Exim verify recipient not working

[paul-w]

Hi all

I'm running SpamBlocker.exim.conf.2.0 and MailScanner (www.mailscanner.info) which requires a separate inbound and outbound Exim process.

The problem is, I can't get the verify recipient functionality working, even though the default spamblocker exim.conf uses it.

The domain in question is one that has its own smptp server and my server is a relay for it. So, the public DNS for the domain points to my server as the mail server. My server has a different DNS which points to their server as the mail server. Hence, my server scans for viruses and spam then relays the message onto theirs. Their server sends their outbound mail via mine.

Their domain is in my /etc/virtual/relay_domains file and the IP of their mail server is in my /etc/virtual/relay_hosts file.

They are getting shedloads (tens of thousands a day) of dictionary based spam to their domain. Verify recipient should, I presume, stop this in its tracks. Instead, the messages are passed to MailScanner for scanning, thereby wasting system resources.

Has anyone any ideas? I've spent hours banging my head against a brick wall on this one.

I modified the default /etc/exim.conf. I've commented my changes below but they made no difference:

# accept if address is in a local domain as long as recipient can be verified
accept domains = +local_domains
endpass
#next line was originally but I wondered about the quotation marks:
#message = "Unknown User"
message = unknown user
verify = recipient

# accept if address is in a domain for which we relay as long as recipient
# can be verified
accept domains = +relay_domains
endpass
#next line originally didn't exist
message = unknown user
verify = recipient

accept hosts = +relay_hosts
#next 3 lines didn't exist originally - trying to get verify recipient working
endpass
message = unknown user
verify = recipient
accept hosts = +auth_relay_hosts
endpass
message = authentication required
#next line didn't exist originally
verify = recipient

 

[nobaloney]

I'm running SpamBlocker.exim.conf.2.0 and MailScanner (www.mailscanner.info) which requires a separate inbound and outbound Exim process.

MailScanner was necessary before SpamBlocker could call ClamAV. Since it now can, I'd say update to SpamBlocker3 and use it to call ClamAV directly so you don't need to run MailScanner.

And don't accept email for unknown users, so you won't get all the dictionary spam. Instead of verifying, keep a local list.

Jeff

 

[paul-w]

don't accept email for unknown users, so you won't get all the dictionary spam. Instead of verifying, keep a local list.

Hi Jeff

Thanks for that. I was thinking of going down this route. Where would the local list go? If I discover the dictionary spam isn't as random as it appears, can I go down the other avenue and have a list of blocked recipients and if so, where would this list go?

Thanks

Paul

 

[nobaloney]

The easy way would be to create a path for it in /etc/virtual; that won't require any changes to exim.conf.

Trying to block a dictionary attack by looking at usernames would be possible, but it's probably not worth pursuing and exim.conf doesn't do it by default.

Jeff

 

[paul-w]

Actually, I've added:

verify = recipient/callout=use_postmaster,defer_ok

to exim.conf and it appears to be working a treat. The domain in question received over 12,885 messages today and they have a user base of under 75 so you can imagine how much is bogus.

Can you think of any downsides to what I'm doing?

 

[nobaloney]

The biggest issue is you have to set defer_ok because otherwise you won't get good mail if the server doesn't answer. So you'll get many repeats from some of those servers, instead of just one try.

The second biggest issue is that a lot of mailservers don't properly answer a verify request. Why? Because spammers can verify a whole dictionary and use the responses to build a smaller leaner dictionary of good addresses.

Jeff