When there is 15 mails, from the two same guys, with less than 10minutes between almost two consecutive mails… Maybe those guys don't have a threaded MUA and can't realize what they are doing ?

Anyway, that's the sort of thread that is easily mark as read.

sudo strips $PWD from env.

Following my recent posts about SPAM in our wonderful project, Raphaël Hertzog asked me to improve alioth mail configuration to use my suggestions. Thanks to him, the improvements I've suggested are now all in place, since roughly 12 hours.

Alioth Exim's configuration had a couple of problems, and was in a not very satisfying shape. Here is the list of the improvements I've suggested, and that now are in place (hopefuly for our best comfort) :

• no check was done on the HELO/EHLO, we now at least verify one was given^[1];
• greylisting has now been made conditionnal: on bad HELO, or blacklisted hosts, we apply greylisting (the method I was talking about previously) ;
• greylisting was applied after the mail was sent (in reply of the DATA command) which is a pure nonsense, because it loads us for nothing. We now check it at RCPT TO time, sparing time, bandwidth and load.

Moreover greylisting has been made more efficient: before, we only greylisted on the pair (sender_ip, sender_domain) which is suboptimal: spammers always forge sender addresses from the same domains (aol, hotmail, …). So in half an hour, aol.com, hotmail.com, … were whitelisted, and spammers could just get through, unannoyed. Whereas occasionnal senders on not very widespread domains were always caught. Now, greylisting uses the full sender_address, which is the mildest way to do greylisting. The hard way would be to use the usual triplet (sender-ip, sender-address, recipient-address), but given the fact that alioth does not delivers to that many recipients, not taking it into consideration is a good compromise to avoid a too huge database, with almost the same results.

I hope to be able to deliver some nice curves based on alioth's traffic in about 10 days, to see if that worked as expected.

Thanks again to Raphaël that made it possible.

for those who are interested, the exim4.conf snipplet to do conditionnal greylisting is :

• create a new ACL, defining what you do want to greylist:

    # acl that tell if we will greylist or not
    acl_greylist:
        # Check if EHLO greeting is resolvable
        deny
            !verify = helo

        # Deny if the host is blacklisted
        deny
            log_message = match $dnslist_domain
            dnslists = cbl.abuseat.org : dul.dnsbl.sorbs.net : dynablock.njabl.org

        # Deny if the sender address can't be verified
        deny
            !verify = sender/callout=30s,connect=5s,defer_ok

        accept

• just add that snipplet just before your greylisting rule:

        accept
            acl = acl_greylist