Re: [exim] Abuse Bypassing SA when in To or CC

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMGaurav Pruthi at <-
Ted Cooper at ->
Delete this message
Reply to this message
Author: Mr Shunz
Date:  
To: exim-users
Subject: Re: [exim] Abuse Bypassing SA when in To or CC
On Jan 22, 2008 8:45 AM, Gaurav Pruthi <gkpruthi@???> wrote:
> Hi,

Hi

>
> Spammers bypass the SA check when they put abuse@??? in To or CC
> field. And putting genuine mail IDs in Other headers.
> Here is the ACL i have in exim
>
> check_recipient:
>
>
>   warn     message       = X-SA-Do-Not-Rej: Yes
>            local_parts   = postmaster:abuse

>
>
>  warn     message       = X-SA-Do-Not-Run: Yes
>         local_parts   = abuse:MAILER-DAEMON

>
>
> This ACL prevents SA to run & reject if it has abuse in its header.

actually this ACL simply adds headers, to bypass SA should be smth like 

deny   condition = ......
       spam = nobody/defer_ok
       ! local_parts = postmaster:abuse
       ...

>
> How can i modify this acl to run SA in case it has more recepient other than
> abuse, postmaster or MAILER-DAEMON.

in my example simply take out the ! local_parts line ...

As a side note, on our clients mailservers, for postmaster/abuse we
just skip RBL/blacklists checks but
not SA checks, else we'll get 10x times the spam we have normally...

Cheers 

-- 
Daniele Santi        .o.
MrShunz@???    ..o    |,,,/_
Linux User #415108   ooo
---------------------------------------------------------
()  ascii ribbon campaign - against html mail
/\                        - against microsoft attachments
---------------------------------------------------------


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] mixed deliveryRe: [exim] Abuse Bypassing SA when in To or CC->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)