Re: [exim] Sender callout verification on BATV signed addres…

Top Page
Delete this message
Reply to this message
Author: David Saez Padros
Date:  
To: Todd Lyons
CC: Exim Users List
Subject: Re: [exim] Sender callout verification on BATV signed addresses
Hi

> On Thu, May 14, 2009 at 5:15 AM, David Saez Padros <david@???> wrote:
>> we do really very few callouts, zoombies get detected before
>> reaching the callout check so we almost do not do callouts for
>> mail comming from non real servers, and for real servers without
>
> Care to elaborate on how you do the zombie detection? I assume, like
> everything nowadays, it's not one simple rule, but a combination of
> several things all at once?


This works quite well:

acl_smtp_notquit:

   # avoid blacklist whitelisted hosts
   accept condition      = ${if eq {$acl_c2}{4}}


   warn   condition      = ${if eq {$smtp_notquit_reason}{connection-lost}}
          condition      = ${if >= {$rcpt_fail_count}{1}}
          logwrite       = :panic: OLS_BLACKLIST $sender_host_address


   warn   condition      = ${if eq {$smtp_notquit_reason}{connection-lost}}
          condition      = ${if >= {$rcpt_defer_count}{1}}
          logwrite       = :panic: OLS_BLACKLIST $sender_host_address


   warn   condition      = ${if eq 
{$smtp_notquit_reason}{synchronization-error}}
          logwrite       = :panic: OLS_BLACKLIST $sender_host_address


you need to read paniclog, extract lines with OLS_BLACKLIST and
blacklist the found ip addresses

helo.acl at http://www.ols.es/exim/acl/ works quite well
at detecting zoombies and dialup.acl works well at detecting
dialup zones, you could either block them all or block spf
neutral/softfail from dialup hosts and/or gmail domain ,also
checking common patterns (random/uppercase sender/recipient,
etc ...)

--
Best regards ...

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       telf    +34 902 50 29 75
----------------------------------------------------------------