Re: [exim] Exim 4.72: preventing backscatter

Pàgina inicial
Delete this message
Reply to this message
Autor: Klaus Ethgen
Data:  
A: exim-users
Assumpte: Re: [exim] Exim 4.72: preventing backscatter
Hi,

Am Do den 28. Aug 2014 um 16:10 schrieb Always Learning:
> My personal advice is: STOP being a willing victim to SPAM.
>
> There is no need for anyone to be a willing recipient of the junk mail
> being targeted at your MTAs.


Well, your points are really strict and maybe too strict for many
people.

However, the problem is that not all are really realizable.

> 1. Reject everything which does NOT have a Host Name.
>
> 2. Reject everything which does NOT have a Reverse DNS (meaning the Host
> IP has a Host Name and that Host Name resolves to the original Host IP
> address)


That would work in an optimal world. However, the world is not optimal
and there are many servers out there that are miss configured relating
to reverse DNS or DNS at all. Even senders that tell them self
"professional". I even encountered some universities that are not able
to configure a working DNS host name for their outgoing mail server
(mostly using microsoft exchange).

> 3. Reject everything that appears to come from a
> non-professional/non-official host name, for example here are a few of
> today's rejects (rejected by our servers in ACL Connection)


You speak about using DUL lists. Well, they are very controversial. Just
some completely valid senders:
- - People, mostly IT professionals, that want to run there own mail
server at home but are not able to get a proper reverse DNS entry,
(i.e. as it is a dynamic address or as the service provider don't do
that entries) This is especially valid in current days when you don't
want your mails going through servers that you don't trust.
- - Some valid senders might be a hostname that has a broken reverse DNS
like the one below.

> 4. Further checks can be done with the HELO/EHLO and then with the RCPT.


Sure, but they will most likely match also to valid mail sender. I, for
example, drop all that says *.domain.

> If serious people want to send you and your colleagues real mail, then
> those senders should properly configure their outgoing MTAs.


They might not always able to do so. For examle if their legit sender is
a university that don't care about proper setup.

Regards
   Klaus
- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C