Re: [exim] Help with dropping spam e-mail.

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Heiko Schlittermann
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [exim] Help with dropping spam e-mail.
Hi Mark,

Heiko Schlittermann via Exim-users <exim-users@???> (Mo 14 Mai 2018 21:23:46 CEST):
> all messages destined to this address. (Ideally this is done
> automatically doing inbound recipient verification.)
>
> A fast (but ugly) solution until you got the right way, could be:
>
>
>     deny    message = This address didn't send mails ever.
>             senders = :
>             local_parts = please
>             domains = help.co.za


As you wrote, it works. Now we've time to discuss further measures.
It depends on you setup. I understand that you're relaying mails for
your customers domains, here you're the relay for mails from and to
help.co.nz.

The most natural way is to your inbound traffic at SMTP time for valid
AND existing recipients. The RCPT acl is the ideal place for doing so.

In an ideal world your ACL can rely on the routers and can just do a

    require   verify = recipient


optionally with callout, in case the routers needs to contact a remote
destination via SMTP:

    require    verify = recipient/callout=defer_ok,use_sender


But, as said, this relies on the router having information if the
recipient exists, or how to do the callout to the next hop. It won't
work for catchall destinations. If you insist on having catchall
destinations, you need other means to check if a given recipient address
exists.

For you special issue, being the victim of an as-sender-abused address,
you can employ BATV, bounce address tag verification. But this implies
that all the customers outbound traffic passes your servers or(!) uses
the same BATV scheme as your server uses.

Which of the above seems to be most realistic to you?

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -