Exim Anti Spam Configuration

One of Exim's strengths is its extensive set of filtering rules. You can use these to specify hosts for which you'll refuse delivery, specify users from whom you'll refuse delivery, or perform more sophisticated checks on a per-user basis. The major filtering options are as follows:

• host reject— This exim.conf option takes a colon-delimited list of hostnames, domain names, or IP addresses as its argument, and blocks all mail that originates from these systems. Cor instance, host_reject = *.badspammer.net:10.16.8.0/24 blocks all mail from the badspammer.net domain, and from the 10.16.8.0/24 network block. This rejection occurs as soon as the remote sy stemattemptsto makea connection. This sometimes causes repeated attempts to connect to your server, thus consuming small amounts of network resources over an extended period of time.

• host_reject_recipients— This option works much like host_reject, except that messages are rejected after the remote system begins the transaction, and more precisely, after it's sent the RCPT TO: command. The result is more likely to be an immediate cessation of attempts to send the messages.

• sender reject— This option rejects mail that originates from certain senders. A sender may be either an entire dom ain mr an individual user at a domain For instance, sender reject = [email protected]: badspammer.net blocks mail from the badspammer.net domain and from the user [email protected]. Exim refuses to receive mail as soon as it learns the sender's identity. This quick rejection causes some sending systems to try repeatedly to send the same message.

• sender_reject_recipients— This option works much like sender_reject, but it waits to reject the mail until the sender has entered a recipient address with the RCPT TO: command. This approach is more effective than sender reject's approach at getting the sending MTA to stop attempting to send the messages.

• User-specific filters— Exim supports filters that individual users can design. These reside in the .forward files in users' own home directories. This facility is extremely powerful and flexible. It's sim ilar in many wa°i to Procmail filters, which are described shortly in the section "Using a Procmail Filter." It's described in some detail in the filter.txt.gz documentation file that comes with Exim, in the /usr/doc/exim directory in Debian GNU/Linux (you'll need to uncompress this file with gunzip to read it).

If you want to create a large list of senders or sender hostnames you want to reject, you can place them in a separate file, and reference that filename with the appropriate rejection options. In addition to custom filters, Exim includes several options related to support for blackhole lists. These are controlled through several exim.conf options:

• rbl domains— Provide a colon-delimited list of blackhole list server addresses, such as those shown inTable 19.1, to have Exim use those lists. You can append these entries with /warn or / reject to specify that Exim add a warning header (which might be used by a subsequent Procmail filter, for instance) or reject the mail outright, respectively. Two additional options are / accept (to use a blacdhole-like mechanism to provide a limited "white list") and /skiprelay (which bypasses the blacdhole list check if the sender's domain is listed in the host accept relay option).

y rbl hosts— The default for this option is * , which causes Exim to check all hosts againrt the Mackhole lists specified by rbl domains. You mightwantto exempt certain s enders frem these checks, though. and to do so, you add thek names, preceded by exclamation marks, prior to the asterisk in a colon-delimited list. For instance, rbl_hosts = !ok.pangaea.edu:* exempts ok.pangaea.edu from the blacdhole list checks.

• rbl_reject_recipients— You can use tha /warn or / reject features of the rbl domains option to specify whether to add a warring or reject a suspected spam, as nosed pariier. When you've not specified explicitly what to do, Exim defaults to rejecting the affected mail. You can change this behavior to merely add a warning header by setting rbl reject recipients = no.

• recipients reject except— This option lets you specify blackhole list exceptions in terms of recipients. For instance, recipients_reject_except = [email protected] causes Exim to accept mail addressed to [email protected], even from sites included on a blackhole list.

There are a few additional blackhole list options in Exim; consult the package's documentation for details. In addition to patternmatchtngandblacdhole lists, Exim provides a few additional options that may be used to help cut dowa on spam.These include the following:

• headers check syntax— Exim can check message headers for bogus syntax, such as a message addressed to [email protected], and re0]^^ messages that fail these checks. This is normally a sanity check on the veracity of the data, but some spam uses poorly constructed mail headers that will fail such checks. To use this option, set it to true.

• helo verify— During initial connections, a calling SMTP server identifies itself with a HELO or EHLO c ommand. Normally, Exim doesn' t require this,but you can set it to be more strict by providing a list of hosts that must use this handshake. (You can set helo verify = * to require all senders to pass this test.) In addition to requiring use ef HELO or EHLO,helo verify requires that the IP vddress and DNS entries on the host match one another. Spammers often use misconfigured systems for which this isrrt true, but unfortunately, many legitimate mail server systems are also misconfigured in such a way that they'll fail this test.

• message size limit— This option is another that's not strictly a spam-fighting tool, but that might catch some spam. It defaults to 0, which translates into no size limit. If you set this option to a positive vAlue, that's the maximum message size that Exim will accept. This might be useful in limiting the impact of inconsiderate or accidental delivery of overly large messages to your system.

In all, Exim's spam filtering capabilities are extremely capable, particularly if you're willing to delve into the creation afuser-speeific filter file s.

Was this article helpful?

0 0

Post a comment