[EMAIL PROTECTED] wrote: > Some advice from you experts would be appreciated. > > I am the part-time admin of a local mail server within our company which > has in the last few months begun to be overwhelmed by SPAM (the server > is running Exim 4.63 and using sa-exim to run SpamAssassin). > > We maintain this local server to run a secondary system using a mail > domain that predates our company's mail domain because it allows us to > create a new e-mail account quickly, unlike our company e-mail system, > and it lets us use local mail distribution lists. > > All e-mails from the internet for our local mail domain arrive at the > company's two edge mail servers before being forwarded to our local > server (these two edge servers are quite old machines and the software > they run does little checking of e-mail). > > At present our Exim config does a lot of checking (btw this local mail > server is behind our company firewall and we are unable to use verify = > sender and verify = sender/callout as they are blocked) but still a > large percentage of e-mails are passed through to SpamAssassin. As this > is a secondary mail system, any e-mail with a SpamAssassin score of 5.0 > or more is not delivered but is put in a directory and retained for 10 > days before being deleted. > > > SPAM has got so bad that it is about 99% of the traffic and we are > considering abandoning our local mail domain and creating a new one. > > However, before we do that it has been suggested that I modify our Exim > config file so that all e-mails are accepted from the company's two edge > servers without doing any checking during the receiving process and then > to blackhole any e-mails that are not from a domain which is held in a > locally maintained text file. > > > What I am proposing probably goes against the spirit of the SMTP > protocol but I have to try something drastic. > > > My questions are: > > 1) How best to do the blackholing? Use the ACL verbs discard/deny or > is there a better way? > > 2) In which ACL is it best to do the blackholing as I want to accept > the message from the company's two edge servers and then blackhole them > without generating SMTP traffic. > >
If you do drop/deny then if it's a false positive the sender will at least know it bounced otherwise discard will work if you want it to just vanish. If it's coming from a fixed IP I'd do the discard in the connect ACL. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
