Configuring exim to reject senders

Today I received two copies of the same mail: “re: Achieving your goals…….”, size 1.3Mb.

Wait, 1.3Mb?

[-- Attachment #2: clip_image001.jpg --] [-- Type: image/jpeg, Encoding: base64, Size: 523K --] [-- Attachment #3: clip_image004.jpg --] [-- Type: image/jpeg, Encoding: base64, Size: 752K --]

(MIME part #1 was multipart/alternative, so they at least got that right.)

This ended up in my inbox because my spam filters don’t check messages over a certain size, to prevent killing my server. I thought that was a reasonable choice after all, which spammers would be dumb enough to spam with enormous attachments?

Apparently, New Era Publications UK is. (I hope a spammer scrapes this page and gets that address.)

I decided to teach Exim to reject senders with a a particular message, rather than just a generic “unwanted sender” message. I wanted to put addresses in a file that Exim could lsearch and the data of the key would be the given reason.

The Exim FAQ suggests a way of doing this (actually it suggests a way of indexing on pairs of sender=>recipient), but the example is broken.

Just in case anyone else finds it handy, here’s a snippet for the RCPT ACL in Exim which rejects senders with a custom message.

deny condition = ${if eq {${lookup{$sender_address}lsearch{/usr/local/etc/exim/badsenders}}}{} \ {no}{yes}} message = ${lookup{$sender_address}lsearch{/usr/local/etc/exim/badsenders}}

Pop that in your configure file, and create /usr/local/etc/exim/badsenders (leave it empty if you don’t have anything to go in it yet, but it MUST exist). Make sure the exim process can read it. Populate it with data like this: nepuk@newerapublications.com : Sending oversized spam example@jamesoff.net : This address never receives mail

You must put a reason else the condition won’t trigger. HUP exim to make it notice the updated configuration, but you don’t need to do that every time you add a new address to badsenders.