Re: [exim] trouble with a condition on a deny

Top Page
Delete this message
Reply to this message
Author: Chad Leigh Shire.Net LLC
Date:  
To: exim-users
CC: Chad Leigh
Subject: Re: [exim] trouble with a condition on a deny

On Mar 20, 2012, at 6:38 AM, Lena@??? wrote:

>> From: "Chad Leigh Shire.Net LLC" <chad+exim@???>
>
>> I am having an issue coming up with the correct syntax on a deny.
>> I want to deny where the FROM: address is in the recipients list
>
> Bad idea.


NO, it is not a bad idea. If their domain is hosted by our company, our policy is that they need to use our SMTP servers.

>
>> However, I want to exclude mailing list postings
>
> That is not as easy as it sounds. Different mailing list software
> leaves different marks in the header, some leave none apparent.


Sure, but we are identifying the Precedence: list header as many mailing list softwares use that including mailman and communigate pro, which are the ones that are customers have subscriptions with.

>
> Besides, mailing lists are only one of cases where
> recipient address in From is legitimate.


In our policy, they are the only ones we recognize. And have been doing this for years and the mailing lists are the only problem, and in most cases, not even then since most mailing lists are set up to not send the poster a copy of his own mail (and most people don't even realize it).

If there are other legitimate uses, we can set up specific exceptions for them.

>
>> The reason is that
>> we still see lots of spam being sent where they put in the
>> recipients email address as the FROM: address to try and "sneak" it
>> past filters
>
> Does recipient address in From help to sneak it past filters?


No, of course not. It does not matter if it actually works. What matters is that the spammers THINK it works and we get a buttload every day that are set up this way (from or sender with the recipient or at least the recipients domain in sender / from)


> How?
> I bet that it in fact doesn't help.


see above.

> It's just noticeable and irritating, so you want to do something.


To keep spam from getting in, you use a multi layer approach. Some spam would get caught by every layer. Some by just one layer. It is one tool in the toolbox.

> Recipient address in From is not a suitable criterion for spam filtering.
> I don't get much spam with my address in From. I use other criteria.
> I use selective greylisting (legitimate mail seldom is delayed)


I also have selective greylisting active.

> ,
> few external and local black and white lists


I also have both of those.

Even with all that, there is some mail that sneaks through set up as above (maybe the greylisting does not catch it, or the spammer resends it anyway and the greylisting accepts its). Plus it is more efficient to reject earlier in the cycle. That is why I use multiple layers including having this policy. (When the policy first went into effect many years ago, it was much more prevalent to see spam trying to sneak in this way [same domain as recipient or recipient himself in from or sender] -- now it is much less prevalent but still a low single digit % of the spam comes in that way)

This question was not whether the policy is a good one -- that has been debated already with customer and staff over several years and decided. The question is how to set up the condition(s) to work properly.

Thanks
Chad


> and various checks I wrote. Everything in Exim config. See
> http://wiki.exim.org/DbLessGreyListingRun
> and http://lena.kiev.ua/Lena-eximconf-run.txt
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/