[Mimedefang] Validate users before scanning?
Joseph Brennan
brennan at columbia.edu
Mon May 23 10:54:52 EDT 2005
--On Thursday, May 19, 2005 11:13 -0400 "Kevin A. McGrail"
<kmcgrail at pccc.com> wrote:
> We have been blocking entire IPs for 90 minutes since August of last year
> for 2 bad rcpts using the bad_rcpt_throttle feature and a daemon that
> monitors the maillog. We have not had one single complaint and it's been
> rolled out pretty pervasively!
>
> The blocking of course is a tempfail so I would suggest a reject 4.7.1 or
> whatever.
For the sake of the archives, the sendmail.mc I posted is not good.
This does what I wanted, and uses tempfail as Kevin suggested.
LOCAL_RULESETS
SLocal_check_rcpt
R$* $: $1 $| $( arith l $@ $&{nbadrcpts} $@ 10 $)
R$* $| FALSE $#error $: 450 Too many bad recipients
The idea here is to say 450 to all recipients after we've seen 10 bad
recipients. Real mail servers will queue and re-try the ones that got
450, and eventually send their mail, but more slowly than if they
cleaned their lists.
Thinking of greylisting... I noticed repeated tries yesterday
by two IP addresses trying to send the Sober virus German political
spam (diagnosed from the few valid addresses). 68.232.178.42 tried
259 times and 63.117.70.194 tried 320 times. Maybe they are not
queueing as such but just sending repeatedly; however the effect is
the same. The idea of viruses trying only once may not be totally
valid any more.
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
More information about the MIMEDefang
mailing list