Mark Goodge wrote: > Hi, > > This is possibly a bit of a numpty question, but if so please bear with > me as I'm not an exim expert! Here's the background to the question: > > I work for an online retailer. We want to tighten up our anti-spam > defences as it's wasting too much of the customer service team's time > simply having to close the tickets it generates. However, we absolutely > cannot afford even a single false-positive against the address of an > actual customer. > > So, what we're planning to do is use a MySQL backend for whitelisting. > When a customer places an order, the email address they supplied on the > order is added to the database by the order processing system and the > database is then in turn queried by exim in order to determine whether > or not the address is whitelisted. If an address is whitelisted it is > allowed straight through, no questions asked, if not then it goes > through the usual RBL/greylisting/spamassassin/etc checks. (We are > aware > that this doesn't protect us against customers who have their webmail > accounts hijacked or who are infected with viruses. This is a > limitation > we're willing to live with, as even stupid customers are still > customers > and we need to allow them to contact us). > > My question is, firstly, does this sound like a reasonable way of going > about it? If not, is there a better way of doing it? And, if it is, how > should I go about configuring exim to look up the whitelist table? > > Thanks > > Mark
We have a whitelist system here that allows individual users to create their own personal whitelists. It's broadly similar to what you're proposing, in that Exim queries a database at SMTP time to determine how the message should be processed. One point to note is even whitelisting (in our system) doesn't bypass virus/malware checks (and rejection if found). You might want to consider rate-limiting to reduce risks associated with a customer's PC becoming infected or hijacked. Regards Richard -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
