[Mimedefang] spamtrap question
Kevin A. McGrail
kmcgrail at pccc.com
Wed Jan 28 08:59:27 EST 2009
Many people do their SPAM testing prior to receiving the message so this
should be quite possible in filter_end. I've never done it, though so this
is just my $0.02 because you peaked my curiosity.
You are going to have to deal with whether to use streaming (which won't
allow for a mid-stream response prior to accepting the email). This pseudo
code might get you started but I'm only allowing for emails address to this
person and only this person:
filter_end {
...
$to_bounce = 0;
$not_to_bounce = 0;
foreach $recip (@Recipients) {
if ($recip =~ m/<?someone\@somewhere.com>?/i) {
$to_bounce++;
}else {
$not_to_bounce++;
}
}
if ($to_bounce > 0 && $not_to_bounce < 1) {
action_quarantine_entire_message("Message quarantined because of old
users");
$quarantine_dir = get_quarantine_dir();
md_syslog( 'info', "$QueueID: MSG Quarantined: $quarantine_dir");
return action_bounce("This user not accepted here");
}
}
...
However, in the end I question whether "trapping" once working emails is
likely a tainted source that will lead to false-positives in my opinion.
Our firm switched names nearly 10 years ago and we still get plenty of
legitimate mail from the old name.
regards,
KAM
----- Original Message -----
From: "NFN Smith" <worldoff9908 at mail.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Tuesday, January 27, 2009 3:19 PM
Subject: [Mimedefang] spamtrap question
> I'm running MIMEDefang 2.57 with Sendmail 8.13.8 on a Debian server, and
> trying to improve my spamtrapping methodology, a bit.
>
>
> In my current setups, when my server receives a mail delivery attempt, I
> have things set to do an LDAP query, and for addresses that fail the
> query, we reject the message.
>
> I also watch my logs, and track invalid addresses that continually receive
> mail. For the addresses that are hit frequently and consistently, I
> convert those to spamtraps, adjusting the sendmail virtusertable to
> redirect mail into a mailbox that I read.
>
> The place where I have difficulty is with addresses with former users that
> are now no longer valid. If a user leaves, I generally leave things set
> for at least 6 months, where inbound mail to that address is rejected, to
> allow for legitimate senders to get the idea that the address is no longer
> accepting mail.
>
> The problem is that with this methodology, if I'm accepting messages, then
> senders aren't getting rejection messages (and some senders are just as
> persistent over time, as the spammers).
>
> Thus, what I want to do is adjust things so that when a message is sent to
> an address that I'm trapping for, the sender gets the standard NDR from an
> SMTP 554 error, but that the spamtrap still gets a copy of the of the
> message content (as I'm currently doing with the virtusertable).
>
> Is there a way to do this in MIMEDefang?
>
> Smith
>
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID. You may ignore it.
>
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
More information about the MIMEDefang
mailing list