[Mimedefang] Sender validation

[Les Mikesell]

On Fri, 2004-06-25 at 05:53, Jonas Eckerman wrote:

> > (I suppose you use "MAIL FROM: <>" ;-)
> 
> Yep. Don't want to get into a recursive loop with another server doing similar checks. :-)

I was wondering about that possibility.


> Yes, there are problems, wich is why my little test is done the way it is. I'd rather accept too much than reject too much. It still looks like it'd give good results though.

Wouldn't this work best with a database approach similar to
greylisting?  That is, store the results of your tests with a count and
timestamp so you don't have to repeat them often.  Success should be
good for a long time, rejects should start with a short life but live
increasingly longer as the use count increases.   This could be
hooked to another table via the same database connection as the
greylist and a database failure could fall over to allowing mail
through so as not to break anything.

> Currently I'm monitoring this stuff with a small script that compares the result of the check to mails that are accepted. As the check looks now, it has not hit *any* legit mail at all. Every single mail that would have been stopped by my sender check as it looks now has been stopped by the greylist or the SA check. Of course this means that the sender check wouldn't really help me stop more spam or virii, but it would stop some of them at an earlier stage.

You could periodically add the most frequently used bad senders into
sendmail's access list with REJECT to drop them with even less work.

---
  Les Mikesell
   les at futuresource.com