[Mimedefang] Need help with filter_relay

Paul Murphy pmurphy at ionixpharma.com
Wed May 19 11:59:59 EDT 2004 

Mark,

> 1 - It is my suspicion that bouncing emails with these keywords in the
> "from" header will only bounce spam.  Am I correct here?

If you check the headers after receiving, then you will cause chaos, as there
will be a Received header for each hop, so any DSL customer who sends via their
ISP's smarthost will also be rejected.  Also, reverse DNS is unreliable at best,
and useless at worst.  Very few ISPs allow customers to control the reverse
lookup, so many will have entire ranges which all map to "unassigned" or
"dial-up", or "dsl", or whatever.

At least some of these will be Linux users, or businesses who use DSL for their
connectivity, but who run their own mail systems.  You will reject mail from
them.  You will also reject mail from any ISP who provides a smarthost for DSL
customers' use if it is called dslsmarthost, or smartpool, or mailpool, etc.

> 3 - For the purposes of a filter to bounce these emails, I am not sure
> where to reference the header in filter_relay.  Would this work:
> sub filter_relay {
>             my ($ip, $name, $helo) = @_;
>             if ($name =~ /dsl) or
>             if ($name =~ /pool)  

What you're talking about here is blocking based on the incoming connection and
the HELO (which incidentally as of 2.43 is no longer available in filter_relay),
rather than on Received: lines in the header.  To process the header, you have
to do it in filter_begin or filter_end, as before this the HEADERS file doesn't
exist.

If you wish to block based on the IP address, effectively only allowing non-DSL
hosts to connect, then you're doing something similar to the AOL approach.  If
this in itself doesn't start ringing alarm bells, then you need to research SMTP
some more.

>From experience, the best ways to have a major impact on SPAM volumes are, in
decreasing order of effectiveness:

1.  Greylisting - over 95% of SPAM was eradicated when I enabled this
2.  SpamAssassin - the remaining 4.9% was taken out, especially after I
implemented auto white listing
3.  Razor/DCC/RBL, etc - since implementing greylisting, I haven't seen any of
these make any difference whatsoever.

Best Wishes,

Paul.
__________________________________________________
Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA

Tel. 01223 433741
Fax. 01223 433788


_______________________________________________________________________
DISCLAIMER:
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they
are addressed.  If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741
_______________________________________________________________________

More information about the MIMEDefang mailing list