Re: [exim] Bounce Spam problem

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Bounce Spam problem
Hub Dohmen wrote:
>
>     Spammers are abusing our system by sending fake bounces to our server,
> that Exim'returns' to the'sender'.


>     How can ik ignore, of better, delete before accepting.


I do two simple things:

First - DON'T ACCEPT a 'bounce' from a source that lacks proper
credentials any more than you would accept any OTHER message from a 'bot:

===

  deny
     condition   = ${if eq{$interface_port}{25}}
     !verify     = reverse_host_lookup
===


Second:

Don't GENERATE bounces to off-box 'strangers'. At all.
Allow ONLY 'DSN' to your own 'local' user pool, virtual or shell.

-- onpass information IN SESSION (Exim's great strength) and it can ONLY
reach the entity connected. Legit or 'bot - it for-sure never goes to a
bystander. Such an in-session response will NOT go to the spoofed source
- it will be seen only by the entity actually 'on the teat'.
If that is a 'real' correspondent, they'll appreciate the immediacy and
the saving of a subsequent connection and session. If it is a 'bot? SFW?

-- Send any others to YOURSELF. See 'errors_to', and add it with the
mailadmin address (or a log file) to appropriate router/transport sets.
'ALL of 'em for starters...

That annoyance insures you have an incentive to actually FIX whatever
faux pas let them arise.

;-)

Bill

--
韓家標