[Mimedefang] Tarpit for dictionary attacks
listuser at numbnuts.net
listuser at numbnuts.net
Wed May 21 01:35:01 EDT 2003
On Tue, 20 May 2003 listuser at numbnuts.net wrote:
As I wrote the question out for the Sendmail folks, I started to think
that what I was writing was a vague description of what virtusertable
could possibly do. The thing I didn't know for sure was if creating a
catchall entry for a domain in the virtusertable would in fact make
Sendmail accept any mail directed at a given domain. I then tested it and
responded to my own message, below. I'm quoting it here because I think
it's useful.
<quote>
> As I'm writing this I'm reminded of virtusertable. If I create a
> catchall address in virtusertable for a given domain, will Sendmail
> accept any and all mail addressed to that domain with doing a local user
> check first? If so then this problem is actually much easier to solve
> that I thought.
Now I'm replying to my own question. Lovely. :) Ok, I just answered this
question. If I create a catchall entry in my virtusertable for a domain,
all mail addressed to any user at that domain that doesn't have their own
virtusertable entry ends up matching the catchall line and whatever action
you specify with it. That was simple enough.
Now, this brings up the question of DNSBL and accessDB checks performed by
Sendmail. Normally I define a user that wants their full helping of spam
to be a SPAMFRIEND. However in this case I don't know what user is going
to be receiving the mail (other than the handful or so of users I created
and am using. How do I perform these checks for mail destined for users
that I want to have these checks performed on and not have them performed
on all the bogus users that I don't yet know about? I have a feeling, and
it might be right or wrong, that delay_checks in 8.12 has the answer. I
already use
FEATURE(`delay_checks', `friend')
With that I have to declare those that I want to bypass the checks.
Knowing how that works, I'm guessing that the opposite...
FEATURE(`delay_checks', `hater')
...would let me define those that HATE spam and the rest have no checks
performed on them. Am I correct in this assumption?
I'm guessing I can do the same type of thing in MIMEDefang where I call
SpamAssassin. I can define the recipients that I want spam and anti-virus
checking to be performed on and the rest are allowed to pass through and
be sent to the appropriate catchall user.
</quote>
So, if the delay_checks HATER part works as I suspect it does, this only
leaves me with one major stumbling block. How do I configure MD to only
perform checks on mail if the recipient is one of a handful I define. I'd
like the list of recipients to be both userids and full email addresses.
Userids by themselves would cut it for now but I'd rather solve the
problem of using full email addresses now rather than later when I must
have the ability in a hurry.
So, does anyone have any suggestions for doing this? I'm not a Perl guru
by trade or intimately familar with the inner workings of MD but
stream_by_recipient seems to ring a bell.
Justin
More information about the MIMEDefang
mailing list