Hub Dohmen wrote:
>
> Spammers are abusing our system by sending fake bounces to our server,
> that Exim'returns' to the'sender'.
> How can ik ignore, of better, delete before accepting.
I do two simple things:
First - DON'T ACCEPT a 'bounce' from a source that lacks proper
credentials any more than you would accept any OTHER message from a 'bot:
===
deny
condition = ${if eq{$interface_port}{25}}
!verify = reverse_host_lookup
===
Second:
Don't GENERATE bounces to off-box 'strangers'. At all.
Allow ONLY 'DSN' to your own 'local' user pool, virtual or shell.
-- onpass information IN SESSION (Exim's great strength) and it can ONLY
reach the entity connected. Legit or 'bot - it for-sure never goes to a
bystander. Such an in-session response will NOT go to the spoofed source
- it will be seen only by the entity actually 'on the teat'.
If that is a 'real' correspondent, they'll appreciate the immediacy and
the saving of a subsequent connection and session. If it is a 'bot? SFW?
-- Send any others to YOURSELF. See 'errors_to', and add it with the
mailadmin address (or a log file) to appropriate router/transport sets.
'ALL of 'em for starters...
That annoyance insures you have an incentive to actually FIX whatever
faux pas let them arise.
;-)
Bill
--
韓家標
