Re: [exim] Multiline and multi ACL smtp_banner

Góra strony
Wiadomość jest częścią wątku:
Mpełne drzewo wątku posortowane wg daty
MWolfgang Breyha at <-
M 
Delete this message
Reply to this message
Autor: Marcin Mirosław
Data:  
Dla: exim-users
Temat: Re: [exim] Multiline and multi ACL smtp_banner
W dniu 30.04.2014 15:04, Wolfgang Breyha pisze:

Hi!

> Marcin Mirosław wrote, on 30/04/14 14:34:
>> Hi!
>> I'm trying to implement some of the features from postscreen. First of
>> them is sending multitiline smtp banner with delay between lines [1].
>
> Simply add a delay in your connect ACL. 1 Second is usually enough to fool
> broken clients.
>
>> So my too fast "ehlo" makes that after "rcpt to" mail will be rejected.
>> I suspect it will be completely impossible to do it. But maybe such poor
>> PREGREET test would be possible without many effort in exim code?:
>>
>> acl_smtp_connect        = acl_check_connect

>>
>> acl_check_connect:
>>     warn
>>         message = 220-mail.xxx. ESMTP
>>     warn
>>         delay = 5s
>>     warn
>>         message = 220 mail.xxx. ESMTP go on dude

>>
>> And if protocol error appears let Exim rejects email at this moment.
>
> Exim will already do that automatically if you didn't set
> smtp_enforce_sync = false (main option)
> or
> control = no_enforce_sync (ACL control)

I didn't change enforce settings. What you said is true beside I can't
use acl shown above. As far as I can see there is no possible to add
delay when sending smtp banner. "control = no_delay_flush" doesn't help
me in this case.

>> What about adding feature allowing temporary ignoring
>> protocol/sychronization errors (e.g. ignore_protocols_error=1) and
>
> See above. Adding
> control = no_pipelining
> makes live even harder for some clients. Disabling STARTTLS might as well, but
> at (too) high costs.

"some clients" you mean spam hosts?
Meseems disabling STARTTLS doesn't help in early detection of connection
from bot or I didn't catch properly your thought.

> Read
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-main_configuration.html
> for details.
>
>> putting information about such incident into expansion item?
>
> Currently there is no variable to check for previous sync errors.

As you suggest I'm going to add little delay to acl_connect and see results.

Thanks,
Marcin

Wiadomość została wysłana do następujących list mailowych:
Exim-users
Informacja o liście mailowej | Najbliższe wiadomości		<-Re: [exim] Conditional route to ISP's smarthost if the destination uses MessageLabs[exim] Block all emails from a domain EXCEPT to certain users->
Tahini and Hummus and Cumin Development Archives administrowana przez cumin AdminsLurker (wersja 2.3)