[Mimedefang] Dictionary attacks, NDRs etc..
Fred Felgenhauer
fred at fredf.com
Thu Dec 4 12:18:22 EST 2003
In order to eliminate a large percentage of my mail system overhead from
dictionary attacks and sending NDRs to non-existant
domains, I tried to do something about it. I am using
mimedefang/spamassassin fronting an Exchange 2000 server.
In filter_end I was running this pseudo-code for a while:
foreach $recip (@Recipients) {
use Net::Ldap;
if (not in Active Directory LDAP){
if (this is last recipient in message to be deleted){
action_discard();
}
delete_recipient($recip);<--------delete works in this case
}
.....rest of filter end........
This works like a champ, and the Exchange disk is no longer filling with
non-deliverables in the badmail directoty.
Then I realized the Spamassassin all_spam_to function does not work properly
unless you do stream_by_recipient()
in filter_begin. And why bother doing further processing on bogus recipients
anyway.
I read this a while back:
http://lists.roaringpenguin.com/pipermail/mimedefang/2003-January/013038.htm
l
Given all the above, I added this pseudo-code filter_begin :
sub filter_begin () {
foreach $recip (@Recipients) {
use Net::Ldap;
if (not in Active Directory LDAP){
if (this is last recipient in message to be deleted){
return action_discard();
}
delete_recipient($recip); <--------------- Does not delete recipients
here!
}
if (stream_by_recipient()) {
return;
}
Lets say the message has 4 non-existant recipients and 1 good one.
I am attempting to delete all non-existant recipients in filter_begin to cut
down on message processing, but
even after deleting the 4 bad recipients, mimedefang still did
stream_by_recipient() using all 5 recipients
Whats up with that?
Mimedefang 2.38, SpamAssassin 2.60, Sendmail 8.12.10 on Fedora Core 1
More information about the MIMEDefang
mailing list