[exim] How best to blackhole e-mails

Top Pagina
Delete this message
Reply to this message
Auteur: paul.mcilfatrick
Datum:  
Aan: Exim-users
Onderwerp: [exim] How best to blackhole e-mails
Some advice from you experts would be appreciated.

I am the part-time admin of a local mail server within our company which
has in the last few months begun to be overwhelmed by SPAM (the server
is running Exim 4.63 and using sa-exim to run SpamAssassin).

We maintain this local server to run a secondary system using a mail
domain that predates our company's mail domain because it allows us to
create a new e-mail account quickly, unlike our company e-mail system,
and it lets us use local mail distribution lists.

All e-mails from the internet for our local mail domain arrive at the
company's two edge mail servers before being forwarded to our local
server (these two edge servers are quite old machines and the software
they run does little checking of e-mail).

At present our Exim config does a lot of checking (btw this local mail
server is behind our company firewall and we are unable to use verify =
sender and verify = sender/callout as they are blocked) but still a
large percentage of e-mails are passed through to SpamAssassin. As this
is a secondary mail system, any e-mail with a SpamAssassin score of 5.0
or more is not delivered but is put in a directory and retained for 10
days before being deleted.


SPAM has got so bad that it is about 99% of the traffic and we are
considering abandoning our local mail domain and creating a new one.

However, before we do that it has been suggested that I modify our Exim
config file so that all e-mails are accepted from the company's two edge
servers without doing any checking during the receiving process and then
to blackhole any e-mails that are not from a domain which is held in a
locally maintained text file.


What I am proposing probably goes against the spirit of the SMTP
protocol but I have to try something drastic.


My questions are:

1) How best to do the blackholing? Use the ACL verbs discard/deny or
is there a better way?

2) In which ACL is it best to do the blackholing as I want to accept
the message from the company's two edge servers and then blackhole them
without generating SMTP traffic.



Thanks


Paul McIlfatrick