Re: [exim] Exim is forwarding spam.

[Michael J. Tubby B.Sc G8TIC]

Chris,

While your idea is interesting its not necessarily scalable, I have 800+ 
domains each with 1-1000 addresses...

I use recipient verify, i.e. I call out to the next hop host and verify 
the recipient.  The host is usually present, however if it is not 
contactable then I default to accepting the mail and queuing it.  This 
means there's a slightly higher chance of them getting spam (backscatter 
spam) while their host is offline.

I think this compromise is acceptable and avoids me having to know my 
clients' email addresses.


Mike



On 30/06/2012 19:28, Chris Knadle wrote:
On Saturday, June 30, 2012 13:17:05, Todd Lyons wrote:
On Sat, Jun 30, 2012 at 9:57 AM, Chris Knadle <chris.kna...@coredump.us> wrote:
BTW are you doing any mail relaying?  If you're relaying mail for any
domains, you can end up in Exim sending "backscatter spam" due to not
being able to validate the recipient of the email.  I've come up with an
interesting solution for this situation which you might like if this is
the case.
What are the details?  "Interesting solution" implies something new or
novel and I for one would like to see what you did.
Okay, then I'll explain it.

I don't necessarily think it's a new or novel solution, but I haven't yet seen
it elsewhere.  [I expect someone else must be doing something similar.]

At first I considered doing a recipient callout, but this defeats the purpose
of being a mail relay because it requires the main mail server to be present
and online.  The bottom line is that the backup mail server has to have some
way of authenticating recipient email addresses even when the main mail
server is offline.

To do this, I asked the administrator for the relay domain for the list of
valid email addresses.  At first he didn't like this idea because it exposes
that information to me, but once I explained the reason I was asking for it
he understood and did so, along with a list of "blacklisted" email addresses.
He's using wildcard email addressing with '-' as the delimiter, and that's the
reason why the additional "blacklisted" addresses are necessary.  Thankfully I
found it was not necessary to use wildcard addressing myself to be able to
deal with all of this.  ;-)

The simple solution: email addresses from a particular domain are checked
against a regex of valid email addresses in a file that is named after the
domain name, and likewise with a blacklist file.


Exim4 configuration
----------------------------------
# (The domain names below are ficticious)
domainlist blacklist_filecheck_domains =  example1.com
domainlist rcpt_checked_relay_domains = example1.com

acl_check_rcpt:

   #   deny relay_to_domains blacklisted recipients
   #   CONFDIR/local_recipient_blacklist holds a list of email addresses that 
should
   #   no longer have email accepted for them, but which need to be blocked 
explicitly
   #   due to wildcard email addresses being used that would normally accept the
   #   addresses.  Incoming messages with these recipients are blocked at RCPT 
time.
   deny
     domains     = +blacklist_filecheck_domains
     message     = unknown user
     condition   = ${lookup{$local_part@$domain}\
         nwildlsearch{CONFDIR/recipient_blacklists/$domain}\
         {yes}{no}}
     log_message = Address $local_part@$domain blocked
     delay       = 15s

   #   Relay only recipients found in recipient_relay_lists for relay_to_domains
   #   that are set to use it
   deny
     domains     = +rcpt_checked_relay_domains
     message     = unknown user
     !condition  = ${lookup{$local_part@$domain}\
         nwildlsearch{CONFDIR/recipient_relay_lists/$domain}\
         {yes}{no}}
     log_message = Address $local_part$domain unknown
     delay       = 15s
----------------------------------



/recipient_blacklists/example1.com
----------------------------------
virgil_e...@example1.com
doc_holli...@example1.com
----------------------------------


/recipient_relay_lists/example1.com
----------------------------------
ab...@example1.com
r...@example1.com
nots...@example1.com
postmas...@example1.com
mailer-dae...@example1.com
billy_claibo...@example1.com
^bclaiborne-.*@example1.com
billy_clan...@example1.com
^bclanton-.*@example1.com
frank_mcla...@example1.com
^fmclaury-.*@example1.com
----------------------------------



Thusfar updates to email addresses have simply been sent over email because
they've been infrequent, but I've occasionally considered something more
easily updated by the relay domain administrator such as files copied via
rsync over ssh.

Also I originally implemented this idea in LDAP as a way of keeping the remote
domain addresses in sync, but the relay domain admin wasn't interested in
running LDAP so I opted for this simpler file-based solution, which has been
doing it's job very well IMHO.

   -- Chris

--
Chris Knadle
chris.kna...@coredump.us




--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/