Re: [exim] Rejecting messages with no "To:" or "Cc:" field i…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: W B Hacker
Data:  
Para: exim users
Asunto: Re: [exim] Rejecting messages with no "To:" or "Cc:" field in the headers
John Burnham wrote:
>>
>> On 18/11/2010 09:32, David Saez Padros wrote:
>>> Hi
>>>
>>>> I have a specific application where we need to reject mail
>> that has no
>>>> "To" or "Cc" header
>>>
>>>      deny    condition      = ${if !def:h_To: {1}}
>>>              message        = Missing To: header

>>
>> Thanks. Second newbie question: where do I add those lines?
>> We're using
>> the split config with all the configuration in multiple files under
>> conf.d. My guess is that it goes in one of the ACL files, but
>> which one?
>>
>
> It would have to be in the data ACL (because before then you don't have the headers).
>
> John


True.

...and meaning one has to have already taken the main 'payload' on-board..

Hard to realistically obfuscate a 'support@' 'help@' 'info@' address, so these
WILL be harvested or robot-generated. And frequently.

BUT..

Some other ways to reduce the number getting as far as acl_smtp_data:

In acl_smtp_connect:

verify = reverse_host_lookup    


"Real folks" MTA have DNS creds. Botnet WinZombies do not. QED.

CAVEAT: exempt port 587 where your own community AUTH's to submit. Most will be
on dynamic-IP connectivity.


In acl_smtp_rcpt:

verify = recipient    


No point in taking onboard valid $domain, but invalid $local_part (in
envelope-to, not the 'To:' header, BTW...)

See also:

recipients_count

... a helpdesk function address is *usually* sole addressee. Or should be.
As are 'postmaster@', 'hostmaster@'.
One may craft an acl for just those recipients..

AND/OR .. a BFBI acl IF the REST of your user-community rarely gets *legitimate*
multi-recipient messages. Remember - those 'CC:" for OTHER domains do not count
here at all. And you can do this per-domain if multi-hosting ..

Even with the defer, legit traffic second and subsequent recipient will arrive
again within minutes, if not seconds. IOW - faster than the average greylisting
time-out and less work - usually at BOTH ends:

===

   # RCPT_5: IF multiple recipients THEN defer all after first one.
   #
   defer
     message     = Limit one recipient at a time. Try again soon!
     condition   = $recipients_count


Byproduct is per-user spam prefs & rejection at smtp-time can now work in
acl_smtp_data 'coz there is only *ever* one recipient per pass. No need to
blackhole or do DSN/bounces after the sesson has cloded..

CAVEAT: spam-tolerant RFC sez an MTA should take-on at least 100 recipients per
message... and plumbing code calls for flush toilets to be supplied with potable
water in many countries, but you still wouldn't want to drink out of one..

;-)

HTH,

Bill