Chris Lightfoot wrote: > On Mon, Jul 03, 2006 at 06:43:43PM +0200, Anthony wrote: > >>Hello. >> >>In order to prevent spam, I'd like Exim 4 (I run Debian) to reject >>incoming mail >>if sender's domain doesn't exist. >>What should be modified in the configuration files for this ? > > > you could switch on callout verification of senders, which > will test that the sender's address is deliverable, rather > than just that their domain exists -- add, > > require verify = sender/callout > > to the MAIL ACL. You could also check just that the > domain-part of the address exists with the dns lookup at > the same point, but I haven't an example to hand. >
This can result in a rather high 'false positive' rejection if you use a 'hard' test, and for any of several reasons: - many 'major' ISP's utilize 'pools' or clusters of servers, often arranged as 'incoming' and 'outbound'. Your users may have correspondents form many such. Or not. - these do not necessarily respond as expected, if at all, to sender verification callouts. (Does your own Exim server do so?) - some otherwise-legitimate sending MX may not resolve. (Does your own?) - others may locally blacklist sources that attempt frequent sender verification. For our part, we DO seek sender verification, but only with a 'warn' verb that assigns 'demerit' points on fail. Other protocol violations are also point-scored, then the cumulative score tested against thresholds at key points in the smtp process. Spam attempts, especially from zombie-farms, usually exhibit *many* such errors, legitimate servers only one or two, though not necessarily the *same* one or two as some other legitimate server may. The 'weight' of a score assigned for an infraction, and the thresholds you can tolerate need to be determined from experience/analysis of your own traffic, but it is easy to start lax and selectively tighten up, as you can store the thresholds in macros, and/or per-user in a file or DB, and adjust the demerit points assigned in each acl individually. This is effective, requires very few whitelist entries, and has a very low false-positive rate, even with rather strict settings. HTH, Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
