Author: W B Hacker Date: To: exim users Subject: Re: [exim] Ocassional spam forwarding
Lena@??? wrote: >> From: Mikhail Lischuk
>
>> Sometimes spam message gets through the SpamAssassin filters, and
>> gets delivered to user who has forwarding to external mailbox set up.
>>
>> And sometimes, some services at Gmail or some others (I did not try to
>> find out which ones) report my IP
>
>> I wonder if there are some "best
>> practices" about how to deal with that.
>
> Don't allow users to set up forwarding to external mailboxes.
> Instead offer pop3, pop3s, imap and imaps.
> Explain to your users that for example Gmail can pull mail from
> your server: in Gmail web-interface
> Settings - Accounts and Import - Check mail using POP3.
>
There is another option.
From day-zero (or nearly so) of the original smtp spec, and before forwarding
was even all that often *possible* provision was made to reject with a custom
error message.
- which contained the user's NEW contact info, even if it were not an smtp
address. Think X400, phone, fax, TWIX, Telex, Cable, even snail-mail.
That still works today.
Exim needs flags to the effect:
- 'former user, not current'
and
- 'has new contact info to publish'
One then pulls that from a lookup in an acl_smtp_rcpt 'deny' and stuffs it into
a custom message.
Doesn't break/get broken by SPF, DK, DKIM, etc...
NEVER onpasses spam. Or anything else.
Doesn't fill up abandoned storage or get junk stuck on the queue.
AND .. 'no longer our job' has been explained. Not just once, but each go, to
each seeker 'til there are no more ..... and it can be shed altogether.
Not perfect, but works just as well as it did in the steam-CPU age.