Validating incoming email addresses
rstevens at vitalstream.com
Mon Jun 27 23:14:35 UTC 2005
Bob McClure Jr wrote:
> On Mon, Jun 27, 2005 at 12:00:30PM -0600, karlp at ourldsfamily.com wrote:
>>>On Fri, Jun 24, 2005 at 10:50:43PM -0600, karlp at ourldsfamily.com wrote:
>>>>How do I go about blocking incoming email based on validating the
>>>>email address? I am getting spam email which is from a non-existent
>>>>address on my own domain. A look at the header shows it's not from my
>>>>domain. I expected that. But, the From: field is from my domain
>>>>(ourldsfamily.com), even down to my server name
>>>>which NEVER sends email, per se, other than internally as in mail
>>>>generated by cron jobs.
>>>>Too much information, but I hope you get the gist of what I need.
>>>Depends on your email setup and where you want to stop the mail. If
>>>you want to stop it at the door, then it depends on what MTA
>>>(sendmail, postfix, et al.) you are using.
>>>If you want to punt it after your MTA accepts it but before delivery,
>>>I strongly recommend SpamAssassin. With or without SA, you can drop
>>>it in the bit bucket with a well-crafted recipe in your ~/.procmailrc
>>>(assuming procmail is your MDA (delivery agent)). But with SA, and
>>>assuming SA scores it as spam, then procmail can (1) divert the spam
>>>to a bucket for inspection, (2) punt spam scoring over XX points, or
>>>(3) summarily punt all identified spam (not recommended), or some
>>>Let us know your constraints. I'm well versed in Postfix and
>>I'm using sendmail and Spamassassin (v3.0.2) and these emails aren't
> Side note: SA vv3.0.1-3 have a known DOS vulnerability. I recommend
> upgrade to v3.0.4.
>>I have some other issues as well, such as email that is
>>clearly, to me, spam which is not being caught. The score is only .1 (my
>>threshold is set at 1.0) I guess in theory, my threshold should be 0.0
>>rather than 1, but there are a bunch of emailers who have no clue and
>>insist on 'pretty-ing' up their email by sending HTML email (curse the
>>fool who came up with that functionality; and curse AOL for not allowing
>>anyting BUT HTML email!).
> Ouch! Threshold of 1.0? Surely you can improve things. I run with
> the default threshold of 5.0 and rarely have to feed a missed spam
> back to sa-learn. I strongly urge you to use the SpamAssassin Rules
> Emporium's (SARE) add-on rulesets and keep them updated with
> "rules_du_jour". Also make sure the SURBL (SpamAssassin URI Realtime
> BlackList) checker is working. In particular, run
> spamassassin -D --lint
> and look to see that the Net::DNS module is up to date and loading.
> Here are some URLs to get you started:
> http://spamassassin.apache.org/index.html (of course)
>>I have a pretty complex set of procmail filters at both the enterprize
>>level and the personal level in my own account. I'm no great procmail
>>programmer as many of my rules are copied/tested and retested until they
>>work 'right'. I may be wrong, but optimally, I think I'd like to have
>>sendmail refuse delivery of email which isn't a user on my domain.
> I use this, too:
>>if it's better to have procmail do it, I'm all over that, too.
>>Thanks Bob. (and any others who have experience and can help)
> Finally, I recommend you joint the SA mailing list at least long
> enough to get to where you need to set your spam threshold back to
> Let me know, on or off list, if you need any additional help.
You should also NOT accept mail from non-resolvable hosts, e.g. make
sure "accept_unresolveable_domains" is turned OFF in your sendmail.mc
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- I don't suffer from insanity...I enjoy every minute of it! -
More information about the Redhat-install-list