[Gllug] RBL listed hosts

Xander D Harkness xander at harkness.co.uk
Thu Jun 13 09:44:39 UTC 2002 

Jim Bailey wrote:

>>    
>>
>Please forgive me if I am in my usual way totally ignorant of the real
>situation but it maybe or should be possible to to construct a helpful
>message, while simply filtering mail based purely on its header
>information.
>
>RFC2821 seem to offer a way of sending clearer messages to users without
>accepting suspect mail.
>
>4.2 SMTP Replies
>
>   Replies to SMTP commands serve to ensure the synchronization of
>   requests and actions in the process of mail transfer and to guarantee
>   that the SMTP client always knows the state of the SMTP server.
>   Every command MUST generate exactly one reply.
>
>   The details of the command-reply sequence are described in section
>   4.3.
>
>   An SMTP reply consists of a three digit number (transmitted as three
>   numeric characters) followed by some text unless specified otherwise
>   in this document.  The number is for use by automata to determine
>   what state to enter next; the text is for the human user.  The three
>   digits contain enough encoded information that the SMTP client need
>   not examine the text and may either discard it or pass it on to the
>   user, as appropriate.  Exceptions are as noted elsewhere in this
>   document.  In particular, the 220, 221, 251, 421, and 551 reply codes
>   are associated with message text that must be parsed and interpreted
>   by machines.  In the general case, the text may be receiver dependent
>   and context dependent, so there are likely to be varying texts for
>   each reply code.  A discussion of the theory of reply codes is given
>   in section 4.2.1.  Formally, a reply is defined to be the sequence: a
>   three-digit code, <SP>, one line of text, and <CRLF>, or a multiline
>   reply (as defined in section 4.2.1).  Since, in violation of this
>   specification, the text is sometimes not sent, clients which do not
>   receive it SHOULD be prepared to process the code alone (with or
>   without a trailing space character).  Only the EHLO, EXPN, and HELP
>   commands are expected to result in multiline replies in normal
>   circumstances, however, multiline replies are allowed for any
>   command.
>  
>
It is possible to block the spam software which just dumps the message 
without waiting for the response
using exim's ACL list in version 4.

>   I am not sure how you change these texts whether there is a option in
>   the config files or whether you need to do something with source code,
>   (beyond my abilities).
>
>   I am trying to figure it out though as I am using some hacks off the
>   Postfix users list to perform UCE filtering on mails with hotmail and
>   yahoo addresses and the stock 451 response it gives doesn't make an
>   lot of sense in the context they are being used in.
>  
>
While I know that you are using postfix, there are some good exim 
filters floating round the net that
compare the sending host, the sender's email address and the headers for 
example to make sure that
an Hotmail email is arriving from of of the service's relays.

I find that I am getting very little spam coming through from Hotmail 
addresses, I am getting a lot from
911.com and xo.com and a few .pl addresses.  For these addresses I am 
also using
sender_verify_callback which tries to send a test bounce message to the 
senders address during the smtp
session.  If the test fails because the mail box is full of bounces or 
it does not exist then the mail will be
refused.  It does create a lot of extra work for a message delivery but 
it does work well on selected
domains.

Cheers
Xander


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list