[SA-exim] Side-effect involving mailing lists

Marc MERLIN marc at merlins.org
Sun Nov 16 13:37:48 PST 2003


On Sun, Nov 16, 2003 at 12:27:58PM -0800, Rick Moen wrote:
> 1.  The first couple of days after converting to sa-exim, I realised
> I was tarpitting my main backup MX, Richard Couture's myrddin.imat.com: 
> Richard clings to an old-school "all mail is sacred" admin philosophy,
> was relaying large amounts of spam, and accordingly was getting 
> "451 Please try again later" upon attempting redelivery.
 
Yep, absolutely. This only works if you control the MXes too, especially as
some spam goes to the secondary MXes without ever trying a delivery to the
primary one.

That's why the config file has this:
# Please, don't teergrube people you relay for you or your own MXes :-)
SAteergrubecond: ${if and { {!eq {$sender_host_address}{204.80.101.251}} {!eq {$
sender_host_address}{198.186.202.175}} {!eq {$sender_host_address}{194.2.204.37}
} {!eq {$sender_host_address}{216.239.45.4}} {!eq {$sender_host_address}{216.109
.84.130}} } {1}{0}}

I personally don't use backup MXes unless I have full control over
them. It's been more trouble than it's helped otherwise

> 2.  Similarly, I've noticed my system teergrubing spam-permissive
> mailing lists:
 
Yeah, that happens to me once in a while. When they don't run a smart MLM
with VERP, I just let them bounce to teach the ML host not to relay spam :)

Other times, I whitelist the list in SA's config, so teergrubing doesn't
kick in.

>    Remote host said: 451 Please try again later
>    I'm not going to try again; this message has been in the queue too long.
> 
> Anyone want to advise DJB of the distinction between SMTP rejects
> and "bouncing"?  I'm not volunteering.  ;->
 
Technically that's a temp reject that looks suspiciously like you're over
quota or something. I don't think it's wrong for an MLM to do this.
I also bounce some of bugtraq's mails because the header from is forged.

> Separately, Yahoo Groups has put me on "nomail" several times for
> "bouncing" [sic] its crappy mailing lists' relayed spam -- though that's
> trivial to reverse.
 
Yep, same here.
 
> What I'm curious about is:  What's a reasonable way to deal with this
> problem?  I'm tempted to label the "problem" serendipitous, and conclude
> that spam-permissive listadmins _should_ be teergrubed into oblivion.

It's a bit harsh in my opinion. I would only reject the mail, not teergrube
the ML host. No need to over-punish them
(the only exception I've made to this rule is the sfs list hosted at MIT
which received 5 spams for each good message at some point).

> but what do people do for spam-permissive mailing lists they want to
> read, not get spam from, and not get thrown off on account of teergrubing
> them?

Tag the message, accept it, and /dev/null it.

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key



More information about the SA-Exim mailing list