Validating incoming email addresses
Rick Stevens
rstevens at vitalstream.com
Mon Jun 27 23:14:35 UTC 2005
Bob McClure Jr wrote:
> On Mon, Jun 27, 2005 at 12:00:30PM -0600, karlp at ourldsfamily.com wrote:
>
>>>On Fri, Jun 24, 2005 at 10:50:43PM -0600, karlp at ourldsfamily.com wrote:
>>>
>>>>How do I go about blocking incoming email based on validating the
>>>>sender's
>>>>email address? I am getting spam email which is from a non-existent
>>>>email
>>>>address on my own domain. A look at the header shows it's not from my
>>>>domain. I expected that. But, the From: field is from my domain
>>>>(ourldsfamily.com), even down to my server name
>>>>(moroni.ourldsfamily.com)
>>>>which NEVER sends email, per se, other than internally as in mail
>>>>generated by cron jobs.
>>>>
>>>>Too much information, but I hope you get the gist of what I need.
>>>>
>>>>TIA,
>>>>
>>>>Karl
>>>
>>>Depends on your email setup and where you want to stop the mail. If
>>>you want to stop it at the door, then it depends on what MTA
>>>(sendmail, postfix, et al.) you are using.
>>>
>>>If you want to punt it after your MTA accepts it but before delivery,
>>>I strongly recommend SpamAssassin. With or without SA, you can drop
>>>it in the bit bucket with a well-crafted recipe in your ~/.procmailrc
>>>(assuming procmail is your MDA (delivery agent)). But with SA, and
>>>assuming SA scores it as spam, then procmail can (1) divert the spam
>>>to a bucket for inspection, (2) punt spam scoring over XX points, or
>>>(3) summarily punt all identified spam (not recommended), or some
>>>combination.
>>>
>>>Let us know your constraints. I'm well versed in Postfix and
>>>SpamAssassin.
>>>
>>
>>I'm using sendmail and Spamassassin (v3.0.2) and these emails aren't
>>getting caught.
>
>
> Side note: SA vv3.0.1-3 have a known DOS vulnerability. I recommend
> upgrade to v3.0.4.
>
>
>>I have some other issues as well, such as email that is
>>clearly, to me, spam which is not being caught. The score is only .1 (my
>>threshold is set at 1.0) I guess in theory, my threshold should be 0.0
>>rather than 1, but there are a bunch of emailers who have no clue and
>>insist on 'pretty-ing' up their email by sending HTML email (curse the
>>fool who came up with that functionality; and curse AOL for not allowing
>>anyting BUT HTML email!).
>
>
> Ouch! Threshold of 1.0? Surely you can improve things. I run with
> the default threshold of 5.0 and rarely have to feed a missed spam
> back to sa-learn. I strongly urge you to use the SpamAssassin Rules
> Emporium's (SARE) add-on rulesets and keep them updated with
> "rules_du_jour". Also make sure the SURBL (SpamAssassin URI Realtime
> BlackList) checker is working. In particular, run
>
> spamassassin -D --lint
>
> and look to see that the Net::DNS module is up to date and loading.
>
> Here are some URLs to get you started:
>
> http://spamassassin.apache.org/index.html (of course)
> http://www.rulesemporium.com/
> http://wiki.apache.org/spamassassin/
> http://www.surbl.org/
>
>
>>I have a pretty complex set of procmail filters at both the enterprize
>>level and the personal level in my own account. I'm no great procmail
>>programmer as many of my rules are copied/tested and retested until they
>>work 'right'. I may be wrong, but optimally, I think I'd like to have
>>sendmail refuse delivery of email which isn't a user on my domain.
>
>
> I use this, too:
>
> http://www.stearns.org/doc/spamassassin-setup.current.html
>
>
>>However
>>if it's better to have procmail do it, I'm all over that, too.
>>
>>Thanks Bob. (and any others who have experience and can help)
>>
>>Karl
>
>
> Finally, I recommend you joint the SA mailing list at least long
> enough to get to where you need to set your spam threshold back to
> 5.0:
>
> http://wiki.apache.org/spamassassin/MailingLists
>
> Let me know, on or off list, if you need any additional help.
You should also NOT accept mail from non-resolvable hosts, e.g. make
sure "accept_unresolveable_domains" is turned OFF in your sendmail.mc
file.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- I don't suffer from insanity...I enjoy every minute of it! -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list