[Mimedefang] recipient filter and rbl's

Paul Houselander housey at sme-ecom.co.uk
Mon Dec 3 10:49:50 EST 2007 

Hi

Im happy with my recipient verification script, I cache results etc.. to cut
down on how many times I need to query the backup system, it works really
well once the cache is built up.

After a bit of digging around I think ive pretty much decided not to use the
rbl feature in sendmail but to intergrate spamhaus checking into my
mime-defang script.

I currently have a

sub filter_recipient{
........
}

section which does the recpient verification, is it as simple as just adding
(below the filter_recipient) something like the following

sub filter_relay{
  if(relay_is_blacklisted($RelayAddr,"zen.spamhaus.org")){
    return ("REJECT","$RelayAddr","554","5.7.1");
  }
}

If its below filter_recipient should it be called after?

Kind Regards

Paul

>
>
> On Fri, 2007-11-30 at 15:02 +0000, Paul Houselander wrote:
>
> > My mailserver acts as a gateway to a few MS exchange systems
> and im using
> > mimedefang to reject invalid recipients.
>
> Why not use Sendmail for this too? It seems far more efficient to get
> Sendmail to block invalid addresses as well as do the DNSBL check (and
> then perhaps even do another DNSBL check in Mimedefang on the content of
> the e-mail that gets that far; that combo is brilliantly effective in
> blocking spam.)
>
> I found a couple of great Perl scripts on the Mimedefang Wiki; they talk
> LDAP to the Exchange servers, fetch a list of valid mail addresses and
> then write those into the Sendmail access db.
>
> End result - sendmail rejects all non-valid addresses and rejects all
> Spamhaus matches before they ever reach MD. The load on my gateways
> dropped dramatically now that MD only has to process valid mail for
> viruses and spam content. To make sure nothing outgoing is blocked I
> have the Exchange server IP's specifically set to allow relaying for
> those machines as a whole.
>
> Adding DNSBL zen.spamhaus.org to my Sendmail was the best thing I've
> ever done, spam-fighting wise. It's really uncanny how much Spam just
> goes away when you start rejecting dial-us and dynamic DNS addresses,
> and I have yet to get a single complaint about false positives.
>
> /Kimmo
> _______________________________________________

More information about the MIMEDefang mailing list