Validating incoming email addresses
Bob McClure Jr
robertmcclure at earthlink.net
Mon Jun 27 19:19:14 UTC 2005
On Mon, Jun 27, 2005 at 12:00:30PM -0600, karlp at ourldsfamily.com wrote:
> > On Fri, Jun 24, 2005 at 10:50:43PM -0600, karlp at ourldsfamily.com wrote:
> >> How do I go about blocking incoming email based on validating the
> >> sender's
> >> email address? I am getting spam email which is from a non-existent
> >> email
> >> address on my own domain. A look at the header shows it's not from my
> >> domain. I expected that. But, the From: field is from my domain
> >> (ourldsfamily.com), even down to my server name
> >> (moroni.ourldsfamily.com)
> >> which NEVER sends email, per se, other than internally as in mail
> >> generated by cron jobs.
> >> Too much information, but I hope you get the gist of what I need.
> >> TIA,
> >> Karl
> > Depends on your email setup and where you want to stop the mail. If
> > you want to stop it at the door, then it depends on what MTA
> > (sendmail, postfix, et al.) you are using.
> > If you want to punt it after your MTA accepts it but before delivery,
> > I strongly recommend SpamAssassin. With or without SA, you can drop
> > it in the bit bucket with a well-crafted recipe in your ~/.procmailrc
> > (assuming procmail is your MDA (delivery agent)). But with SA, and
> > assuming SA scores it as spam, then procmail can (1) divert the spam
> > to a bucket for inspection, (2) punt spam scoring over XX points, or
> > (3) summarily punt all identified spam (not recommended), or some
> > combination.
> > Let us know your constraints. I'm well versed in Postfix and
> > SpamAssassin.
> I'm using sendmail and Spamassassin (v3.0.2) and these emails aren't
> getting caught.
Side note: SA vv3.0.1-3 have a known DOS vulnerability. I recommend
upgrade to v3.0.4.
> I have some other issues as well, such as email that is
> clearly, to me, spam which is not being caught. The score is only .1 (my
> threshold is set at 1.0) I guess in theory, my threshold should be 0.0
> rather than 1, but there are a bunch of emailers who have no clue and
> insist on 'pretty-ing' up their email by sending HTML email (curse the
> fool who came up with that functionality; and curse AOL for not allowing
> anyting BUT HTML email!).
Ouch! Threshold of 1.0? Surely you can improve things. I run with
the default threshold of 5.0 and rarely have to feed a missed spam
back to sa-learn. I strongly urge you to use the SpamAssassin Rules
Emporium's (SARE) add-on rulesets and keep them updated with
"rules_du_jour". Also make sure the SURBL (SpamAssassin URI Realtime
BlackList) checker is working. In particular, run
spamassassin -D --lint
and look to see that the Net::DNS module is up to date and loading.
Here are some URLs to get you started:
http://spamassassin.apache.org/index.html (of course)
> I have a pretty complex set of procmail filters at both the enterprize
> level and the personal level in my own account. I'm no great procmail
> programmer as many of my rules are copied/tested and retested until they
> work 'right'. I may be wrong, but optimally, I think I'd like to have
> sendmail refuse delivery of email which isn't a user on my domain.
I use this, too:
> if it's better to have procmail do it, I'm all over that, too.
> Thanks Bob. (and any others who have experience and can help)
Finally, I recommend you joint the SA mailing list at least long
enough to get to where you need to set your spam threshold back to
Let me know, on or off list, if you need any additional help.
Bob McClure, Jr. Bobcat Open Systems, Inc.
robertmcclure at earthlink.net http://www.bobcatos.com
God doesn't have (or need) a Plan B.
More information about the Redhat-install-list