Colin Keith wrote:
> Like lots of people I've having a hard time with spammers misusing my
> customer's sites and services so I decided to look into using the
> acl_not_smtp and acl_not_smtp_start ACL's.
>
> I've cracked part of my problem that of tracing the sites by using
> acl_not_smtp_start to add a received header to log the site info via
> ${perl}. Alas while we use suexec I can't say the same for PHP and matching
> spam to a source site is a pain. I embedded Perl and wrote a nice little
> sub for assembling a header (I can post it if anyone wants it)
At my previous job, I wanted to ratelimit outgoing mail from our web
servers on a per user basis. It needed to handle email being sent via a
tcp connection to localhost, or from using the exim binary directly. it
also needed to work regardless of how the message was being sent,
"perl/php" etc.
The way I did this was to enable the identd service (firewalled out so
it only worked from localhost), then configure exim to query it using
the "rfc1413_hosts" option, and then I accessed the username from the
acl's using the acl variables $caller_uid and $sender_ident. I can't
remember the exact configuration as it was a couple of years ago I did
this, but that's the gist of it.
> Now I'm wanting to run the mails being sent through SpamAssassin. I had
> been getting the following error logged:
>
> 2009-01-16 00:26:41 1LNhE9-0002bS-Jx Error while reading message with no
> usable sender address (R=1LNhE9-0002bR-HC): rejected by non-SMTP ACL: local
> configuration problem
>
> I've finally realized that this is generated because my ACL is very simple:
>
> acl_not_smtp = acl_spam_scan_non_smtp
>
> begin acl
>
> acl_spam_scan_non_smtp:
> deny
> log_message = BLOCKING SPAM
>
> accept
>
> Obviously I'm testing things here so its the simplest case, but whatever
> the config if the result of the acl_not_smtp is that the message is
> denied then it generates a bounce. As that too is sent locally it hits
> this same ACL and so that fails producing the error message above.
>
> Of course I can get around the bad error message by allowing the bounces
> via a conditional
>
> accept
> condition = ${if match {$h_from:} {Mailer-Daemon@} }
>
> But what I'd prefer to do is to not generate the bounce.
>
> Is there any way from within acl_non_smtp to have exim not handle the
> mail any further just as deny in an SMTP acl closes the connection?
Using "drop" instead of "deny" would probably do that. You might even
just want to "warn" and use "control = freeze" instead, which would mean
the message isn't rejected but is frozen in the queue, so you can
inspect why one of your users is sending spam ...
Mike
