Re: [exim] Avoiding bounces

2018-05-30 Thread Klaus Maria Pfeiffer via Exim-users 
On 05/26/2018 09:03 AM, Luca Bertoncello via Exim-users wrote:
> My problem: I have an "info@"-address that forwards the E-Mails to other
> It results in many bounces in my Exim-queue.

to avoid that issue on my MX I use dovecot as LDA
https://wiki.dovecot.org/LDA/Exim and redirect via sieve with original
recipient.

   sieve_redirect_envelope_from = orig_recipient

redirect in sieve is done based on envelope-to header.

   lda_original_recipient_header = Envelope-to


to avoid redirection of bounces, add before-filter to directly save in
inbox.

;=== /etc/dovecot/sieve/before/20-Mailer-Daemon.sieve ==
require ["fileinto"];

# rule:[Mailer-Daemon]
if allof (address "From" "Mailer-Daemon@")
{
fileinto "INBOX";
}
;===

this is also more or less what Sven describes in
https://groups.google.com/forum/#!msg/de.comm.software.mailserver/JA1tBzqYH1U/B_4GJ4JaCwAJ

btw, due to your homebase is Germany, think of DSGVO and AVV, I'm not
sure if such forwarding is allowed.

gre3tings, Klaus

-- 
Klaus Maria Pfeiffer
chat: hoedlmo...@jabber.rekmp.net
blog: http://blog.kmp.or.at/
twitter: @hoedlmoser

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Avoiding bounces

2018-05-27 Thread Niels Dettenbach (Syndicat IT & Internet) via Exim-users 
Am 27. Mai 2018 08:07:37 MESZ schrieb Luca Bertoncello via Exim-users 
:
>Of course I do that!
>But unfortunately I already get tons of spam...
>A couple of years ago was better, but now I get many spam per day
>again... :(

Spam and spam fighting is a evolutionary development. Things worked years ago 
very well against >90% of real (!) spam are more and more useless while newer 
spammer strategies emerge which require newer ways. On the other hand - the 
amount of "self driven" Internet MTAs of many entities / companies was higher 
years ago - so i.e. reverse DNS or rfc-conformity was not a usable "hard" 
criteria at that time and white mail / ham from a lot of mailers with somekind 
"buggy" behaviour was to accept. Today it is possible to "expect more" from a 
source MTA.

Typical working anti spam solutions (without false positives and a very high 
recognition rate use multiple stages of different solutions and strategies and 
more dynamic criteria.

There is no real "one reciept for all" howto, but some things are typically 
involved by successfull anti-spam solutions today:

- checking "conformity" to typical RFCs
- DKIM, SPF, DMARC (be aware of lists)
- multiple DNS blocking lists
- DCC
- razor
- spamassassin rulesets
- greylisting strategies
- virus filters
- phishing url filters
- bayesian analysis
...

Exim allows to store and work with variables. Such could be used to "count" and 
"weight" multiple aspects of a Email before to decide about a bounce (bit 
similiar to spamassassin). I.e. requsting a list of DNSBL and "count" each 
record by weight is helpful today (instead of just block if in a list...).

Run a "anti-spam" MX with a really high recognition rate of real spam (not 
legal list mail or newsletters) without (!) producing "false positives" was and 
is a time consuming job - offen to much for a small company mail system. The 
current Definition of "false positives" (what really IS spam and has to be 
blocked) is a important part which has to match expectations of the "Users" 
("white" Senders as Recievers)

But it costs traffic, hardware and energy too, so that many free mail providers 
not want or are not able to go so far with their service.

I'm not a fan of "spam folders" for business users as they do not really save 
time, because they have to check that folder regularly to avoid lost business 
email.

I usually avoid Spamfilter "training" by users too as this leads to mis-usage 
which could result in false positives.

All in one solutions like (standard) Spamassassin could help very wide in 
"smaller" systems / for "season" admins, but are just a basic barrier in 
practice.

I know that many admins of smaller mailers block on a list of TLD, domains or a 
geotarget base as a "quickanddirty spam filter", but the result is not a 
Internet email service anymore (as it doesnt work for potential / real white 
and proper email Senders) and it will lead to bounces false positives. 

This would not be acceptable for i.e. business users which rely on and "just" 
expect a reliable email service.

For me, such ugly "hacks" of mailer admins are one reason why many Users today 
tend to see Email as a "unreliable, outdated messaging" solution.


hth a bit,


niels.
-- 
Niels Dettenbach
Syndicat IT & Internet
http://www.Syndicat.com

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Avoiding bounces

2018-05-27 Thread Luca Bertoncello via Exim-users 
Always Learning via Exim-users  schrieb:

Hi,

> If you reject emails from MTAs having no rDNS or no resolving HELO (or
> EHLO) names or having a HELO name that is different from the sending
> MTA's host name, most of your spam will not reach your users.

Of course I do that!
But unfortunately I already get tons of spam...
A couple of years ago was better, but now I get many spam per day again... :(

Thanks
Luca Bertoncello
(lucab...@lucabert.de)

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Avoiding bounces

2018-05-26 Thread Jasen Betts via Exim-users 
On 2018-05-26, Jeremy Harris via Exim-users  wrote:
> On 26/05/18 15:05, Luca Bertoncello via Exim-users wrote:
>> Well, this "info@"-address is a forward to many recipients, not just one...
>
> Oh, a mail-exploder.  OK, no cutthrough routing possible.  This is
> effectively a mailinglist, and you need to put real effort into
> curating it.  Things like: on the slightest evidence of dodgyness
> - including, but not limited to, bad rDNS, bad HELO, bad dnsbl,
> bad sender-verify-callout, perhaps even unwhitelisted-senders -
> divert to a quarantine queue for manual vetting.
>
> And consider just rejecting on those grounds, too.
>
>
> Or, as Lena suggests, for Google use a POP-sucker rather than
> SMTP forwarding.  But that means telling Google some credentials
> for your box, and providing POP access (I strongly suggest you
> create a/some dedicated account(s) for that, with the credentials not
> used for any other purpose).  We are, of course, assuming you
> have control of the Google account(s) concerned.

If you do that, (and it will work well) be sure that the mailbox is
cleared regularly. at work we got hit by hundereds of dollars of 
excess data chargers on one of our servers due to international
pop data going to google, we had to put an ip firewall in.
(alternatively host the pop3 somewhere that has cheap data charges)

-- 
 ت

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Avoiding bounces

2018-05-26 Thread Sebastian Nielsen via Exim-users 
I don't reject invalid HELO's or invalid rDNS and get very Little
spam, because I just ban all those shitty TLDs.
I have found out that most spam uses those new shitty TLDs so just
banning these shitty TLDs in the MIME from and MAIL from is a good
solution:

MAIL from stage:

  deny
message = Banned TLD
sender_domains =
^(?i).*\\.(study|reise|technology|club|fun|bid|store|top|xyz|pro|date|faith|stream|host|loan|download|click|link|science|design|gdn|men|win|party|webcam|rocks|email|life|ninja|online|racing|review|site|trade|vividal|website|works|work|cricket|help|camera|computer|space|uno|tech|news|space|guru|berlin|photography|global|today|solutions|media|world|university|shop)\$

then one for Mime from stage:

  deny
message = Banned TLD in MIME From ($h_from:)
condition = ${if match
{$h_from:}{^(?i).*\\.(study|reise|technology|club|fun|bid|store|top|xyz|pro|date|faith|stream|host|loan|download|click|link|science|design|gdn|men|win|party|webcam|rocks|email|life|ninja|online|racing|review|site|trade|vividal|website|works|work|cricket|help|camera|computer|space|uno|tech|news|space|guru|berlin|photography|global|today|solutions|media|world|university|shop)>\$}{yes}{no}}

That solves most current spam problems.

2018-05-26 23:24 GMT+02:00 Always Learning via Exim-users :
>
> On Sat, 2018-05-26 at 09:03 +0200, Luca Bertoncello wrote:
>
>> Well, unfortunately this address catches many Spam/junk E-Mails and, of
>> course, my Exim (4.88) tries to forward them.
>> Virus are blocked and will __NOT__ be forwarded, but Spam is some other and,
>> of course, I cannot be sure if an E-Mail is Spam or not, so I have to forward
>> it...
>
> I disagree, based on my 9? years of happy, contented and grateful usage
> of Exim.
>
> If you reject emails from MTAs having no rDNS or no resolving HELO (or
> EHLO) names or having a HELO name that is different from the sending
> MTA's host name, most of your spam will not reach your users.
>
> I then take additional Exim-based spam-repulsion activities and only get
> ONE spam perhaps every few weeks, despite having 5 incoming MTAs in 3
> countries.
>
> Do not do nothing and let yourself become a willing victim of spam.
>
>
> --
> Kind regard,
>
> Paul.
> England, EU.  England's place is in the European Union.
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Avoiding bounces

2018-05-26 Thread Always Learning via Exim-users 

On Sat, 2018-05-26 at 09:03 +0200, Luca Bertoncello wrote:

> Well, unfortunately this address catches many Spam/junk E-Mails and, of
> course, my Exim (4.88) tries to forward them.
> Virus are blocked and will __NOT__ be forwarded, but Spam is some other and,
> of course, I cannot be sure if an E-Mail is Spam or not, so I have to forward
> it...

I disagree, based on my 9? years of happy, contented and grateful usage
of Exim.

If you reject emails from MTAs having no rDNS or no resolving HELO (or
EHLO) names or having a HELO name that is different from the sending
MTA's host name, most of your spam will not reach your users.

I then take additional Exim-based spam-repulsion activities and only get
ONE spam perhaps every few weeks, despite having 5 incoming MTAs in 3
countries.

Do not do nothing and let yourself become a willing victim of spam.


-- 
Kind regard,

Paul.
England, EU.  England's place is in the European Union.


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Avoiding bounces

2018-05-26 Thread Jeremy Harris via Exim-users 
On 26/05/18 15:05, Luca Bertoncello via Exim-users wrote:
> Well, this "info@"-address is a forward to many recipients, not just one...

Oh, a mail-exploder.  OK, no cutthrough routing possible.  This is
effectively a mailinglist, and you need to put real effort into
curating it.  Things like: on the slightest evidence of dodgyness
- including, but not limited to, bad rDNS, bad HELO, bad dnsbl,
bad sender-verify-callout, perhaps even unwhitelisted-senders -
divert to a quarantine queue for manual vetting.

And consider just rejecting on those grounds, too.


Or, as Lena suggests, for Google use a POP-sucker rather than
SMTP forwarding.  But that means telling Google some credentials
for your box, and providing POP access (I strongly suggest you
create a/some dedicated account(s) for that, with the credentials not
used for any other purpose).  We are, of course, assuming you
have control of the Google account(s) concerned.
-- 
Cheers,
  Jeremy

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Avoiding bounces

2018-05-26 Thread Luca Bertoncello via Exim-users 
Jeremy Harris via Exim-users  schrieb:

> But you're better-off never accepting the message.  Consider doing
> cutthrough-routing for these; this means that if the site you are
> forwarding to (Google) refuses the message even as late as after-data
> (which, given they need to analyse the body, is likely) then so do you
> (for the originator talking to you).

Well, this "info@"-address is a forward to many recipients, not just one...
I could refuse the message if at least one recipient will refuse it.
This would like me.

Now the very question: how can I do that?

Thank you for your help!

Regards
Luca Bertoncello
(lucab...@lucabert.de)

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Avoiding bounces

2018-05-26 Thread Lena--- via Exim-users 
> I have an "info@"-address that forwards the E-Mails to other
> addresses, some on them outside my servers.
> 
> Well, unfortunately this address catches many Spam/junk E-Mails and, of
> course, my Exim (4.88) tries to forward them.
> Virus are blocked and will __NOT__ be forwarded, but Spam is some other and,
> of course, I cannot be sure if an E-Mail is Spam or not, so I have to forward
> it...

No, you haven't to forward it. You can deliver to a local mailbox
(or several mailboxes) and configure your mail clients to
download mail from those mailboxes via POP3 or IMAP.

> some recipient (in this case: Google) refuse some E-Mail if they are
> Spam (in the "mind" of Google)

Gmail also can download via POP3.

By forwarding spam to Google, you harm reputation of your server.

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Avoiding bounces

2018-05-26 Thread Jeremy Harris via Exim-users 
On 26/05/18 08:03, Luca Bertoncello via Exim-users wrote:
> My problem: I have an "info@"-address that forwards the E-Mails to other
> addresses, some on them outside my servers.
> 
> Well, unfortunately this address catches many Spam/junk E-Mails and, of
> course, my Exim (4.88) tries to forward them.
> Virus are blocked and will __NOT__ be forwarded, but Spam is some other and,
> of course, I cannot be sure if an E-Mail is Spam or not, so I have to forward
> it...
> 
> Now, some recipient (in this case: Google) refuse some E-Mail if they are
> Spam (in the "mind" of Google), so a bounce will generated.
> All correct, but...

But you're better-off never accepting the message.  Consider doing
cutthrough-routing for these; this means that if the site you are
forwarding to (Google) refuses the message even as late as after-data
(which, given they need to analyse the body, is likely) then so do you
(for the originator talking to you).

> ... sometimes the E-Mail __IS__ spam and the sender cannot be contacted since
> his server refuse my bounces.
> It results in many bounces in my Exim-queue.

This is where sender-verify callouts are useful, despite some people
regarding them as bad.  But if you're doing cutthrough you don't even
need that.

> Now the question: can I configure Exim to simply delete these bounces
> (identified by refused from Google)?

The trick is to never accept these messages, so that no bounce is
generated.
-- 
Cheers,
  Jeremy

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/