Bill Hayles wrote:
Hi,
On Sat, 26 Mar 2011 20:56:05 -0600 in message
number<[email protected]>, received here on 08/04/2011
19:47:03, The Doctor<[email protected]> said:
Right .
I am seeing e-mail
being sent from
a couple of bogus addresses
one is adminsuppo*@dhl.com
And the other is of the form postmail-usa.**@***.com .
Question how can exim block and disgard e-mails coming from such addresses ?
I use this sort of thing.
In ACL configuration:
# deny spamming IPs
# By IP address; substitute hosts
deny message = Rejected IP
hosts = 127.0.0.1
# by domain; substitute domains
deny message = Rejected Domain
domains = foo.bar : foo2.bar
# by specific sender; substitute domains and local_parts
deny message = Rejected sender
domains = foo.bar
local_parts = somesender
Those are probably forged originations and can more easily be
blockedwith an rDNS test than by listing all possible such that will
eventually show up.. see below in re rDNS.
w/r the approach under discussion, though, there is room for improvement
IF any or all of the following apply:
- large lists
- frequent changes
- desire to NOT involve delay or resources for off-box callouts/lookups
... none of which are the best environment for 'domain = ' or 'hotlist =
' structures.
THEN
- an lsearch, wildlsearch, iplsearch, or dirsearch of an external
flat-file, CDB, or dirtree may serve better[1]
Said file(s) are easily generated or modified by externals and need
neither the privs to alter exim's configure file NOR a restart of the
exim listener/manager daemon. They are also amenable to
per-recipient-domain or even per-individual-recipient customization.
....and, BTW, in order of efectiveness:
- the FIRST line of defense against 'bogus' addresses is an rDNS check.
- then 'major' dynamic-IP and known-bad-actor RBL's
- then verify = recipient
..by which point those the OP cited would probably have been rejected as
zombot forgeries, and needeth not (the above test..).
.. which nonetheless covers about 3,000 to 6,000 total entries here,
some of them being entire ISP blocks, entire <tld>, even a few cases of
specific MTA ID.
YMMV,
Bill
[1] If one feels compelled to utilize an RDBMS to massage all these, it
is still better to export CDB or such from it for Exim's use rather than
doing direct SQL calls. 'Usually' faster and lighter. 'Always' more robust.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
