Re: [exim] iForbiddng e-mail coming from bogus address

Top Page
Delete this message
Reply to this message
Author: Bill Hayles
Date:  
To: exim-users
Subject: Re: [exim] iForbiddng e-mail coming from bogus address
Hi, fellow Bill,

On Sat, 09 Apr 2011 06:51:58 +0000 in message number <4DA0020E.7000104@???>, received here on 09/04/2011 11:42:28, W B Hacker <wbh@???> said:

> Bill Hayles wrote:
> > Hi,
> >
> > On Sat, 26 Mar 2011 20:56:05 -0600 in message number<20110327025605.GA15306@???>, received here on 08/04/2011 19:47:03, The Doctor<doctor@???> said:


> >> Question how can exim block and disgard e-mails coming from such addresses ?
> >
> > I use this sort of thing.


>
> Those are probably forged originations and can more easily be
> blockedwith an rDNS test than by listing all possible such that will
> eventually show up.. see below in re rDNS.


OK, not strictly Exim related, but one of my hobbyhorses.
If you do that, you block a lot of legitimate servers (including mine!).
Luckily, I find all major servers only block addresses allocated
dynamically; those allocated to fixed IP accounts are accepted.

Also, this approach does not catch spam mail from infected computers (of
which I get plenty).

Back to topic.
Given the posts from the OP, I suspect he is not an Exim expert, and is
running a modest server. My approach is a quick and dirty method which,
because it is easy to understand and implement, is less likely to be
incorrectly configured.

What works for craybox.com would not be suitable for gmail.com (should they
choose to use Exin).
>
> w/r the approach under discussion, though, there is room for improvement
> IF any or all of the following apply:
>
> - large lists


> - frequent changes


I have a couple of files, banned_hosts.list and banned_domains.list, and
that portion of my exim.conf reads

   deny      message     = Rejected IP
   hosts        = +banned_hosts.list
   deny      message     = Rejected IP
   hosts        = +banned_domains.list


All I need to do is to edit the two files as necessary.
>
> - desire to NOT involve delay or resources for off-box callouts/lookups


Very important for a busy server; less so for a small one.
>
> ... none of which are the best environment for 'domain = ' or 'hotlist =
> ' structures.


But works for a modest setup.
>
>
> THEN


(well argued reasoning snipped, as I don't disagree (except for rDNS))

>
> YMMV,


The point I'm trying to make is that Philip Hazel makes a big thing about Exim's
suitability both for a server with one user and one with 100.000.
What may be impractical for the 100.000 user server may be perfect for the
single user one, and vice versa.

Having followed this list for a couple of years, and having learnt a hell of
a lot from it to the point where I now have the confidence to make the
occasional reply, my one criticism is that sometimes the solutions given to
what appear to be novices with basic queries are over complex.

> [1] If one feels compelled to utilize an RDBMS to massage all these, it
> is still better to export CDB or such from it for Exim's use rather than
> doing direct SQL calls.


For me, it would be total overkill to employ a SQL database in conjunction
with Exim. I may try to set one up in a sandbox environment just to prove to
myself I can do it, but for my everyday server it would be an
overcomplication.

--
This is Spain. We do things differently here!

Bill Hayles
billnot@???