Torsten Luettgert wrote:
> we've been using sender verification callouts for a while now,
> and it still kills a lot of spam.
>
> But alas, in these modern times, there are honeypot addresses
> which sometimes appear as sender addresses in spam and cause our
> box to be blacklisted because it tries to verify the address.
> This is mainly uceprotect. I won't comment on them here.
>
> Ok, now here's the question after all this build-up: can I skip
> sender verification for certain IP addresses? I can of course
> filter by the IP of the sending host, but that's not what I want -
> I want to skip the verify if the target is one of those honeypot
> addresses.
I'm stunned that you haven't been flamed to death by the anti sender
callout verification people.
You can get a list of the IP addresses of the MX servers for a domain by
using the dnsdb lookup type:
${lookup dnsdb{>:a=<:${lookup dnsdb{>:mxh=$domain}}}}
Eg, for google.com:
root@haven:~# exim4 -be '${lookup dnsdb{>:a=<:${lookup
dnsdb{>:mxh=google.com}}}}'
209.85.237.25:64.233.165.25:209.85.137.25:72.14.221.25
root@haven:~#
You could then use match_ip as described on
http://www.exim.org/exim-html-current/doc/html/spec_html/ch11.html
For example, a successful and unsuccessful lookup of for an ip against
the domain google.com:
root@haven:~# exim4 -be '${if match_ip{209.85.237.25}{${lookup
dnsdb{>:a=<:${lookup dnsdb{>:mxh=google.com}}}}}{true}{false}}'
true
root@haven:~# exim4 -be '${if match_ip{192.168.0.1}{${lookup
dnsdb{>:a=<:${lookup dnsdb{>:mxh=google.com}}}}}{true}{false}}'
false
root@haven:~#
So if you wanted to make sure that a callout never happens against
192.168.0.1, you would stick this condition before the callout in the acls:
condition = ${if match_ip{192.168.0.1}{${lookup dnsdb{>:a=<:${lookup
dnsdb{>:mxh=$domain}}}}}}
Of course, you're going to continue to trip up these honeypots as you
wont be able to get a list of them all.
Actually... You know what would be better? ...
iptables -A OUTPUT -p tcp -d 192.168.0.1 --dport 25 -j REJECT
--
Mike Cardwell
(
https://secure.grepular.com/) (
http://perlcv.com/)