Re: [exim] RES: How to Block connection

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: W B Hacker
Ημερομηνία:  
Προς: exim users
Αντικείμενο: Re: [exim] RES: How to Block connection
Ronaldo Luiz de Carvalho wrote:
> I used this filter and I can't find/block the e-mail. There are anything
> wrong on this filter?
>
> if
> $message_headers contains "tarzen180@???"
> then
> fail text "This email is not accepted here."
>     seen finish
> endif

>
>
> -----Mensagem original-----
> De: John Burnham [mailto:John.Burnham@admin.cam.ac.uk]
> Enviada em: terça-feira, 25 de outubro de 2011 13:55
> Para: 'Ronaldo Luiz de Carvalho'; 'exim-users@???'
> Assunto: RE: [exim] How to Block connection
>
>>
>> Thanks for the tip, but the IP changes all times...
>>
>> I did this, including blocking the network. And the IP continues to
>> change.
>>
>> The only thing that are the same are this header:
>> disposition-notification-to: tarzen180@???
>>
> If that's the only identifying feature then you're going to have to wait to
> the data part of the SMTP transaction, detect that header and reject the
> mail.
> John=
>
>

Ronaldo,

Why don't you:

A) move youur user submissions OFF port 25 and ONTO to port 587 WITH TLS
and decent AUTH (if not already doing so).

B) Grant port 587 an exception OR apply to only port 25, Exim's very
competant rDNS check?

Ex: (in acl_smtp_connect, and preceded by a glance at a short
IP-whitelist, not to mention authorized relays etc...)

=====

deny
    condition   = ${if eq{$interface_port}{25}}
    !verify     = reverse_host_lookup


====

Stops most 'bots and similar freeloaders in their tracks. Plus the
diminishing count of hobbyists who cannot or will not publish proper DNS
records or use a credentialed 'smarthost'.

So far have never had to WL more than about 16 of those - mostly
somebody's grandkid playing with Linux or the odd social organization he
is acting as 'computer expert' for...

Cheap, cheerful, and near-as-dammit bullet-proof.

It does not, for example, generate backscatter spam to bystanders...

Bill


--
韓家標