Re: [exim] How best to blackhole e-mails

Top Page
Delete this message
Reply to this message
Author: Odhiambo Washington
Date:  
To: paul.mcilfatrick@bt.com
CC: Exim-users
Subject: Re: [exim] How best to blackhole e-mails
On 10/30/07, paul.mcilfatrick@??? <paul.mcilfatrick@???> wrote:
> Some advice from you experts would be appreciated.
>
> I am the part-time admin of a local mail server within our company which
> has in the last few months begun to be overwhelmed by SPAM (the server
> is running Exim 4.63 and using sa-exim to run SpamAssassin).
>
> We maintain this local server to run a secondary system using a mail
> domain that predates our company's mail domain because it allows us to
> create a new e-mail account quickly, unlike our company e-mail system,
> and it lets us use local mail distribution lists.
>
> All e-mails from the internet for our local mail domain arrive at the
> company's two edge mail servers before being forwarded to our local
> server (these two edge servers are quite old machines and the software
> they run does little checking of e-mail).
>
> At present our Exim config does a lot of checking (btw this local mail
> server is behind our company firewall and we are unable to use verify =
> sender and verify = sender/callout as they are blocked) but still a
> large percentage of e-mails are passed through to SpamAssassin. As this
> is a secondary mail system, any e-mail with a SpamAssassin score of 5.0
> or more is not delivered but is put in a directory and retained for 10
> days before being deleted.
>
>
> SPAM has got so bad that it is about 99% of the traffic and we are
> considering abandoning our local mail domain and creating a new one.
>
> However, before we do that it has been suggested that I modify our Exim
> config file so that all e-mails are accepted from the company's two edge
> servers without doing any checking during the receiving process and then
> to blackhole any e-mails that are not from a domain which is held in a
> locally maintained text file.
>
>
> What I am proposing probably goes against the spirit of the SMTP
> protocol but I have to try something drastic.
>
>
> My questions are:
>
> 1) How best to do the blackholing? Use the ACL verbs discard/deny or
> is there a better way?


Since you want to accept the mails first, my take on this is that you
just route the mails and blackhole any that is addressed to unknown
users:
Use the following as your very last router:

unknown_user:
  driver              = redirect
  data                = :blackhole:
  allow_fail


However, you should do filtering on the edge servers. I use an HP
DC7700 with 80GB HDD and 1GB RAM (costs $800) and it does great work.
Surely, your company can afford that!


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _  _ _
"Oh My God! They killed init! You Bastards!"
                        --from a /. post