[Mimedefang] Modify SA score if to many unknown users
John Scully
jscullylg3 at lifegiver.net
Mon Sep 22 15:21:01 EDT 2003
I went one step further - if there are more than 5 bad recipients on one
message I silently discard it. After reviewing several hundred such
messages I found that 100% were both spam and part of a dictionary
attack.
John
-----Original Message-----
From: mimedefang-admin at lists.roaringpenguin.com
[mailto:mimedefang-admin at lists.roaringpenguin.com] On Behalf Of Dave
Ellenberger
Sent: Monday, September 22, 2003 8:01 AM
To: mimedefang at lists.roaringpenguin.com
Subject: [Mimedefang] Modify SA score if to many unknown users
Hi,
First, sorry for my poor english.
On my mailsystem I often see spamer trying to send spam to users which
have
been already deleted long time ago. Example:
Sep 22 13:46:49 mx01 sm-mta[32284]: h8MBkmjJ032284:
<someuser1 at mydomain.com>... User unknown
Sep 22 13:46:49 mx01 sm-mta[32284]: h8MBkmjJ032284:
<someuser2 at mydomain.com>... User unknown
Sep 22 13:46:49 mx01 sm-mta[32284]: h8MBkmjJ032284:
<someuser3 at mydomain.com>... User unknown
Many spamers use CC function, so it's simply 1 spam mail with 15 -
sometimes
up to 30 recipients. Some of the recipient addresses exist (user
recieves the
spam...) some not.
My domain is older than 6 years, so there are email addresses which
doesn't
exist any more since years, but these show up in email spam listings
which
were traded/sold by spamers. I though I could make use of this somehow
and
turn this against the spamers. My idea is to SA score for each email
recipient
lookup failure.
Anyone already tried to do something like this? A clean and good way I
mean ;-)
I could of course read the headers of each mail and lookup the addresses
in
virtusertable.db/aliases.db or whatever. But this isn't very good for
performance I guess.
-Dave
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This message scanned for viruses by Lifegiver.net
For more information on our filtered email and dial up internet service please visit http://www.lifegiver.net
More information about the MIMEDefang
mailing list