Re: [exim] Exim is forwarding spam.

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Michael J. Tubby B.Sc G8TIC
Dátum:  
Címzett: Chris Knadle
CC: exim-users
Tárgy: Re: [exim] Exim is forwarding spam.
On 01/07/2012 01:06, Chris Knadle wrote:
> On Saturday, June 30, 2012 09:12:59 PM Michael J. Tubby B.Sc G8TIC wrote:
>> Chris,
>>
>> While your idea is interesting its not necessarily scalable, I have 800+
>> domains each with 1-1000 addresses...
> Absolutely. This solution is definitely not meant for that kind of scale.
>
> For the kind of scale you're dealing with, one of the things I've done in the
> past is email routing via LDAP lookups and then using several multi-master
> LDAP servers that keep each other in sync, and where the respective local
> email administrators update their local LDAP server for the domains they
> control. This solution makes the general assumption that you can trust the
> other admins though, so it might be a solution relegated to a single
> organization and it's subsidiaries.
>
> It think it's interesting to consider whether this kind of thing could
> possibly be used cooperatively between organizations, though. It's not
> unheard of even in large multi-organizations for there to be a combined email
> solution. [I remember reading about a large Exchange solution used by Ford
> Motor Company combined with others, which really sounded like trouble to me.]
>
>> I use recipient verify, i.e. I call out to the next hop host and verify
>> the recipient. The host is usually present, however if it is not
>> contactable then I default to accepting the mail and queuing it. This
>> means there's a slightly higher chance of them getting spam (backscatter
>> spam) while their host is offline.
> Yes, although your mail server(s) will be serving the backscatter spam when
> that inevitably happens. That's what happened to me when I tried using this
> solution, and that's why I didn't like it. :-/ Unfortunately there were
> several service interruptions on the mail servers for relay domains which
> forced me to come up with some kind of solution.
>
>> I think this compromise is acceptable and avoids me having to know my
>> clients' email addresses.
> Having to know and/or deal with your clients' email addresses isn't a fun
> thing, but backscatter spam is worth trying to avoid if possible.


I can think of a hybrid that might be interesting to investigate, it
works a bit like a grey-list:

You "auto learn" your client's email addresses, thus:

     * you accept or reject mail addresses that you have cached in a 
local database (eg. MySQL)


     * for new email messages not already in the database you perform 
recipient verify
         * if recipient verify succeeds, you add to the database a 
'positive' record and process mail
         * if recipient verify fails (actively rejected) you add to the 
database a 'negative' record and reject the mail
         * if recipient verify fails (host unavailable) then you return 
a defer (421) to the sender


     * you can timestamp each email address with a "last seen" and 
expire ones over X months old



Mike


>    -- Chris

>
> Chris Knadle
> Chris.Knadle@???
>