Re: [exim] :fail: & :blackhole: implementation

Top Page
Delete this message
Reply to this message
Author: Richard.Hall
Date:  
To: exim-users
Subject: Re: [exim] :fail: & :blackhole: implementation
It may just be me, but there seems to be some confusion in this
conversation ...

On Mon, 22 Jan 2007, Ian Eiloart wrote:

> --On 22 January 2007 17:01:21 +0200 Michael L Griffin <milegrin@???>
> wrote:
>
> > Greetings
> > On 22/01/07, Ian Eiloart <iane@???> wrote:
> >> --On 22 January 2007 15:58:35 +0200 Michael L Griffin
> >> <milegrin@???> wrote:
> >> >
> >> > 1) From my reading on the archives, :blackhole: is only taken into
> >> > account after processing the mail which is a waste of resources. Is
> >> > there a way to blackhole directly after receipt before processing?
> >>
> >> Don't do that. If you don't want an email, then use "deny" in an ACL
> >> before the DATA phase. That way, if the sender is a real person, they'll
> >> get a failure notification. If the sender is a spambot, then the spambot
> >> will blackhole the message.
> >>
> > I have approximately 45 domains on my little server and :blackhole: is
> > only used on individual accounts as specifically requested (eg dude
> > has left and they no longer the mail sent his address and don't want
> > to bounce it) and it is easier to simply blackhole. Any ideas as to
> > howto implement your suggestion directly after SMTP time before
> > processing?
> > (I discourage the use of blackhole but clients are always right (c:} )
>
> You should use a recipient ACL to check whether the address is deliverable,
> with a callout. You can customise the content of the 5xx reply. Or, I guess
> you could use the same lookup as you do for routing, and if the result of
> the lookup is ":blackhole:", then "deny" the message.


It seems to me that :fail: instead of :blackhole: would solve both
problems. Use 'verify=recipient', with a callout if necessary (depends on
whether your 45 domains are local to the server in question or not - I
don't think you said), and it will reject with a 5xx before processing the
DATA.

Which leads on to ...


> >> > 2) On my exim3 system, I can fail a message with a custom fail message
> >> > eg : :fail: Sue has left - please speak to Mary
> >> > This would generate a 550 with the specified message. On the Exim4
> >> > system, it generates teh 550 but ignores the message so a generic 550
> >> > is received and the custom message is ignored. How do I get the
> >> > :fail: bounce to include the custom message?


What I have is (roughly)

  dead_aliases:
    driver = redirect
    allow_fail
    data = ${lookup{$local_part}lsearch{ALIASDIR/dead_aliases}}
    [...]


and the deadaliases file contains lines like

  Timothy.Leary:  :fail: dead
  Tony.Blair:     :fail: no longer works here, try Gordon.Brown instead


I believe it is the 'data=' bit which gets your custom message back to the
sender.

> >> > As an aside - would it be possible to change the bounce subject? If
> >> > so, how?
> >>
> >> You should NOT be generating bounce messages if you can help it. Usually,
> >> they will go to the innocent owner of a spoofed email address.
> > Correct, BUT, I have to cater for the legitimate bounces.
> > This is especially useful when addresses are no longer valid and an
> > announcement in the form of a bounce is used to give an alternate
> > address. I prefer this over blackholing as the sender of legitimate
> > mail can resend to the correct address.
> > It is also very useful when used in conjunction with a "catchall"
> > where legitimate mail is delivered and all mail to non-existent
> > addresses is bounced containing a obfuscated valid contact address and
> > message (I can customise the contact address per domain)
>
> Well, if you bounce spam, you'll end up getting blacklisted sooner or
> later, so see the comments above. Again, you could do a similar lookup, and
> use the result to set the rejection message.


Seems to me we have a confusion over terminology. A :fail: does not
generate a 'bounce' but a 'reject' (in my terms, and Ian's). So everyone
should be happy :-)

Oh, also,

> >> > As an aside - would it be possible to change the bounce subject? If
> >> > so, how?


No. Because you would not be generating a message at all. A genuine
sending MTA will react to your reject by generating its own non-delivery
report, and you have no control over it.

HTH,
Richard