[Mimedefang] COMMANDS file including invalid e-mail addresses

Sven Willenberger sven at dmv.com
Tue May 17 00:18:27 EDT 2005 


james.madill at duke.edu presumably uttered the following on 05/16/05 17:29:
> A recent bout of spam illuminated an issue that I would like to eliminate.
> 
> The SMTP gateways I run MIMEDefang on both relay messages to internal hosts as well as act as local hosts for the institutional e-mail address format.  An anti-spam package ahead of these SMTP gateways tags each incoming message with a 'spam score'  if this score is higher than either the defaults or the recipient's personal settings, the message is quarantined, shunted to a seperate server for viewing or releasing, and eventual automatic deletion.
> 
> The spammer sent out massive amounts of mail to bogus accounts @ our institutional address domain.  The result was that despite sendmail indicating to the sending host that an e-mail address was invalid, that address was included as a recipient in the MIMEDefang COMMANDS file.  Once there, the message was acted on as if the address was a valid one and mail would be quarantined for a non-existant user.
> 
> I haven't yet been able to track down whether it is MIMEDefang including the these invalid addresses, or sendmail passing them on to the milter as if they were indeed valid.
> 
> Does anyone know what I might be able to do to eliminate these invalid addresses from appearing in the COMMANDS file?
> 
> 
> -- James

We use sendmail access list to to allow email only for legit users 
through the system. Our inbound gateway relays are not the local 
destinations so we store our users in a database. As users are added or 
deleted a script updates our access file; the result is that any email 
to a non-existent user get bounced at the gateway before having to be 
parsed by anything. Sample entry:

TO:mydomain.com		REJECT
TO:user1 at mydomain.com	OK
TO:user2 at mydomain.com	OK

and so on. Using delayed checks we even have entries for users who don't 
want rbl checks enabled. I have written an mc file for sendmail that 
checks the access file for:
SPAM:user2 at mydomain.com	FRIEND
and if that is there, then it does RBL checks and simply marks headers 
... the next series of servers in the chain then invoke mimedefang/SA to 
do SURLBL and content checking. If the user is not listed as a "SPAM 
FRIEND", then any email that fails RBL checks gets rejected at the 
gateway again.

We find this both gives the end user the option of choosing to have RBL 
blocks or not (or even which ones courtesy of some procmail scripts on 
the LDA end of things) and saves a lot of wear via unnecessary 
processing of emails.

This type of system dramatically reduced the load throughout our entire 
email system once we had it fully implemented.

Sven

More information about the MIMEDefang mailing list