On 06/03/2013 03:20 PM, Allen Bell wrote:
My case in point today is having installed the latest version of Exim and
finding that the directive placing root on the never list - cannot be
overridden.
As a default - that is without question a good idea. But making it a
hard-coded restriction
Right now I'm using: dkim_verify_signers =
$sender_address_domain:$dkim_signers to trigger the DKIM ACL. That
should cause it to be called for any envelope sender, regardless of the
header signatures, right?
So I can easily check things like: dkim_status = invalid or
dkim_status = fail in
On 4/22/2010 8:37 PM, Ted Cooper wrote:
Unfortunately, it's very hard to tell the difference between a
callout and a bounce at rcpt time.
If you do still get a lot of backscatter (I've not seen much these days,
admins do seem to be getting a clue), you should look into BATV signing
your
On Thu, 2007-08-16 at 16:18 -0400, Eli Sand wrote:
Any reference for hyphens not beeing allowed in host names?
Hyphens (-) are allowed in hostnames, and there isn't even a rule stating
how many can be compounded together.
A host name just can not start or end with a hyphen.
--
## List
On Mon, 2007-07-30 at 14:39 +0100, Mike Cardwell wrote:
Mike Cardwell wrote:
Is my understanding correct? If so, what is the amount of time until
expiry? I can't see anywhere to configure this so I'm guessing I've
either misunderstood how it works, or the value is hardcoded and
On Fri, 2007-06-29 at 10:36 -0700, Marc Perkel wrote:
OK - I think I'm making some progress on this. I created a DNS server
that you can pass a $sender_host_name to and get a code indicating if
it's a one level or 2 level domain.
I still have more work to do to make it practical. But -
On Wed, 2006-08-16 at 14:24 +0100, Philip Hazel wrote:
On Wed, 16 Aug 2006, Kjetil Torgrim Homme wrote:
log_target = none
to force it into mainlog rather than rejectlog:
log_target = main
Idea noted; I quite like that. Slightly modified: the string could be a
list. Then
On Wed, 2006-07-26 at 16:09 +0200, Jakob Hirsch wrote:
(Default config's) Sender verification is done in the RCPT ACL, so I'd
say this is also the right point for other checks that would logically
belong into the MAIL ACL. (HELO check should be before verify, but I
guess you know that.)
The default require verify = sender or recipient rejection messages
are good and self explanatory. But mails rejected by require verify =
reverse_host_lookup just get a 550 Administrative prohibition.
Though a nice message is logged. Such as host lookup failed (failed to
find host name from
On Fri, 2006-06-23 at 16:18 +0300, Odhiambo G. Washington wrote:
| Your customers use this server for relaying? Then you probably identify
| them by SMTP AUTH or fixed IPs. That should give you the facility to
| block unauthorized senders.
Yes and yes. I already do that. However, it has
On Fri, 2006-06-23 at 19:35 +0300, Odhiambo G. Washington wrote:
I agree with you. Now tell me how much overheard this would add, if I
knew _all_ the IPs that are geographically in Kenya (via GeoIP):
check_connect:
drop !hosts = cdb;/path/to/db/with/all_KE-IPs
accept
(or the
Marc Perkel wrote:
There are probably people out there who just know how to do this in a
simple way.
I have two files. Both files are text files that have IP addresses on
separate lines. Both are alphabetical. What I want to do is read file A
and file B and create file C that has all the
On Mon, 2006-06-19 at 07:51 -0700, Marc Perkel wrote:
Here's what I use in a filter.
# Get rid of very empty messages
if h_to: is
then
if h_subject is
then
seen finish
endif
endif
If you are going to check for missing headers to catch empty messages,
go for the two
On Tue, 2006-06-06 at 07:58 -0700, altendew wrote:
So would blackhole be better on terms of stress on our server?
:fail: will put the least stress on your server (and your users, as
mistyped addresses will get an error, not just disappear). :fail: will
cause the RCPT command to fail rather than
On Mon, 2006-06-05 at 12:39 -0700, altendew wrote:
So we have a lot of returned mail that we did not send out. I have figured
that out.
What are the best solutions for deleting returned mail, because we get
thousands a day?
Get rid of the wildcard alias, so spammers picking random local
On Wed, 2006-05-17 at 10:02 -0700, Marc Perkel wrote:
Ian Eiloart wrote:
Do you run ClamAV, which has a similar facility? Which do you run first?
How would you run Clam?
Clam's URL checking feature just downloads what ever file is directly
linked to in an e-mail and scans the result
On Fri, 2006-04-07 at 14:57 +0100, Dennis Davis wrote:
I'm seeing the same thing here as I'm rejecting messages that don't
contain a Date header. From yesterday's logs I see:
2006-04-06 15:28:38 1FRVTS-Vg-6r H=iport.americangreetings.com [216.
33.97.79] I=[138.38.32.21]:25 F=[EMAIL
On Fri, 2006-04-07 at 10:27 -0400, Marc Sherman wrote:
Just out of curiosity, did they contact you initially, or were you
resolving a complaint about a missing ecard from one of your own users?
If the former, what kind of rejection rate were they seeing that
prompted them to contact you?
Could anyone else verify for me that messages (eCards and notification
messages) sent from americangreetings.com do not contain a Date: header.
I'm requiring that mails have Date: and Subject: (empty subject is OK)
headers and thusly American Greetings are being rejected. I just hung
up on their
I'm using the following to verify BATV signatures on bounced messages.
I had to enable caseful local parts for the check because I found one
user was setting their return address to have capital letters in it.
Now I have found another user placing capital letters in the domain
name.
deny
I'm want to use something like the following in my DATA ACL, but
(obviously) $local_part and $domain are empty. I've already made sure
there is only one recipient in messages with an empty sender in the RCPT
ACL, so that won't be a problem.
denymessage = bounce messages must be returned
On Thu, 2006-03-02 at 12:32 -0500, Dave Lugo wrote:
On Thu, 2 Mar 2006, Chris Meadors wrote:
Basically prvscheck should expand to an empty string when given a
non-signed address, and yes when given a signed address. I don't want
to do this in the RCPT ACL because it could reject
If anyone has been paying attention over the last couple weeks I've been
trying to put together a BATV (Bounce Address Tag Validation)
configuration on my server. BATV prevents bounces from being returned
to your server that did not originate from it. Every time there is a
virus outbreak I get a
On Mon, 2006-02-27 at 10:34 -0500, Chris Meadors wrote:
Thanks to all who have helped. I have been correctly signing the
envelope sender for seven days. Now I would like to start rejecting
messages with bad or missing BATV signatures.
I've seen a little discussion on the list
On the heals of the Strange Sender Verification behaviour thread where
it turned out that Alligate's software doesn't respond to the RSET
command correctly. It also seems that it refuses to accept any envelope
senders that contain a '/' (slash) character. So BATV signed messages
get rejected
I've got my Exim only calling prvs on local_domains now. Thanks David!
But I've run into a different problem. All signed addresses seem to be
for day 100. The hash matches, but then I'm informed that the signature
has expired.
exim -d+expand -be '${prvs [EMAIL PROTECTED]'
expanding: [EMAIL
On Fri, 2006-02-17 at 10:25 -0500, Chris Meadors wrote:
I've got my Exim only calling prvs on local_domains now. Thanks David!
But I've run into a different problem. All signed addresses seem to be
for day 100. The hash matches, but then I'm informed that the signature
has expired
I'm trying to set up a very basic BATV implementation. I have the
redirect router working return signed addresses to their original state.
I also have a transport that will sign the return-path of outbound SMTP
deliveries. Both of these were pretty much copied from the spec.txt
minus the SQL
On Wed, 2005-09-28 at 08:45 -0700, Marc Perkel wrote:
How would you do that with a separate program?
Basically I have different classes of customers and they use different
IP addresses in the same computer for my spam filtering service. So if I
could create separate log files I could
Marc Perkel wrote:
If the part second to the end is co com net org then it's 3 part.
warnmessage = X-Maindomain: \
${if
match{XX${extract{-2}{.}{${domain:$h_From:}}}XX}{XX(co|com|net|org)XX}\
On Tue, 2005-08-16 at 08:46 -0700, Marc Perkel wrote:
Yes - that's true. But I'm thinking in terms of how much power you get
at the lowest price. If money isn't a problem then hardware raid scsi is
the way to go.
I'm just not that rich myself. So the less expensive alternative would
be
31 matches
Mail list logo