[Mimedefang] Architecture question - Using MD/SA on external MX'es
David F. Skoll
dfs at roaringpenguin.com
Wed Aug 28 22:15:01 EDT 2002
On Wed, 28 Aug 2002, Andy Miller wrote:
> 1. Must not bounce spam to valid recipients , only mark in
> headers.
No problem; that's the default.
> 2. Must be configurable on a per-user basis, preferably:
> - opt-int/opt-out of filtering
> - whitelists
> - blacklists
> - spam "point" threshold
That's tricky. What if a message comes in for 2 people with
different preferences?
> 3. It must operate in a "fail stop" way. Losing spam
> filtering is acceptable, rejecting incoming mail is not.
> (even if not out of the box, we can design this in)
That's OK.
> 4. It must scale to our volume of mail. (Approx 100k/day,
> typical uneven load).
That's OK.
> 5. The preference is that it will be able to survive a
> concentrated dictionary attack. We have had _several_
> attacks in the last several months where a spammer will
> cause 50-100 open relays to send mail at us as fast as
> they all can, using iterative/dictionary type usernames.
> (aa@ ab@ ac@, etc.)
That's OK -- you can do a lookup in the filter_recipient function.
Actually, I have a (commercial) product which does almost everything
you want -- it's called CanIt. The only thing it doesn't do is per-user
preferences, and that's coming up in a new product called CanIt-ISP.
> Regarding the second point, it looks like there is some good
> contributed code for managing user prefs for SA via a CGI.
You have to be careful -- see above if an e-mail comes in for more than
one person. You have to stream and resend it -- see stream_by_recipient().
It's part of MD.
> Is SpamAssassin a cheap enough operation once MD is already
> invoked to bother checking for user's whitelists and
> blacklists before to call to SA? Or just let SA with it's
> userprefs patch handle it?
SA is expensive. Anything you can do to avoid calling it is a win.
> It is especially bad for us because our MX'es live
> outside the firewall, and do not have the lists of valid
> users; they accept all mail and then forward it to our
> mailhub.
Ouch. But if you have a way to look up valid users from Perl, then
you can use filter_recipient to handle this.
> The way we are thinking we can solve this is to use an
> extension of the user-prefs database idea. We would like to
> write another milter that is called right after RCPT to:.
MIMEDefang has this built in. You can also configure sendmail to
throttle the connection after a certain number of RCPT TO: commands.
Overall, your architecture is sound.
Regards,
David.
More information about the MIMEDefang
mailing list