Re: [exim] Discard spam

Top Page
Delete this message
Reply to this message
Author: Александр Кириллов
Date:  
CC: exim-users
Subject: Re: [exim] Discard spam
What does "refuse" mean in terms of exim configuration?
I have the above rule in acl_check_data section of exim.conf and obviously
it doesn't "refuse" the message during the connection stage. A bounce
message is generated instead. A typical example from the logs:

2017-11-09 23:15:02 1eCtE6-0002Q1-6H H=(xxxxx.xxxxxxxxx.xxxx) [127.0.0.1]
F=<aiesbmvf@???> rejected after DATA: Your message scored 18.0
SpamAssassin point. Report follows:
2017-11-09 23:15:04 1eCtE6-0002Qj-UC <= <> H=(xxxxx.xxxxxxxxx.xxxx)
[127.0.0.1] P=smtp S=6592
2017-11-09 23:15:05 1eCtE6-0002Qj-UC ** aiesbmvf@???
R=dnslookup T=remote_smtp H=a1.spambusters.email [185.31.158.19]
X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote
mail server after RCPT TO:<aiesbmvf@???>: 550 no mailbox by
that name is currently available
2017-11-09 23:15:05 1eCtE6-0002Qj-UC Frozen (delivery error message)

I do not have multiple smtp servers. Just one.


2017-11-10 18:20 GMT+03:00 Felix Schwarz via Exim-users <exim-users@???
>:


> Am 10.11.2017 um 15:59 schrieb Александр Кириллов via Exim-users:
> > I'm trying to reduce backscatter which is a side effect of incoming spam.
> > If you know of any other politically correct ways of solving this please
> > share your experience. TIA.
>
> Very likely discarding messages is not what you should do in this
> situation.
>
> Rejecting spam during the SMTP dialog is good because the sender gets
> immediate feedback.
> For example this can be helpful for bigger providers who may monitor their
> outgoing connections and lock accounts if too many messages are rejected.
> Also
> legitimate senders don't have to worry about opaque "inboxing" rates.
>
> More to the point "backscatter" is a rejection AFTER the SMTP dialog. This
> mostly happens if you have multiple servers in a cascade and one machine
> starts rejecting spam. This should be avoided because the previous MTA
> creates
> a bounce message to the "sender" address which might be faked.
>
> If you try to prevent backscatter configure your servers so that only the
> first one does any rejections. If you just reject spam messages when
> getting
> them the first time there is no "backscatter" problem.
>
> If you can not control/reconfigure the first machine you must deal with
> "spam
> folders".
>
> Personally I'd *strongly* advise against discarding messages (and if you
> really need it you don't need to read my post).
> Felix
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>