[Mimedefang] Dictionary attacks, NDRs etc..

Thu Dec 4 12:18:22 EST 2003

In order to eliminate a large percentage of my mail system overhead from
dictionary attacks and sending NDRs to non-existant
domains, I tried to do something about it.  I am using
mimedefang/spamassassin fronting an Exchange 2000 server.

In filter_end I was running this pseudo-code for a while:

foreach $recip (@Recipients)   {
	use Net::Ldap;
	if (not in Active Directory LDAP){
		if (this is last recipient in message to be deleted){
			action_discard();
			}
		delete_recipient($recip);<--------delete works in this case
	}
.....rest of filter end........

This works like a champ, and the Exchange disk is no longer filling with
non-deliverables in the badmail directoty.

Then I realized the Spamassassin all_spam_to function does not work properly
unless you do stream_by_recipient()
in filter_begin. And why bother doing further processing on bogus recipients
anyway.

I read this a while back:

http://lists.roaringpenguin.com/pipermail/mimedefang/2003-January/013038.htm
l

Given all the above, I added this pseudo-code filter_begin :

sub filter_begin () {
foreach $recip (@Recipients)   {
	use Net::Ldap;
	if (not in Active Directory LDAP){
		if (this is last recipient in message to be deleted){
		return action_discard();
			}
		delete_recipient($recip); <--------------- Does not delete recipients
here!
	}

  if (stream_by_recipient()) {
        return;
}
Lets say the message has 4 non-existant recipients and 1 good one.

I am attempting to delete all non-existant recipients in filter_begin to cut
down on message processing, but
even after deleting the 4 bad recipients, mimedefang still did
stream_by_recipient() using all 5 recipients

Whats up with that?

Mimedefang 2.38, SpamAssassin 2.60, Sendmail 8.12.10 on Fedora Core 1