Re: [exim] EBL: blacklist for email addresses in Reply-To and message bodies

2017-06-28 Thread Phil Pennock 
On 2017-06-28 at 18:19 +0300, Lena--- via Exim-users wrote:
> How to use EBL in Exim config (requires Exim version 4.87 or higher):
> https://github.com/Exim/exim/wiki/EBL

Looks potentially useful.

The Reply-To: header takes an address-list and is interpreted as such,
and IIRC used in that way by some mail-clients when subscribed to
mailing-lists but wanting personal copies of replies too.  So the `rt:`
ACL is going to calculate something which will emit bogus queries to an
external service.

There could stand to be some privacy implications discussion too --
you're sending out, over the wire in unencrypted DNS packets, a
predictable derivation of the Reply-To: header received for every email
from a given domain.  Using a cryptographic checksum protects against
casual snoopers knowing, but does not protect against those with a
dictionary of email addresses generating a reverse map and using that
for lookups, so undermines a chunk of the TLS-by-default work going on
by leaking metadata.  Usual RBLs only leak that there was communication
from an IP, which a network traffic sniffer could see anyway.

-Phil

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] EBL: blacklist for email addresses in Reply-To and message bodies

2017-06-28 Thread Lena--- via Exim-users 
The purpose of the EBL blacklist is described on
http://msbl.org/ebl-purpose.htm

I tested EBL since October 2016, today it was declared in public beta:
https://spammers.dontlike.us/mailman/private/list/2017-June/010493.html

> The Email Blocklist has entered Beta 2, and is now open for testing by
> the public. If you have not tried the list out, please do so. We would
> love to receive your feedback, and think you will like seeing less 419
> Advance Fee Fraud and some other types of spam in your inboxes.
> 
> You can find information, instructions, and tools on the website:
> http://msbl.org/ebl-implementation.html

How to use EBL in Exim config (requires Exim version 4.87 or higher):
https://github.com/Exim/exim/wiki/EBL

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/