction, and the
thresholds you can tolerate need to be determined from
experience/analysis of your own traffic, but it is easy to start
lax and selectively tighten up, as you can store the thresholds
in macros, and/or per-user in a file or DB, and adjust the
demerit points assigned in each acl individually.
This is effective, requires very few whitelist entries, and has
a very low false-positive rate, even with rather strict settings.
HTH,
Bill
