Re: [exim] listed at Backscatterer.org

トップ ページ
このメッセージは次のスレッドの一部です:
M-+\日付によるスレッドの仕分け
M.MMRon White 、 <-
M\MMatt 、 ->
このメッセージを削除
このメッセージに返信
著者: Lena
日付:  
To: exim-users
題目: Re: [exim] listed at Backscatterer.org
> From: Kebba Foon

> recently i found out that some of
> the ip's i allow relay for are infect and send a lot of mails with fake
> sender addresses

The bounces/backscatter is because a lot of these mails is to
nonexistent recipient addresses (spammers' lists contain a lot of
nonexistent addresses). So, infected IPs can be automatically blocked: 

LIM = 100
PERIOD = 1h
WARNTO = abuse@???
EXIMBINARY = /usr/local/sbin/exim
SHELL = /bin/sh
...
acl_check_rcpt:
...
  accept hosts = +relay_from_hosts
        set acl_m_user = $sender_host_address
# or userid from RADIUS if IPs are assigned dynamically
        condition = ${if exists{$spool_directory/blocked_users}}
        condition = ${if eq{${lookup{$acl_m_user}lsearch\
                    {$spool_directory/blocked_users}{1}{0}}}{1}}
        control = freeze/no_tell
        add_header = X-User: $acl_m_user


  accept hosts = +relay_from_hosts
        !verify = recipient/defer_ok/callout=10s,defer_ok,use_sender
        ratelimit = LIM / PERIOD / per_rcpt / user-$acl_m_user
        continue = ${run{SHELL -c "echo $acl_m_user \
           >>$spool_directory/blocked_users; \
           \N{\N echo Subject: user $acl_m_user blocked; echo; echo because \
           has sent mail to LIM invalid recipients during PERIOD.; \
           \N}\N | EXIMBINARY WARNTO"}}
        control = freeze/no_tell
        add_header = X-User: $acl_m_user


  accept  hosts = +relay_from_hosts
          control = submission/domain=


After you get the notification, you look up the frozen messages
in the queue (using exipick). If that's spam, you make the user
to disinfect the machine, exact the fine (according to contract),
after that you delete the line with the userid from the blocked_users file
and delete frozen spam using exipick.

If you relay from authenticated users then the approach is similar: 

  accept authenticated = *
        set acl_m_user = $authenticated_id
# in case of mailboxes in /var/mail: ${sg{$authenticated_id}{\N\W.*$\N}{}}
        condition = ${if exists{$spool_directory/blocked_users}}
        condition = ${if eq{${lookup{$acl_m_user}lsearch\
                    {$spool_directory/blocked_users}{1}{0}}}{1}}
        control = freeze/no_tell
        add_header = X-Authenticated-As: $acl_m_user


  accept authenticated = *
        !verify = recipient/defer_ok/callout=10s,defer_ok,use_sender
        ratelimit = LIM / PERIOD / per_rcpt / user-$acl_m_user
        continue = ${run{SHELL -c "echo $acl_m_user \
           >>$spool_directory/blocked_users; \
           \N{\N echo Subject: user $acl_m_user blocked; echo; echo because \
           has sent mail to LIM invalid recipients during PERIOD.; \
           \N}\N | EXIMBINARY WARNTO"}}
        control = freeze/no_tell
        add_header = X-Authenticated-As: $acl_m_user


  accept authenticated = *
        control = submission/domain=


このメッセージは次のメーリングリストに投稿されました:
Exim-users
メーリングリスト情報 | となりのメッセージ		<-Re: [exim] listed at Backscatterer.orgRe: [exim] listed at Backscatterer.org->
Tahini and Hummus and Cumin Development Archives サイト管理人: cumin AdminsLurker (バージョン 2.3)