Hi Grant,
I intended to reply to list.
Sure, I don't mind discuss off list.
But if it can benefit everyone on this list,
we should keep the discussion on this list.
Grant Peel wrote:
> Hi Wallace,
>
> Some interseting acl statements here.
>
> Can you discuss off list with me?
>
> -Grant
>
> ----- Original Message ----- From: "wallace" <wallace@???>
> To: "Grant Peel" <gpeel@???>
> Sent: Monday, April 28, 2008 12:20 PM
> Subject: Re: [exim] Greylisting again.
>
>
>> Hi Grant,
>>
>> I prefer to greylist only suspicious sender's IP,
>> as most spam sources come from dynamic IP addresses.
>>
>> Suspicious sender IPs are:
>> 1. Without reverse hostname
>> 2. Reverse hostname does not point back to same IP
>> 3. Reverse hostname is dynamic, e.g. 1-1-168-192.dialuppool.domain
>>
>> The other cheap spam prevention method I use is checking for valid
>> SMTP HELO.
>>
>> These 2 methods fiters out more then 90% of spam before SMTP DATA.
>> The rest can be handled by more expensive process, i.e. ClamAV and
>> SpamAssassin.
>>
>> I use exim-greylist, see url:
>> http://johannes.sipsolutions.net/Projects/exim-greylist/
>>
>> And for dynamic ip (reverse hostname) checks, I use regex from:
>> http://www.linuxmagic.com/opensource/anti_spam/dynamic_regex/
>> /etc/exim/exim_dynamic_regex file contains regex matches for dynamic
>> IP's reverse hostname
>> # Example: (1-1-168-192.dialuppool.domain.)
>>
>> Feedback or comments most welcome.
>>
>> Regards,
>> Wallace
>>
>>
>> ######################################################################
>> # HELO checks #
>> ######################################################################
>>
>> # HELO is empty or not sent
>> deny message = You have sent no HELO! Please see RFC 2821 section
>> 4.1.1.1
>> log_message = Bad HELO: Empty HELO
>> condition = ${if eq{$sender_helo_name}{}}
>> delay = 30s
>>
>> # HELO is not a fully qualified domain name
>> deny message = Your mail server announcement ($sender_helo_name) \
>> is a single word rather than a FQDN. \
>> This is in breach of RFC2821
>> log_message = Bad HELO: Not FQDN
>> condition = ${if match {$sender_helo_name}{\\.}{no}{yes}}
>> delay = 30s
>>
>> # IP Only is sent as the HELO
>> deny message = Your server announces itself ($sender_helo_name) \
>> with a plain IP address which is in breach of
>> RFC2821.
>> log_message = Bad HELO: IP Only Announce
>> condition = ${if isip{$sender_helo_name}{yes}{no}}
>> delay = 30s
>>
>> # Someone is trying to spoof a local domain on the server
>> deny message = Forged HELO: you are not $sender_helo_name
>> log_message = Forged HELO: $sender_helo_name Spoof Attempt
>> condition = ${if
>> match_domain{$sender_helo_name}{+local_domains}{yes}{no}}
>> delay = 30s
>>
>> ######################################################################
>> # GREYLIST checks #
>> ######################################################################
>>
>> # Reverse Host Lookup Failed
>> defer !senders = : postmaster@*
>> # !verify = reverse_host_lookup
>> domains = +local_domains : +relay_to_domains
>> condition = ${if eq{$host_lookup_failed}{1}}
>> acl = greylist_acl
>> message = greylisted - try again later
>> log_message = greylisted_1 - host_lookup_failed [$host_lookup_failed]
>>
>> # Reverse Host Lookup Deferred
>> defer !senders = : postmaster@*
>> # !verify = reverse_host_lookup
>> domains = +local_domains : +relay_to_domains
>> condition = ${if eq{$host_lookup_deferred}{1}}
>> acl = greylist_acl
>> message = greylisted - try again later
>> log_message = greylisted_2 - host_lookup_deferred [$host_lookup_deferred]
>>
>> # Reverse DNS Rejected - dynamic ip
>> defer !senders = : postmaster@*
>> domains = +local_domains : +relay_to_domains
>> condition = ${lookup{$sender_host_name} nwildlsearch
>> {/etc/exim/exim_dynamic_regex} {yes}{no}}
>> acl = greylist_acl
>> message = greylisted - try again later
>> log_message = greylisted_3 - dynamic ip
>>
>>
>
