Sat, 18 Sep 2004
I've been using sender
address verification callbacks for a long time. It helps eliminate a lot
of spam by checking if the sender's address is deliverable. Unfortunately,
there are a number of systems that send mail with an invalid envelope sender.
These are often generated by scripts on a web server where the sender defaults
to the-apache-user@the.web.server.name. There are also a number of
misconfigured mail server, mostly IMail
installations, that do not accept messages with null senders. This not only
prevents their users from receiving bounce messages, but also prevents sender
address verification from working.
Up until yesterday, I've rejected messages at RCPT time that fail sender
address verification. Trying to deal with the number of false positives for a
significant number of users has proven to be too dificult. So I decided to
continue using sender address verification, but incorporate
the result into an overall SpamAssassin score.
Andrew, on the exim-users list provided a helpful Exim ACL snippet which I modified a bit and came up with the following:
acl_callout_test:
warn set acl_m6 = TEMP
accept verify = sender/callout=60s,random
set acl_m6 = OK
warn set acl_m6 = FAIL
acl_check_rcpt:
warn acl = acl_callout_test
warn message = X-Sender-Verification: $acl_m6
This adds an X-Sender-Verification header which I then check for in SpamAssassin.
header POSTICA_SENDER_ADDRESS_FAIL X-Sender-Verification =~ /FAIL/
describe POSTICA_SENDER_ADDRESS_FAIL Sender Address Verification Failure
score POSTICA_SENDER_ADDRESS_FAIL 2.0
header POSTICA_SENDER_ADDRESS_TEMPFAIL X-Sender-Verification =~ /TEMP/
describe POSTICA_SENDER_ADDRESS_TEMPFAIL Sender Address Verification Temp Failure
score POSTICA_SENDER_ADDRESS_TEMPFAIL 1.0
I may have to tweak the scores, but so far, it's working pretty well.
tech » mail | Permanent Link
