Hi,
This is possibly a bit of a numpty question, but if so please bear with
me as I'm not an exim expert! Here's the background to the question:
I work for an online retailer. We want to tighten up our anti-spam
defences as it's wasting too much of the customer service team's time
simply having to close the tickets it generates. However, we absolutely
cannot afford even a single false-positive against the address of an
actual customer.
So, what we're planning to do is use a MySQL backend for whitelisting.
When a customer places an order, the email address they supplied on the
order is added to the database by the order processing system and the
database is then in turn queried by exim in order to determine whether
or not the address is whitelisted. If an address is whitelisted it is
allowed straight through, no questions asked, if not then it goes
through the usual RBL/greylisting/spamassassin/etc checks. (We are aware
that this doesn't protect us against customers who have their webmail
accounts hijacked or who are infected with viruses. This is a limitation
we're willing to live with, as even stupid customers are still customers
and we need to allow them to contact us).
My question is, firstly, does this sound like a reasonable way of going
about it? If not, is there a better way of doing it? And, if it is, how
should I go about configuring exim to look up the whitelist table?
Thanks
Mark
--
Sent from my Babbage Difference Engine
http://mark.goodge.co.uk
http://www.ratemyairport.com
