[Mimedefang] Can't filter after last recipient, right?
mimedefang at nabs.net
Sun Nov 23 21:40:48 EST 2008
On 23 Nov 2008 at 15:56, Kelly Jones wrote:
> > The only time this wouldn't work is if you have bizarre rules where you
> > won't accept an e-mail to "foo at example.com" unless "bar at example.com" is
> > also in the list of recipients. It will work for all cases where you
> > won't accept an e-mail if *both* addresses are in the recipient list.
> What if you want to reject the message if more than 5% of the
> recipients are invalid? (dictionary attack prevention)
First, if you are getting single e-mails with enough recipients that 5%
failure is common, then you are probably so big that you can't reject
based on that, since simple typos would do it. For example, if an e-
mail came in with 20 recipients and two were typo'd, then you'd reject.
Second, I use sendmail 8.14, so MD never sees invalid recipients, and
the sendmail.mc confBAD_RCPT_THROTTLE takes care of slowing down the
But, if you want to do it, you can set up sendmail to send the
recipient to a milter even if it is invalid. Then, you'd really want
something more like 50% to be useful, and only if there were more than
X total recipients (because rejecting if there was one typo with two
recipients is also pretty dumb). So, you'd simulate it with something
like a check in filter_recipient that only fires after X total
recipients, and then if you have more than 50%, tempfail all recipients
You'd have to roll your own invalid recipient checking, though, as you
don't get any information about it from sendmail. Unless you already
use ldap or something similar to determine valid recipients, this is
not a fun task.
Jeff Rife |
More information about the MIMEDefang