> Chas
>
> On Sun, 2008-02-24 at 10:27 -0500, chas@??? wrote:
>> I'm curious about this same subject and the way that Exim deals with it.
>> Is Exim accepting and then delivering back a message to whom it believes
>> to be the original sender or denying the message before receiving it.
>
> I think the OP wants Exim to not send any errors which originate
> remotely to his users, although that's not entirely clear.
>
>> There are people out there that spoof the 'sender' address in order to
>> have their spam forwarded to unsuspecting recipients.
>
> Yep, well known.
>
>> Any info on the way Exim handles these items and, as the original poster
>> asked, is there a way to disable this.
>
> How is your copy configured? None of us have a crystal ball, so we can't
> tell you how it's working.
>
> A good config which would minimise "collateral" spam would do the
> following:
>
> 1. Apply as many checks during the SMTP transaction as possible;
> depending on policy, these would then combine to create an SMTP time
> rejection (*not* a bounce). In this case, you'd verify the local
> recipient is valid, verify the sending domain is valid (exists, has MX
> records, the MX records aren't in RFC1918 space and so on) at minimum.
>
> 2. Perhaps use BATV (look it up) to make sure that any incoming bounce
> messages really are the result of messages originated by your systems.
>
> It's possible to make Exim do almost anything [1] so we'd need to see
> your config to tell you how yours handles errors.
>
> [1] Well, it won't make the tea, or come diving with me, or get my kids
> to sleep... but you probably get the idea :)
>
> Graeme
>
Hi Graeme
I've pasted my ACL list below. I'm basically using an 'out of the box'
version on Exim and sa-exim for RHEL;
exim-4.43-1.RHEL4.5
exim-sa-4.43-1.RHEL4.5
The only changes I've made are to add a line for the 'local_scan_path' for
sa-exim and a change to the transports to support Maildir. No changes at
all to the ACL list. I'm concerned about what's called 'backscatter'.
thanks for your suggestions.
begin acl
acl_check_rcpt:
accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept domains = +local_domains
endpass
verify = recipient
accept domains = +relay_to_domains
endpass
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted
acl_check_mime:
warn decode = default
deny message = Blacklisted file extension detected
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
{1}{0}}
deny message = Sorry, noone speaks chinese here
condition = ${if eq{$mime_charset}{gb2312}{1}{0}}
accept
acl_check_content:
deny message = This message contains malware ($malware_name)
malware = *
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
warn message = X-Spam-Flag: YES
spam = nobody
deny message = This message scored $spam_score points. Congratulations!
spam = nobody:true
condition = ${if >{$spam_score_int}{100}{1}{0}}
accept
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
