Re: [exim] How to not reply to bad mail

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] How to not reply to bad mail
Rick Duval wrote:
> But my server gets thousands of messages to non-existent local_parts
> and some spammers send them all from some poor guys address (I know
> I've been on the victim side of that where someone is spamming and
> using my address in the from header).


Consider rejecting those on rDNS fail and/or dynamic IP RBL hit in
acl_smtp_connect.

OR give 'demerit's for each such sin, add more demerits for a HELO that
is not an FQDN match to the connected IP.

Compare the total cumulative score and kick them off the NIC.

WinZombies ordinarily fail those at close to 100%.

>
> I'm not only concerned that I'll be flooding that server with rejected
> emails but also that my server could end up blacklisted because of the
> potential flood of replies generated.
>
> Rick
>


You'll be replying to WinZombies. Not a problem.

But most of us shed those before we even need to do the recipient lookup.

Bill

> On Thu, Nov 20, 2008 at 5:44 PM, Kjetil Torgrim Homme
> <kjetilho@???> wrote:
>> On Thu, 2008-11-20 at 17:24 -0500, Rick Duval wrote:
>>> I now have a lookup that accepts emails only for addresses that are in
>>> the database.
>>>
>>> accept   condition = ${lookup mysql{SELECT count(*) from addresses \
>>>                       WHERE active AND domain='${quote_mysql:$domain}'  \
>>>                       AND local_part='${quote_mysql:$local_part}'}}

>>>
>>> deny
>>>
>>> It works great but I don't want to contribute to backscatter by
>>> sending denial messages back to the sender everytime an address is
>>> rejected. Right now it sends out and email like:
>>>
>>> SMTP error from remote mail server after RCPT TO:<bob@???>:
>>>     host duvals.ca [74.51.38.171]: 550 5.1.1 <bob@???>:
>>>     Recipient address rejected: User unknown in virtual alias table

>>>
>>> Can I turn that off and just not have it reply at all?
>> well, you can blackhole the message, but your current method is the
>> recommended way of setting it up. if someone mistypes an address, say
>> "bpb@???", you will typically want him to know about it so that he
>> can resend it using the correct address.
>>
>> you won't be contributing to backscatter unless someone forwards e-mail
>> to you -- and typoes in forwarding targets should definitely be
>> reported.
>>
>> it's a bit different if your denial is due to a SpamAssassin score or
>> something like that -- then the forwarding system may have more lax spam
>> filtering than your system, but it's the forwarding's system which will
>> be spreading backscatter. even here, it's not really your fault.
>>
>> --
>> regards,          | Redpill  _
>> Kjetil T. Homme   | Linpro  (_)

>>
>>
>> --
>> This message has been scanned for
>> viruses and dangerous content by
>> Accurate Anti-Spam Technologies
>> and is believed to be clean.
>>
>>
>