[Mimedefang] Re: Great open letter about anti-virus, emails, bounces, etc.

Matt Cramer mscramer at armstrong.com
Mon Sep 15 15:13:01 EDT 2003


On Thu, 11 Sep 2003, Jeremy Mates wrote:

[... RMX records ...]

> With such a solution in place, a random malwared host begins spewing
> viruses, and the targetted mail servers lookup the domain and say "whoa,
> you're not an allowed outgoing host for that domain -- reject."

I've been doing this for some time using mimedefang.  I have a list of
"troublesome" domains - I call it my greylist, although different than the
greylisting involving temporary failures I've read about here - and I
check the relay for those sending domains to be sure it is in the domain.

It is amazing how much spam stops once you only accept aol.com, yahoo.com,
etc. mail from hosts which reverse resolve to something in those domains.
This does require some maintenance, as some places outsource some of their
mail (e.g. att.com) and sometimes some place will switch to a new relay
that doesn't have a PTR record in DNS.

Last month we received 588065 mails.  But not included in that number were
the 248418 we blocked due to the greylist I've built.  I do this in the
filter_sender function so I don't actually accept the mail, saving a
little bandwidth to boot.


Matt

-- 
Matthew S. Cramer <mscramer at armstrong.com>          Office: 717-396-5032
Infrastructure Security Analyst                     Fax:    717-396-5590
Armstrong World Industries, Inc.                    Cell:   717-917-7099




More information about the MIMEDefang mailing list