Re: [exim] require_verify = sender + RBLs - clarification on…

Top Page
Delete this message
Reply to this message
Author: Alon
Date:  
To: exim users
Subject: Re: [exim] require_verify = sender + RBLs - clarification on the How-to
OK... responding to (and then more discussion):

> Hang on. I thought
> verify = sender
> only involved work internal to your local exim (checking that it can
> find a server which ought to accept a reply), and it's only if you ask for
> verify = sender/callout
> that any external test was made?




Here is where I got a bit confused.

I understood the first response for the most part, but now you managed to
throw me off.

But, before I start my rant :))), let me do a step through your first
response:

First, I forgot to mention that Yes,. I'm using Exim 4.63 to clarify the
verion used.

Second, webform control is not the issue I'm dealing with, (even though it
is certainly an importat issue of its own).
My primary concern was to not to Inhibit or cause any issues to those valid
users who do have a webform on their
site and are just poor coders. I'm not concerned with the exploits from
them,. or through their websites, that I got
taken care of,. I just don't want to get the calls about "hey it worked
yesterday. .what happend?".
So,. I'm trying to gather the answers in advance.
So my understanding is that LOCAL valid users, should not be affected by
enabling this feature.

Third, You made the point/case that:

"Some very large / major ISP's do not have usable DNS records for their
'pools' of servers."

NOW that's something to be concerned about. Since I'm running a shared
hosting environment with folks from
all over the world, it is very likely that some of them are interacting with
servers that are indeed poorly maintained/configured.
That is a valid reason by itself why NOT to use this feature.
I can lecture to my clients that they SHOULD instruct their buddies out
there to lecture their service providers... and yeah..going
back to reality this is never going to happen.

So,. this is something that seems to be very restrictive and unless I know
who I am interacting with,. chances are that this is going
to be NOT a favorable action for many of my users.

OK.. with that said..I think I covered that subject and as much as I want to
have that,.. I'll have to drop it for the time being, at least until
the entire world will change working procedures.

NEXT:

RBLs (hey,. it's in the subject line!):

I can use RBLs like the following:

# deny using .spamhaus
  deny message = Email blocked by SPAMHAUS SBL+XBL- to unblock see 
http://www.myserver.com/spamlistschecker.html
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = sbl-xbl.spamhaus.org



# deny using ordb
  deny message = Email blocked by ORDB - to unblock see 
http://www.myserver.com/spamlistschecker.html
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = relays.ordb.org


# deny using sorbs smtp list
  deny message = Email blocked by SORBS - to unblock see 
http://www.myserver.com/spamlistschecker.html
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = dnsbl.sorbs.net=127.0.0.5



but my concern is that at one point if I get lots of emails, I'll be
actually considered as a "hostile" checker and get blacklisted for excessive
checks.
Is that likely to happen?
If so,. should I simply rsync or otherwise do a daily update of a local
black listings and do local checks?
Does that seem like a logical thing to do?
Would this possibly get even faster checks on high volume emails?
Is that something that people do?

Thanks,

-Alon.


- Alon
js@???


----- Original Message -----
From: "John Robinson" <john.robinson@???>
To: "W B Hacker" <wbh@???>
Cc: "exim users" <exim-users@???>
Sent: Saturday, October 21, 2006 2:53 PM
Subject: Re: [exim] require_verify = sender + RBLs - clarification on the
How-to


> On 21/10/2006 13:47, W B Hacker wrote:
> [...]
>> verify = sender tries to see if the 'incoming' mail server of-record for
>> the
>> domain they *apear* to come from both exists and accepts *at least* a
>> partial
>> attempt to send mail. Many malware sources will fail that. Further
>> options in
>> the spec.
>
> Hang on. I thought
> verify = sender
> only involved work internal to your local exim (checking that it can
> find a server which ought to accept a reply), and it's only if you ask for
> verify = sender/callout
> that any external test was made?
>
> Cheers,
>
> John.
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>