[Mimedefang] Tarpit for dictionary attacks

[listuser at numbnuts.net]

On Tue, 20 May 2003 listuser at numbnuts.net wrote:

As I wrote the question out for the Sendmail folks, I started to think 
that what I was writing was a vague description of what virtusertable 
could possibly do.  The thing I didn't know for sure was if creating a 
catchall entry for a domain in the virtusertable would in fact make 
Sendmail accept any mail directed at a given domain.  I then tested it and 
responded to my own message, below.  I'm quoting it here because I think 
it's useful.  

<quote>

> As I'm writing this I'm reminded of virtusertable.  If I create a 
> catchall address in virtusertable for a given domain, will Sendmail 
> accept any and all mail addressed to that domain with doing a local user 
> check first?  If so then this problem is actually much easier to solve 
> that I thought.

Now I'm replying to my own question.  Lovely. :)  Ok, I just answered this 
question.  If I create a catchall entry in my virtusertable for a domain, 
all mail addressed to any user at that domain that doesn't have their own 
virtusertable entry ends up matching the catchall line and whatever action 
you specify with it.  That was simple enough.

Now, this brings up the question of DNSBL and accessDB checks performed by 
Sendmail.  Normally I define a user that wants their full helping of spam 
to be a SPAMFRIEND.  However in this case I don't know what user is going 
to be receiving the mail (other than the handful or so of users I created 
and am using.  How do I perform these checks for mail destined for users 
that I want to have these checks performed on and not have them performed 
on all the bogus users that I don't yet know about?  I have a feeling, and 
it might be right or wrong, that delay_checks in 8.12 has the answer.  I 
already use

FEATURE(`delay_checks', `friend')

With that I have to declare those that I want to bypass the checks.  
Knowing how that works, I'm guessing that the opposite...

FEATURE(`delay_checks', `hater')

...would let me define those that HATE spam and the rest have no checks 
performed on them.  Am I correct in this assumption?

I'm guessing I can do the same type of thing in MIMEDefang where I call 
SpamAssassin.  I can define the recipients that I want spam and anti-virus 
checking to be performed on and the rest are allowed to pass through and 
be sent to the appropriate catchall user.

</quote>

So, if the delay_checks HATER part works as I suspect it does, this only 
leaves me with one major stumbling block.  How do I configure MD to only 
perform checks on mail if the recipient is one of a handful I define.  I'd 
like the list of recipients to be both userids and full email addresses.  
Userids by themselves would cut it for now but I'd rather solve the 
problem of using full email addresses now rather than later when I must 
have the ability in a hurry.

So, does anyone have any suggestions for doing this?  I'm not a Perl guru 
by trade or intimately familar with the inner workings of MD but 
stream_by_recipient seems to ring a bell.

Justin