Re: [exim] Accept Mail only to known recipients

Top Page

Reply to this message
Author: Ian Eiloart
To: Odhiambo G. Washington, exim-users
Subject: Re: [exim] Accept Mail only to known recipients

--On 1 August 2006 22:40:27 +0300 "Odhiambo G. Washington"
<wash@???> wrote:

> Hi,
> I need some advise on a task I am working on towards spam control and
> bandwidth saving. I am going to have a dedicated server hosted somewhere
> upstream and this server is going to be my highest priority MX for several
> thousand domains.
> Basically, I want to save as much bandwidth as possible by stopping spam
> and viruses upstream.
> There is not going to be any local deliveries on this server though.
> What I want to do is to "let it know" all the recipient addresses on
> the thousand domains. I'll be synchronising the list of recipients to
> this server at good intervals to keep the recipients list updated.

Simpler, and more accurate, would be the use of call-forwards. This does
entail the exchange of a few packets, but results are cached. Overall the
result would be far less load on your secondaries than without the remote

It's simple, because you only need to change the Exim config, you don't
need to shuffle data. It's more accurate only if your cache refreshes are
more frequent than you would be doing your shuffling.

It won't be very useful if your data connection isn't always up. If you're
intending to store and forward from your primary *as a rule*, then you
shouldn't use this technique - however,
you'll also need to be careful about keeping your remote server up to date.

If you opt to shuffle data, then the technique you use should be chosen to
match your current method. For example, if you use LDAP, then set up an
LDAP replica server on your remote smtp server. If you use flat files, use
sftp to copy them to the remote server.

> Any mail that is not addressed to the "known" recipients need to be
> rejected out there, just like the identified spam and virii. I just
> need to get advise/warnings on:
> 1. What is the dandiest way to do this? After all dnsbl, I want to
>    accomplish all the checks at acl_smtp_rcpt and reject any unknown
>    recipients. Are there are pitfalls I should watch for?

> 2. What rule options would the admins here consider the most efficient
>    and effective for such a task?

> All advise/pointers will be highly appreciated.
>         cheers
>        - wash
> +----------------------------------+-------------------------------------
> ----+ Odhiambo Washington                    . WANANCHI ONLINE LTD (Nairobi,
> KE)  | wash () WANANCHI ! com            . 1ere Etage, Loita Hse, Loita St.,  |
> GSM: (+254) 722 743 223            . # 10286, 00100 NAIROBI             |
> GSM: (+254) 733 744 121            . (+254) 020 313 985 - 9             |
> +---------------------------------+--------------------------------------
> ----+ "Oh My God! They killed init! You Bastards!"
>                          --from a /. post

Ian Eiloart
IT Services, University of Sussex