Hello,
I've deployed change 463611 which converts the DNSBL checks
introduced in 462472 (thanks Keith!) from just warnings to actually
taking action against spammers.
Also enabled sender verification checks (on top of the already
enabled recipient checks). This should help with bounce emails that
can't get delivered (frozen in Exim's queue).
I tested email delivery to/from various hosts, tool's email, watched
emails going to other tools, etc. It seems to be working fine but I'm
sure there will be some false positives.
Infamous @qq.com spam being blocked:
2018-09-29 14:03:38 H=(0voc.cn) [122.237.40.138] F=<5281141(a)qq.com>
rejected RCPT <Mailer-Daemon(a)tools.wmflabs.org>rg>: Blocked by DNSBL (see
https://www.spamhaus.org/query/ip/122.237.40.138)
Sender addresses check:
2018-09-29 14:07:07 H=(ABC) [138.99.254.197] sender verify fail for
<noreply(a)i.dont.exist>st>: Unrouteable address
2018-09-29 14:07:07 H=(ABC) [138.99.254.197]
F=<noreply(a)i.dont.exist> rejected RCPT
<gtirloni-sandbox.anything(a)tools.wmflabs.org>rg>: Sender verify failed
Hopefully, this decreases the amount of spam we're getting today
until the new SMTP servers are in place. Please let us know if
something broke due to this change.
Thanks
--
Giovanni Tirloni
Operations Engineer
Wikimedia Cloud Services