Re: Exim, RBL/ORBS, fetchmail and POP3
On Thu, Dec 14, 2000 at 08:23:50PM -0600, Phil Brutsche wrote:
> A long time ago, in a galaxy far, far way, someone said...
>
> > BTW, is it possible to use Exim's RBL/ORBS blackholing with fetchmail
> > _and_ POP3?
>
> exim's blackholing only works if the messages are delivered direct to your
> computer and not via fetchmail.
Are you absolutely sure? I ask because the fetchmail man page makes it
sound like it can do just that.
> Obviously the answer (to me, at least :) is to detect if the mail message
> was delivered to your ISP via an open relay.
Yes, Exim has rbl functionality.
OK. Some excerpts from man fetchmail:
> -Z nnn, --antispam nnn[,nnn[,nnn...]]
> (Keyword: antispam) Specifies the list of numeric
> SMTP errors that are to be interpreted as a spam-
^^^^^^^^^^^^
> block response from the listener. A value of -1
> disables this option. For the command-line option,
> the list values should be comma-separated.
> SPAM FILTERING
> Many SMTP listeners allow administrators to set up `spam
> filters' that block unsolicited email from specified
> domains. A MAIL FROM or DATA line that triggers this fea
^^^^^^^^^ ^^^^
This is the part that really widens my eyes. Doing a 'fetchmail -vv >
log' and looking at the output shows what is going on between fetchmail
and my MTA as it downloads my POP3 mail from my ISP.
> fetchmail: SMTP> MAIL FROM:<bounce-debian-devel=john=unixen.org@lists.debian.org> SIZE=2697
fetchmail sends the MTA the MAIL FROM: line, but this is not what rbl
uses. This is basically the spoofable From: address.
> fetchmail: SMTP< 250 <bounce-debian-devel=john=unixen.org@lists.debian.org>... Sender ok
MTA responds with code 250, all's OK. Deliver.
> fetchmail: SMTP> RCPT TO:<john@localhost>
> fetchmail: SMTP< 250 <john@localhost>... Recipient ok
> fetchmail: SMTP> DATA
^^^^
But the fetchmail man page also mentions the ``DATA line.''
> fetchmail: SMTP< 354 Enter mail, end with "." on a line by itself
MTA responds to the DATA line with code 354. Here's the question: if
fetchmail can examine on the ``DATA line'' (which I take to mean the
email headers, including the Received: line, and doesn't the rbl use
this line to do a lookup of a spammer?) does that mean that an MTA like
Exim can return an rbl match, generating an error that fetchmail
recognizes, or that we instruct it to recognize via the '-Z nnn' switch.
And therefore DELEs that UCE serverside?!
> fetchmail: SMTP>. (EOM)
> fetchmail: SMTP< 250 HAA00893 Message accepted for delivery
> flushed
> fetchmail: POP3> DELE 1
> fetchmail: POP3< +OK
> ture will elicit an SMTP response which (unfortunately)
> varies according to the listener.
But which can be set if necessary by '-Z nnn', see above.
> Newer versions of sendmail return an error code of 571.
> This return value is blessed by RFC1893 as "Delivery not
> authorized, message refused".
>
> According to current drafts of the replacement for RFC821,
> the correct thing to return in this situation is 550
> "Requested action not taken: mailbox unavailable" (the
> draft adds "[E.g., mailbox not found, no access, or com
> mand rejected for policy reasons].").
>
> The exim MTA returns 501 "Syntax error in parameters or
> arguments", but will move to 550 soon.
>
> The fetchmail code recognizes and discards the message on
> any of a list of responses that defaults to [571, 550,
> 501, 554] but can be set with the `antispam' option. This
> is one of the only three circumstance under which fetch
> mail ever discards mail (the others are the 552 and 553
> errors described below, and the suppression of mul
> tidropped messages with a message-ID already seen).
>
> If fetchmail is fetching from an IMAP server, the antispam
> response will be detected and the message rejected immedi
> ately after the headers have been fetched, without reading
> the message body. Thus, you won't pay for downloading
> spam message bodies.
>
> Mail that is spam-blocked triggers an RFC1892 bounce mes
> sage informing the originator that we do not accept mail
> from it.
> If you search freshmeat.net I think you'll find one program that does so
> (I don't recall what it's called), but I havent' yet found a way to make
> it work nicely with exim's filtering language, which I rely on to filter
> my email.
This fetchmail/MTA/RBL thing seems so natural to me that I can't believe
it hasn't been done, or is being done for POP3 users.
John
--
John Bacalle
Reply to: