2

I have a setup of exim4 on domain1 in front of other server, domain2 (with sendmail). Second server have no direct access to internet, so domain1 is MX for domain2. And domain2 is set as hubbed_host in the exim4 on domain1.

When spammer sends message for no_such_user@domain2, its sendmail do a reject:

550 5.1.1 <no_such_user@domain2>... User unknown

Then, exim4 at domain1 do an auto-reply like this:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  no_such_user@domain2
    SMTP error from remote mail server after RCPT TO:<no_such_user@domain2>:
    host 10.0.0.1 [10.0.0.1]: 550 5.1.1 <no_such_user@domain2>... User
unknown

The spammers uses fake "from" field, and such generated messages are frozen by exim for a long time.

How can I disable some or all autoreplies from exim4? Ideally, I want a filter, if message was not delivered with error "User unknown" than don't generate any autoreply from mailer-daemon.

Thanks!

osgx
  • 583
  • 11
  • 26
  • 1
    It believe it would be better to update your internal server so that it allows exim to use the VRFY command to check that the recipient is valid immediately, so it doesn't even need to accept the message in the first place. – Zoredache Feb 26 '10 at 00:51
  • Do exim4 check recipient with VRFY by default? For now I have problems with root access to internal server (it is on remote location and it is admined by other people). I need a quick-fix, it can be even post-filter on exim4 - which will delete all messages contained "User unknown" and "[10.0.0.1]: 550 5.1.1" – osgx Feb 26 '10 at 01:01

2 Answers2

1

I think this blog post is what you're looking for.

Problem: When a mail server accepts a message and later decides that it can’t deliver the message, it is required to send back a bounce email to the sender of the original message. These bounce emails are often misdirected.

For many MTAs there are solutions, so here is my solution for exim:

Solution: This solution uses filtering to discard bounced back emails. So your exim should have a central filter. Such filter can be configured in exim.conf configuration file […]

fission
  • 3,506
  • 2
  • 20
  • 27
1

Your problem is that you're not verifying the recipient address at RCPT time. This is easy to fix.

Use callout verification for the recipient. The "remote" server you talk to is under your control, so this is not abusive.

In the ACL assigned to acl_smtp_rcpt, you have a rule which does "verify = recipient". Without knowing your rules, I can't say exactly what to do. IF this line is in an "accept" block, then just before it you can add another accept block, almost the same, with an added "domains = domain2" restriction and which does "verify = recipient/callout" (adding those 8 characters at the end). If this is in a "require" block, instead of "accept", then after that block you can add a deny block, like:

  deny  domains = domain2
        !verify = recipient/callout

There are more options to control things like timeouts, actions on deferral, etc. See §40.42 "Additional parameters for callouts" of The Exim Specification (should be "spec.txt" somewhere on your system).

Phil P
  • 3,040
  • 1
  • 15
  • 19