Re: [exim] Greylisting again.

Top Page
Delete this message
Reply to this message
Author: wallace
Date:  
To: exim users
CC: Grant Peel
Subject: Re: [exim] Greylisting again.
Hi Grant,

I intended to reply to list.
Sure, I don't mind discuss off list.
But if it can benefit everyone on this list,
we should keep the discussion on this list.


Grant Peel wrote:
> Hi Wallace,
>
> Some interseting acl statements here.
>
> Can you discuss off list with me?
>
> -Grant
>
> ----- Original Message ----- From: "wallace" <wallace@???>
> To: "Grant Peel" <gpeel@???>
> Sent: Monday, April 28, 2008 12:20 PM
> Subject: Re: [exim] Greylisting again.
>
>
>> Hi Grant,
>>
>> I prefer to greylist only suspicious sender's IP,
>> as most spam sources come from dynamic IP addresses.
>>
>> Suspicious sender IPs are:
>> 1. Without reverse hostname
>> 2. Reverse hostname does not point back to same IP
>> 3. Reverse hostname is dynamic, e.g. 1-1-168-192.dialuppool.domain
>>
>> The other cheap spam prevention method I use is checking for valid
>> SMTP HELO.
>>
>> These 2 methods fiters out more then 90% of spam before SMTP DATA.
>> The rest can be handled by more expensive process, i.e. ClamAV and
>> SpamAssassin.
>>
>> I use exim-greylist, see url:
>> http://johannes.sipsolutions.net/Projects/exim-greylist/
>>
>> And for dynamic ip (reverse hostname) checks, I use regex from:
>> http://www.linuxmagic.com/opensource/anti_spam/dynamic_regex/
>> /etc/exim/exim_dynamic_regex file contains regex matches for dynamic
>> IP's reverse hostname
>> # Example: (1-1-168-192.dialuppool.domain.)
>>
>> Feedback or comments most welcome.
>>
>> Regards,
>> Wallace
>>
>>
>> ######################################################################
>> # HELO checks                                                        #
>> ######################################################################

>>
>> # HELO is empty or not sent
>>   deny message = You have sent no HELO! Please see RFC 2821 section 
>> 4.1.1.1
>> log_message = Bad HELO: Empty HELO
>> condition = ${if eq{$sender_helo_name}{}}
>> delay       = 30s

>>
>> # HELO is not a fully qualified domain name
>>   deny message     = Your mail server announcement ($sender_helo_name) \
>>               is a single word rather than a FQDN. \
>>                       This is in breach of RFC2821
>> log_message = Bad HELO: Not FQDN
>> condition   = ${if match {$sender_helo_name}{\\.}{no}{yes}}
>> delay       = 30s

>>
>> # IP Only is sent as the HELO
>>   deny message     = Your server announces itself ($sender_helo_name) \
>>                       with a plain IP address which is in breach of 
>> RFC2821.
>> log_message = Bad HELO: IP Only Announce
>> condition   = ${if isip{$sender_helo_name}{yes}{no}}
>> delay       = 30s

>>
>> # Someone is trying to spoof a local domain on the server
>>   deny message     = Forged HELO: you are not $sender_helo_name
>> log_message = Forged HELO: $sender_helo_name Spoof Attempt
>> condition   = ${if 
>> match_domain{$sender_helo_name}{+local_domains}{yes}{no}}
>> delay       = 30s

>>
>> ######################################################################
>> # GREYLIST checks                                                    #
>> ######################################################################

>>
>> # Reverse Host Lookup Failed
>> defer !senders    = : postmaster@*
>> # !verify     = reverse_host_lookup
>> domains     = +local_domains : +relay_to_domains
>> condition   = ${if eq{$host_lookup_failed}{1}}
>> acl         = greylist_acl
>> message     = greylisted - try again later
>> log_message = greylisted_1 - host_lookup_failed [$host_lookup_failed]

>>
>> # Reverse Host Lookup Deferred
>> defer !senders    = : postmaster@*
>> # !verify     = reverse_host_lookup
>> domains     = +local_domains : +relay_to_domains
>> condition   = ${if eq{$host_lookup_deferred}{1}}
>> acl         = greylist_acl
>> message     = greylisted - try again later
>> log_message = greylisted_2 - host_lookup_deferred [$host_lookup_deferred]

>>
>> # Reverse DNS Rejected - dynamic ip
>> defer !senders    = : postmaster@*
>> domains     = +local_domains : +relay_to_domains
>> condition   = ${lookup{$sender_host_name} nwildlsearch 
>> {/etc/exim/exim_dynamic_regex} {yes}{no}}
>> acl         = greylist_acl
>> message     = greylisted - try again later
>> log_message = greylisted_3 - dynamic ip

>>
>>
>