Hi Grant, I intended to reply to list. Sure, I don't mind discuss off list. But if it can benefit everyone on this list, we should keep the discussion on this list.
Grant Peel wrote: > Hi Wallace, > > Some interseting acl statements here. > > Can you discuss off list with me? > > -Grant > > ----- Original Message ----- From: "wallace" <[EMAIL PROTECTED]> > To: "Grant Peel" <[EMAIL PROTECTED]> > Sent: Monday, April 28, 2008 12:20 PM > Subject: Re: [exim] Greylisting again. > > >> Hi Grant, >> >> I prefer to greylist only suspicious sender's IP, >> as most spam sources come from dynamic IP addresses. >> >> Suspicious sender IPs are: >> 1. Without reverse hostname >> 2. Reverse hostname does not point back to same IP >> 3. Reverse hostname is dynamic, e.g. 1-1-168-192.dialuppool.domain >> >> The other cheap spam prevention method I use is checking for valid >> SMTP HELO. >> >> These 2 methods fiters out more then 90% of spam before SMTP DATA. >> The rest can be handled by more expensive process, i.e. ClamAV and >> SpamAssassin. >> >> I use exim-greylist, see url: >> http://johannes.sipsolutions.net/Projects/exim-greylist/ >> >> And for dynamic ip (reverse hostname) checks, I use regex from: >> http://www.linuxmagic.com/opensource/anti_spam/dynamic_regex/ >> /etc/exim/exim_dynamic_regex file contains regex matches for dynamic >> IP's reverse hostname >> # Example: (1-1-168-192.dialuppool.domain.) >> >> Feedback or comments most welcome. >> >> Regards, >> Wallace >> >> >> ###################################################################### >> # HELO checks # >> ###################################################################### >> >> # HELO is empty or not sent >> deny message = You have sent no HELO! Please see RFC 2821 section >> 4.1.1.1 >> log_message = Bad HELO: Empty HELO >> condition = ${if eq{$sender_helo_name}{}} >> delay = 30s >> >> # HELO is not a fully qualified domain name >> deny message = Your mail server announcement ($sender_helo_name) \ >> is a single word rather than a FQDN. \ >> This is in breach of RFC2821 >> log_message = Bad HELO: Not FQDN >> condition = ${if match {$sender_helo_name}{\\.}{no}{yes}} >> delay = 30s >> >> # IP Only is sent as the HELO >> deny message = Your server announces itself ($sender_helo_name) \ >> with a plain IP address which is in breach of >> RFC2821. >> log_message = Bad HELO: IP Only Announce >> condition = ${if isip{$sender_helo_name}{yes}{no}} >> delay = 30s >> >> # Someone is trying to spoof a local domain on the server >> deny message = Forged HELO: you are not $sender_helo_name >> log_message = Forged HELO: $sender_helo_name Spoof Attempt >> condition = ${if >> match_domain{$sender_helo_name}{+local_domains}{yes}{no}} >> delay = 30s >> >> ###################################################################### >> # GREYLIST checks # >> ###################################################################### >> >> # Reverse Host Lookup Failed >> defer !senders = : [EMAIL PROTECTED] >> # !verify = reverse_host_lookup >> domains = +local_domains : +relay_to_domains >> condition = ${if eq{$host_lookup_failed}{1}} >> acl = greylist_acl >> message = greylisted - try again later >> log_message = greylisted_1 - host_lookup_failed [$host_lookup_failed] >> >> # Reverse Host Lookup Deferred >> defer !senders = : [EMAIL PROTECTED] >> # !verify = reverse_host_lookup >> domains = +local_domains : +relay_to_domains >> condition = ${if eq{$host_lookup_deferred}{1}} >> acl = greylist_acl >> message = greylisted - try again later >> log_message = greylisted_2 - host_lookup_deferred [$host_lookup_deferred] >> >> # Reverse DNS Rejected - dynamic ip >> defer !senders = : [EMAIL PROTECTED] >> domains = +local_domains : +relay_to_domains >> condition = ${lookup{$sender_host_name} nwildlsearch >> {/etc/exim/exim_dynamic_regex} {yes}{no}} >> acl = greylist_acl >> message = greylisted - try again later >> log_message = greylisted_3 - dynamic ip >> >> > -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
