On 30/06/2011 12:39, Mark Goodge wrote:
> This is possibly a bit of a numpty question, but if so please bear with
> me as I'm not an exim expert! Here's the background to the question:
>
> I work for an online retailer. We want to tighten up our anti-spam
> defences as it's wasting too much of the customer service team's time
> simply having to close the tickets it generates. However, we absolutely
> cannot afford even a single false-positive against the address of an
> actual customer.
>
> So, what we're planning to do is use a MySQL backend for whitelisting.
> When a customer places an order, the email address they supplied on the
> order is added to the database by the order processing system and the
> database is then in turn queried by exim in order to determine whether
> or not the address is whitelisted. If an address is whitelisted it is
> allowed straight through, no questions asked, if not then it goes
> through the usual RBL/greylisting/spamassassin/etc checks. (We are aware
> that this doesn't protect us against customers who have their webmail
> accounts hijacked or who are infected with viruses. This is a limitation
> we're willing to live with, as even stupid customers are still customers
> and we need to allow them to contact us).
>
> My question is, firstly, does this sound like a reasonable way of going
> about it? If not, is there a better way of doing it? And, if it is, how
> should I go about configuring exim to look up the whitelist table?
Sounds like a very good idea to me. You can find information on how to
perform database lookups in the documentation at:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch09.html#SECTsql
--
Mike Cardwell
https://grepular.com/ https://twitter.com/mickeyc
Professional
http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F