[Ask Exim] how to drop spam email and not bounce it?

[markhard]

a lot of spam that come to my server are using fake email address and it's sent to email address which is not exist on my server. i already set :fail: on cpanel default address, so i believe that my customer didn't receive spam from non existing email addresses.

but the problem is exim bounching the spam emails. because the spam emails is using fake email address. i'm afraid that my server's IP will get blacklisted because the spam email is attached on the bounce email sent by exim.

another problem is if the user create a forwarder that forward all email to another provider, of course all spam email will be forwarded too. this can also make my server's IP being blacklisted.

how can i configure Exim to:

1. if the message are spam (scanned by spamassassin) and the recipient email doesn't exist, bounce only only the email's header without the message body.

2. if the message are spam and the user set a forwarder to another email address, forward only the email's header without the message body.

please help..

thanks

 

[markhard]

i still didn't get any answer for my question above, please help

 

[chirpy]

If the recipient doesn't exist (i.e. the RCPT TO check :fail:'s) then the email isn't bounced, the SMTP connection is dropped with an error to the originating server.

I've no idea how you could achieve the second item you mentioned.

 

[bizzy]

Yes - we too are moving all our client domains to :fail except for specified mail forwarding. This is the most efficient way of handling joe-jobbed spam or whatever as you don't carry the incoming email body traffic or send bounce messages which may even bounce back with some misconfigured MTAs.

It also helpful - giving a clear message to people sending misaddressed mail rather than quietly blackholing it.

As for recognising and censoring suspect spam - I'm am of the persuasion that this is not the job of a distant server to make what is in effect subjective judgement over mail. Great products like Mailwasher allow the individual user to specifically control and refine the mail they automatically reject without seeing, review online or clear for collection while still on the server.

Altrnatively if a few dollars is beyond your means - Gmail is pretty good at ripping out spam and will forward or permit POP3 collection.

HTH

 

[sparek-3]

If you use :fail: for your default box, then your server never accepts the message and never generates a bounced message. If the sender receives a bounced message it is coming from the sending server that was originally sending the message to the failed recipient.

As for your issues with users using e-mail forwarders to forward mail and spam off of your server, this is just a good example of why forwarding mail off of your server is such a bad idea. However, controlling that issue is not an exact science. The only solution I would have is to educate your users into letting them know why forwarding mail off of the server is such a bad idea. If users want to forward mail to their gmail address, then perhaps they should take a step back and consider that if they are only going to be checking their gmail address, then they should only advertise their gmail address. If they want to use e-mail addresses at their domain name, then they should set up those addresses as actual mail accounts on the server and check them directly (forwarding mail within the same domain or the same server would not be an issue). Gmail may not be blocking your server now because of forwarding your spam, but they may eventually. The best solution in this case is to just not forward mail off of the server.

 

[anoetic]

I remember now why I used :blackhole: instead of :fail:

If the recipient doesn't exist (i.e. the RCPT TO check :fail:'s) then the email isn't bounced, the SMTP connection is dropped with an error to the originating server.

That's not true, at least on my server. I'm experiencing the same problem as described by the original poster of this thread. I've double-checked that a domain's default address is set to :fail: and *my* server sends (or attempts to send) the bounce message. I would *like* for it to be working the way chirpy describes it should be working, but it's not working that way on my server. (I removed over 3000 such messages from my mail queue just today.) If necessary, I can post example mail headers that show that my server is sending the bounce message

Is there anything I can check to determine why I'm getting this behavior rather than the behavior described by chirpy and others?

 

[anoetic]

:fail: works now!

My oh my, what a difference a plus sign can make!

I decided to test the bounce reporting on one of my other servers and discovered that it worked as described by chirpy, so I compared the exim.conf file on that server with the exim.conf file on the server which was not working and discovered that in one place, it referred to local_domains instead of +local_domains. I added that silly little plus sign and all is well now. What a deal!

So, to the original poster of this thread, my advice is to check your exim.conf file for syntax errors.