Re: [exim] Backscatter - NDR Spam

On 2008-03-01 at 07:39 -0500, Grant Peel wrote:
> If I understand the backscatter spam definition correctly:
>
> A spammer sends spam to my server, using a forged from address (witch is the
> actual target of the spammer), using arbitrary To: someone@???
> (where the 'someone' does not exist), creating the bounce. The bounce is
> sent to (the target) because he used the targets email address (forged) in
> the From: field.

Correct.

> So what I am looking to do is:
>
> 1. Turn off bounce messages, and just reject the email up front,

This is what Exim does, provided that you actually have Routers which
have the correct conditions on them, instead of failing when actually
used.

You have Routers which appear to accept mail but then fail when used, so
the RCPT checks accept the address and then the bounce is generated
later.

In "virtual_alias", add:
condition = ${lookup {$local_part} lsearch {/home/$domain/mail/aliases} {yes}{no}}

In "virtual_catchall", add:
condition = ${lookup {catchall}lsearch{/home/$domain/mail/aliases} {yes}{no}}

Note that "condition" is checked after "require_files", so you should be
okay with this.

For cleanliness, your "autoreply_router" is "unseen", so it's a vacation
system of some kind? So "no_verify" on that too.

I think, on a first reading, that this should be what's needed to fix
things for you.

If not, run an Exim on port 24 with debugging, connect to it and send
mail to an address which shouldn't be accepted and see what happens?
(One of my recent posts to exim-users explained how to do this.)

Regards,
-Phil