Hello,

I've deployed change 463611 which converts the DNSBL checks introduced in 462472 (thanks Keith!) from just warnings to actually taking action against spammers.

Also enabled sender verification checks (on top of the already enabled recipient checks). This should help with bounce emails that can't get delivered (frozen in Exim's queue).

I tested email delivery to/from various hosts, tool's email, watched emails going to other tools, etc. It seems to be working fine but I'm sure there will be some false positives.

Infamous @qq.com spam being blocked:

2018-09-29 14:03:38 H=(0voc.cn) [122.237.40.138] F=5281141@qq.com rejected RCPT Mailer-Daemon@tools.wmflabs.org: Blocked by DNSBL (see https://www.spamhaus.org/query/ip/122.237.40.138)

Sender addresses check:

2018-09-29 14:07:07 H=(ABC) [138.99.254.197] sender verify fail for noreply@i.dont.exist: Unrouteable address 2018-09-29 14:07:07 H=(ABC) [138.99.254.197] F=noreply@i.dont.exist rejected RCPT gtirloni-sandbox.anything@tools.wmflabs.org: Sender verify failed

Hopefully, this decreases the amount of spam we're getting today until the new SMTP servers are in place. Please let us know if something broke due to this change.

Thanks