[Mimedefang] spamtrap question

Kevin A. McGrail kmcgrail at pccc.com
Wed Jan 28 08:59:27 EST 2009

Many people do their SPAM testing prior to receiving the message so this 
should be quite possible in filter_end.  I've never done it, though so this 
is just my $0.02 because you peaked my curiosity.

You are going to have to deal with whether to use streaming (which won't 
allow for a mid-stream response prior to accepting the email). This pseudo 
code might get you started but I'm only allowing for emails address to this 
person and only this person:

filter_end {
  $to_bounce = 0;
  $not_to_bounce = 0;
  foreach $recip (@Recipients) {
    if ($recip =~ m/<?someone\@somewhere.com>?/i) {
    }else {

  if ($to_bounce > 0 && $not_to_bounce < 1) {
      action_quarantine_entire_message("Message quarantined because of old 
      $quarantine_dir = get_quarantine_dir();
      md_syslog( 'info', "$QueueID: MSG Quarantined: $quarantine_dir");
      return action_bounce("This user not accepted here");

However, in the end I question whether "trapping" once working emails is 
likely a tainted source that will lead to false-positives in my opinion. 
Our firm switched names nearly 10 years ago and we still get plenty of 
legitimate mail from the old name.


----- Original Message ----- 
From: "NFN Smith" <worldoff9908 at mail.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Tuesday, January 27, 2009 3:19 PM
Subject: [Mimedefang] spamtrap question

> I'm running MIMEDefang 2.57 with Sendmail 8.13.8 on a Debian server, and 
> trying to improve my spamtrapping methodology, a bit.
> In my current setups, when my server receives a mail delivery attempt, I 
> have things set to do an LDAP query, and for addresses that fail the 
> query, we reject the message.
> I also watch my logs, and track invalid addresses that continually receive 
> mail.  For the addresses that are hit frequently and consistently, I 
> convert those to spamtraps, adjusting the sendmail virtusertable to 
> redirect mail into a mailbox that I read.
> The place where I have difficulty is with addresses with former users that 
> are now no longer valid.  If a user leaves, I generally leave things set 
> for at least 6 months, where inbound mail to that address is rejected, to 
> allow for legitimate senders to get the idea that the address is no longer 
> accepting mail.
> The problem is that with this methodology, if I'm accepting messages, then 
> senders aren't getting rejection messages (and some senders are just as 
> persistent over time, as the spammers).
> Thus, what I want to do is adjust things so that when a message is sent to 
> an address that I'm trapping for, the sender gets the standard NDR from an 
> SMTP 554 error, but that the spamtrap still gets a copy of the of the 
> message content (as I'm currently doing with the virtusertable).
> Is there a way to do this in MIMEDefang?
> Smith
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list