Validating incoming email addresses

Rick Stevens rstevens at vitalstream.com
Mon Jun 27 23:14:35 UTC 2005 

Bob McClure Jr wrote:
> On Mon, Jun 27, 2005 at 12:00:30PM -0600, karlp at ourldsfamily.com wrote:
> 
>>>On Fri, Jun 24, 2005 at 10:50:43PM -0600, karlp at ourldsfamily.com wrote:
>>>
>>>>How do I go about blocking incoming email based on validating the
>>>>sender's
>>>>email address? I am getting spam email which is from a non-existent
>>>>email
>>>>address on my own domain. A look at the header shows it's not from my
>>>>domain. I expected that. But, the From: field is from my domain
>>>>(ourldsfamily.com), even down to my server name
>>>>(moroni.ourldsfamily.com)
>>>>which NEVER sends email, per se, other than internally as in mail
>>>>generated by cron jobs.
>>>>
>>>>Too much information, but I hope you get the gist of what I need.
>>>>
>>>>TIA,
>>>>
>>>>Karl
>>>
>>>Depends on your email setup and where you want to stop the mail.  If
>>>you want to stop it at the door, then it depends on what MTA
>>>(sendmail, postfix, et al.) you are using.
>>>
>>>If you want to punt it after your MTA accepts it but before delivery,
>>>I strongly recommend SpamAssassin.  With or without SA, you can drop
>>>it in the bit bucket with a well-crafted recipe in your ~/.procmailrc
>>>(assuming procmail is your MDA (delivery agent)).  But with SA, and
>>>assuming SA scores it as spam, then procmail can (1) divert the spam
>>>to a bucket for inspection, (2) punt spam scoring over XX points, or
>>>(3) summarily punt all identified spam (not recommended), or some
>>>combination.
>>>
>>>Let us know your constraints.  I'm well versed in Postfix and
>>>SpamAssassin.
>>>
>>
>>I'm using sendmail and Spamassassin (v3.0.2) and these emails aren't
>>getting caught.
> 
> 
> Side note: SA vv3.0.1-3 have a known DOS vulnerability.  I recommend
> upgrade to v3.0.4.
> 
> 
>>I have some other issues as well, such as email that is
>>clearly, to me, spam which is not being caught. The score is only .1 (my
>>threshold is set at 1.0) I guess in theory, my threshold should be 0.0
>>rather than 1, but there are a bunch of emailers who have no clue and
>>insist on 'pretty-ing' up their email by sending HTML email (curse the
>>fool who came up with that functionality; and curse AOL for not allowing
>>anyting BUT HTML email!).
> 
> 
> Ouch!  Threshold of 1.0?  Surely you can improve things.  I run with
> the default threshold of 5.0 and rarely have to feed a missed spam
> back to sa-learn.  I strongly urge you to use the SpamAssassin Rules
> Emporium's (SARE) add-on rulesets and keep them updated with
> "rules_du_jour".  Also make sure the SURBL (SpamAssassin URI Realtime
> BlackList) checker is working.  In particular, run
> 
>   spamassassin -D --lint
> 
> and look to see that the Net::DNS module is up to date and loading.
> 
> Here are some URLs to get you started:
> 
> http://spamassassin.apache.org/index.html (of course)
> http://www.rulesemporium.com/
> http://wiki.apache.org/spamassassin/
> http://www.surbl.org/
> 
> 
>>I have a pretty complex set of procmail filters at both the enterprize
>>level and the personal level in my own account. I'm no great procmail
>>programmer as many of my rules are copied/tested and retested until they
>>work 'right'. I may be wrong, but optimally, I think I'd like to have
>>sendmail refuse delivery of email which isn't a user on my domain.
> 
> 
> I use this, too:
> 
> http://www.stearns.org/doc/spamassassin-setup.current.html
> 
> 
>>However
>>if it's better to have procmail do it, I'm all over that, too.
>>
>>Thanks Bob. (and any others who have experience and can help)
>>
>>Karl
> 
> 
> Finally, I recommend you joint the SA mailing list at least long
> enough to get to where you need to set your spam threshold back to
> 5.0:
> 
> http://wiki.apache.org/spamassassin/MailingLists
> 
> Let me know, on or off list, if you need any additional help.

You should also NOT accept mail from non-resolvable hosts, e.g. make
sure "accept_unresolveable_domains" is turned OFF in your sendmail.mc
file.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-    I don't suffer from insanity...I enjoy every minute of it!      -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list