Validating incoming email addresses

Rick Stevens rstevens at vitalstream.com
Wed Jun 29 21:23:31 UTC 2005 

karlp at ourldsfamily.com wrote:
>>Bob McClure Jr wrote:
>>
>>>On Mon, Jun 27, 2005 at 12:00:30PM -0600, karlp at ourldsfamily.com wrote:
>>>
>>>
>>>>>On Fri, Jun 24, 2005 at 10:50:43PM -0600, karlp at ourldsfamily.com wrote:
>>>>>
>>>>>
>>>>>>How do I go about blocking incoming email based on validating the
>>>>>>sender's
>>>>>>email address? I am getting spam email which is from a non-existent
>>>>>>email
>>>>>>address on my own domain. A look at the header shows it's not from my
>>>>>>domain. I expected that. But, the From: field is from my domain
>>>>>>(ourldsfamily.com), even down to my server name
>>>>>>(moroni.ourldsfamily.com)
>>>>>>which NEVER sends email, per se, other than internally as in mail
>>>>>>generated by cron jobs.
>>>>>>
>>>>>>Too much information, but I hope you get the gist of what I need.
>>>>>>
>>>>>>TIA,
>>>>>>
>>>>>>Karl
>>>>>
>>>>>Depends on your email setup and where you want to stop the mail.  If
>>>>>you want to stop it at the door, then it depends on what MTA
>>>>>(sendmail, postfix, et al.) you are using.
>>>>>
>>>>>If you want to punt it after your MTA accepts it but before delivery,
>>>>>I strongly recommend SpamAssassin.  With or without SA, you can drop
>>>>>it in the bit bucket with a well-crafted recipe in your ~/.procmailrc
>>>>>(assuming procmail is your MDA (delivery agent)).  But with SA, and
>>>>>assuming SA scores it as spam, then procmail can (1) divert the spam
>>>>>to a bucket for inspection, (2) punt spam scoring over XX points, or
>>>>>(3) summarily punt all identified spam (not recommended), or some
>>>>>combination.
>>>>>
>>>>>Let us know your constraints.  I'm well versed in Postfix and
>>>>>SpamAssassin.
>>>>>
>>>>
>>>>I'm using sendmail and Spamassassin (v3.0.2) and these emails aren't
>>>>getting caught.
>>>
>>>
>>>Side note: SA vv3.0.1-3 have a known DOS vulnerability.  I recommend
>>>upgrade to v3.0.4.
>>>
>>>
>>>
>>>>I have some other issues as well, such as email that is
>>>>clearly, to me, spam which is not being caught. The score is only .1 (my
>>>>threshold is set at 1.0) I guess in theory, my threshold should be 0.0
>>>>rather than 1, but there are a bunch of emailers who have no clue and
>>>>insist on 'pretty-ing' up their email by sending HTML email (curse the
>>>>fool who came up with that functionality; and curse AOL for not allowing
>>>>anyting BUT HTML email!).
>>>
>>>
>>>Ouch!  Threshold of 1.0?  Surely you can improve things.  I run with
>>>the default threshold of 5.0 and rarely have to feed a missed spam
>>>back to sa-learn.  I strongly urge you to use the SpamAssassin Rules
>>>Emporium's (SARE) add-on rulesets and keep them updated with
>>>"rules_du_jour".  Also make sure the SURBL (SpamAssassin URI Realtime
>>>BlackList) checker is working.  In particular, run
>>>
>>>  spamassassin -D --lint
>>>
>>>and look to see that the Net::DNS module is up to date and loading.
>>>
>>>Here are some URLs to get you started:
>>>
>>>http://spamassassin.apache.org/index.html (of course)
>>>http://www.rulesemporium.com/
>>>http://wiki.apache.org/spamassassin/
>>>http://www.surbl.org/
>>>
>>>
>>>
>>>>I have a pretty complex set of procmail filters at both the enterprize
>>>>level and the personal level in my own account. I'm no great procmail
>>>>programmer as many of my rules are copied/tested and retested until they
>>>>work 'right'. I may be wrong, but optimally, I think I'd like to have
>>>>sendmail refuse delivery of email which isn't a user on my domain.
>>>
>>>
>>>I use this, too:
>>>
>>>http://www.stearns.org/doc/spamassassin-setup.current.html
>>>
>>>
>>>
>>>>However
>>>>if it's better to have procmail do it, I'm all over that, too.
>>>>
>>>>Thanks Bob. (and any others who have experience and can help)
>>>>
>>>>Karl
>>>
>>>
>>>Finally, I recommend you joint the SA mailing list at least long
>>>enough to get to where you need to set your spam threshold back to
>>>5.0:
>>>
>>>http://wiki.apache.org/spamassassin/MailingLists
>>>
>>>Let me know, on or off list, if you need any additional help.
>>
>>You should also NOT accept mail from non-resolvable hosts, e.g. make
>>sure "accept_unresolveable_domains" is turned OFF in your sendmail.mc
>>file.
> 
> 
> I just checked and it was enabled. I put dnl and then m4 sendmail.mc >
> sendmail.cf then service sendmail restart, then telnet locahost 25 and did
> a mail from: me at badomain.com and it wouldn't accept it. Cool. Thanks Rick.

No problem, Karl.  Bogus domains are one favorite spammer tool.  I also
have rules that check to see if a sending system will accept SMTP
connections.  If not, I check their MX.  If there's no MX or the MX
doesn't accept SMTP either, then they're a farking spammer and get
blacklisted by me and reported.  I also have entire /8 networks in
China, Korea, Japan and Brazil blocked via iptables because of the
amount of spam from there.  If it were up to me, I'd cut their fibers
to the rest of the world.  "You don't want to play by the rules?  Fine.
Play with yourself.  Leave the rest of us alone."

> I thought that was turned off by default. If so, I just have turned it on
> for whatever reason.

I thought it was supposed to be blocked, too.  Hmmmmm.....
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-      Always remember you're unique, just like everyone else.       -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list