Re: [exim] How best to blackhole e-mails

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: paul.mcilfatrick
CC: Exim-users
Subject: Re: [exim] How best to blackhole e-mails


paul.mcilfatrick@??? wrote:
> Some advice from you experts would be appreciated.
>
> I am the part-time admin of a local mail server within our company which
> has in the last few months begun to be overwhelmed by SPAM (the server
> is running Exim 4.63 and using sa-exim to run SpamAssassin).
>
> We maintain this local server to run a secondary system using a mail
> domain that predates our company's mail domain because it allows us to
> create a new e-mail account quickly, unlike our company e-mail system,
> and it lets us use local mail distribution lists.
>
> All e-mails from the internet for our local mail domain arrive at the
> company's two edge mail servers before being forwarded to our local
> server (these two edge servers are quite old machines and the software
> they run does little checking of e-mail).
>
> At present our Exim config does a lot of checking (btw this local mail
> server is behind our company firewall and we are unable to use verify =
> sender and verify = sender/callout as they are blocked) but still a
> large percentage of e-mails are passed through to SpamAssassin. As this
> is a secondary mail system, any e-mail with a SpamAssassin score of 5.0
> or more is not delivered but is put in a directory and retained for 10
> days before being deleted.
>
>
> SPAM has got so bad that it is about 99% of the traffic and we are
> considering abandoning our local mail domain and creating a new one.
>
> However, before we do that it has been suggested that I modify our Exim
> config file so that all e-mails are accepted from the company's two edge
> servers without doing any checking during the receiving process and then
> to blackhole any e-mails that are not from a domain which is held in a
> locally maintained text file.
>
>
> What I am proposing probably goes against the spirit of the SMTP
> protocol but I have to try something drastic.
>
>
> My questions are:
>
> 1) How best to do the blackholing? Use the ACL verbs discard/deny or
> is there a better way?
>
> 2) In which ACL is it best to do the blackholing as I want to accept
> the message from the company's two edge servers and then blackhole them
> without generating SMTP traffic.
>
>


If you do drop/deny then if it's a false positive the sender will at
least know it bounced otherwise discard will work if you want it to just
vanish. If it's coming from a fixed IP I'd do the discard in the connect
ACL.