Re: [exim] smarthost to internal server

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: exim-users
Subject: Re: [exim] smarthost to internal server
On Mon, Aug 13, 2007 at 06:26:36PM +0200, the sew wrote:
> Hi,
>
> I've got exim server as a front end to our qmail servers where all the
> users is managed,
>
> eventually gets past the greylisting to the
> internal mailserver, the internal server is sending alot of unknown
> senders messages to the postmaster


Does the internal mail server reject the message at MAIL/RCPT time? If so,
then the answer is probably to use "require verify = recipient/callout".
You should be able to find lots of examples and documentation on this.

Otherwise, you'll have to find another way to work out what's good and what's
bad (i.e. what to accept and what to reject). And I'm unclear on exactly
what's going wrong, so I can't suggest how to do that.

> Is there anyway I can stop this from exim, I've seen some nice ways to
> limit dictionary attacks if more than 2 failure rcpts in the smtp
> session ( http://www.configserver.com/free/eximdeny.html ) .


Personally I use a geometric delay after each bad RCPT: something like

# Pick an unused acl_cX variable (pre-4.67-style):
BAD_RCPT_DELAY=acl_c0

    deny
    ... add whatever condition causes bad rcpts here ...
        # e.g. !verify = recipient/callout
        set BAD_RCPT_DELAY = ${if eq {$BAD_RCPT_DELAY}{} {1}{$BAD_RCPT_DELAY}}
        delay = ${BAD_RCPT_DELAY}s
        set BAD_RCPT_DELAY = ${if <{$BAD_RCPT_DELAY}{4096} {${eval:$BAD_RCPT_DELAY*2}}{$BAD_RCPT_DELAY}}


which works just fine as long as the dictionary attack is within the same SMTP
session.

However I'm sure there any many other good ways of doing this.

--
Dave Evans
Power Internet Limited, registered in England #03053650 at Norfolk House,
82 Saxon Gate West, Central Milton Keynes, Buckinghamshire, MK9 2DL.
For more information, see http://www.powernet.co.uk/~davide/about-powernet