acl_check_rcpt: deny local_parts = [EMAIL PROTECTED]/|] : ^\\.message = Unknown user
accept local_parts = postmasterdomains = +local_domains
accept local_parts = abusedomains = +local_domains warn condition = ${lookup {${lc:$sender_helo_name}}lsearch{/usr/exim/MyIP}{yes}{no}} condition = ${lookup {${lc:$sender_host_address}}lsearch{/usr/exim/MyIP}{no}{yes}} message = X-Helo: Forgery - Helo Name |$sender_host_address| |$sender_helo_name| |$sender_ident| warn condition = ${lookup {${lc:$sender_address_domain}}lsearch{/usr/exim/MyIP}{yes}{no}} condition = ${lookup {${lc:$sender_host_address}}lsearch{/usr/exim/MyIP}{no}{yes}} message = X-Helo: Forgery - Domain Address |$sender_host_address| |$sender_helo_name| |$sender_ident| warn condition = ${if eq {${lc:$sender_helo_name}}{${lc:$domain}}{no}{yes}} message = X-Sender-Domain-Verify: Failed warn condition = ${if eq {${lc:$sender_helo_name}}{${lc:$sender_address_domain}}{no}{yes}} message = X-Sender-Domain-Verify: Failed warn condition = ${if match {${lc:$sender_ident}}{\Nsquid|cacheflow\N}{yes}{no}} message = X-OpenRelay: $sender_ident
warn !verify = sender/calloutmessage = X-Sender-Verify: Failed
warn !verify = reverse_host_lookupmessage = X-Reverse-DNS: Failed
warn message = X-MXRate: Recomendation: $dnslist_textdnslists = pub.mxrate.net warn message = X-OpenRelayDB: Listed in $dnslist_domain/$dnslist_text dnslists = relays.ordb.org/reject warn message = X-BlackList: Listed in $dnslist_domain/$dnslist_text dnslists = opm.blitzed.org: cbl.abuseat.org: list.dsbl.org: multihop.dsbl.org: sbl-xbl.spamhaus.org: virbl.dnsbl.bit.nl: bulk.rhs.mailpolice.com: porn.rhs.mailpolice.com: block.rhs.mailpolice.com: dynamic.rhs.mailpolice.com: dsn.rfc-ignorant.org: postmaster.rfc-ignorant.org: abuse.rfc-ignorant.org: bogusmx.rfc-ignorant.org: bl.spamcop.net: dnsbl.njabl.org: dnsbl.sorbs.net: multi.surbl.org: multi.uribl.com: combined-hib.dnsiplists.completewhois.com
accept domains = +relay_to_domainsrecipients = *
accept hosts = +relay_from_hosts
endpass
deny message = Unknown user
deny message = Unknown user
and as the LAST router (oblivion is my spamtrap user account):
spamtrap: driver = redirect caseful_local_part = TRUE headers_add ="X-Status: Unknown user, possible dictionary attack" file = /home/oblivion/.forward user = oblivion no_verify no_expn check_ancestor allow_filter file_transport = address_file pipe_transport = address_pipereply_transport = address_reply
Thats it... no additional transports. Its simple and effective. I use the additional headers for filtering. Hope that helps.
Sherwood Botsford writes:
As you may remember in the last episode, I was looking for a way to create a spamtrap by salting false addresses for web harvesters,then rejecting out of hand any message that contained the false recipient. This is what I did: In acl_check_rcpt: (acl_smtp_rcpt)accept domains = +local_domains recipients = /opt/exim/spamtrapset acl_m0 = "SpamTrap" ... rest of contentin acl_check_content: (acl_smtp_data)acl_check_content:deny message = "Addressed to non-existent recipient" condition = ${if match \ {$acl_m0} \ {"SpamTrap"} \{1}{0}} ... rest of content.This works.However I would like to do something less severe than denying it. Say, perhaps save a copy of it to a file, so that I can check through it and see if itis doing what I think it is. I haven't been able to configure a router to deal with a message. Routers, by their nature seem to deal with addresses.So, for example, this router does not do what I want: spamtrap_router: driver = accept domains = +local_domains condition = { match {$acl_m0}{"SpamTrap"}} transport = spamtrap_transport
pgp8Zb6G3ftUF.pgp
Description: PGP signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
