[Mimedefang] Can't filter after last recipient, right?

[Jeff Rife]

On 23 Nov 2008 at 15:56, Kelly Jones wrote:

> > The only time this wouldn't work is if you have bizarre rules where you
> > won't accept an e-mail to "foo at example.com" unless "bar at example.com" is
> > also in the list of recipients.  It will work for all cases where you
> > won't accept an e-mail if *both* addresses are in the recipient list.
> 
> What if you want to reject the message if more than 5% of the
> recipients are invalid? (dictionary attack prevention)

First, if you are getting single e-mails with enough recipients that 5% 
failure is common, then you are probably so big that you can't reject
based on that, since simple typos would do it.  For example, if an e-
mail came in with 20 recipients and two were typo'd, then you'd reject.

Second, I use sendmail 8.14, so MD never sees invalid recipients, and 
the sendmail.mc confBAD_RCPT_THROTTLE takes care of slowing down the 
dictionary attack.

But, if you want to do it, you can set up sendmail to send the 
recipient to a milter even if it is invalid.  Then, you'd really want 
something more like 50% to be useful, and only if there were more than 
X total recipients (because rejecting if there was one typo with two 
recipients is also pretty dumb).  So, you'd simulate it with something 
like a check in filter_recipient that only fires after X total 
recipients, and then if you have more than 50%, tempfail all recipients 
after that.

You'd have to roll your own invalid recipient checking, though, as you 
don't get any information about it from sendmail.  Unless you already 
use ldap or something similar to determine valid recipients, this is 
not a fun task.


--
Jeff Rife |  
          | http://www.nabs.net/Cartoons/OverTheHedge/Workaholic.gif