Date: Sat, 07 Apr 2007 15:22:36 +1000 From: Mikhail Goriachev <mikhailg@webanoide.org> To: Christopher Martin <outsidefactor@iinet.net.au> Cc: freebsd-questions@freebsd.org Subject: Re: Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmail Message-ID: <46172A9C.40709@webanoide.org> In-Reply-To: <05df01c7783b$a0dd74e0$d315a8c0@SAURON> References: <05df01c7783b$a0dd74e0$d315a8c0@SAURON>
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Martin wrote: > Spam with randomly generated recipient addresses is draining our mail > system's life away, and it seems the easiest way would be to verify the > receiving party's/parties' address against Active Directory and then > TEMPFAIL any mails that don't have any valid internal mails (rejects would > allow directory harvesting to work). [ trim ] > Anyone have any suggestions? Has anyone used the hacked LDAProuting method > with smarthost and had it work? Maybe I am going to have to hack something > together using milter-cli or py-milter to connect up on SMTP port of the > Exchange server and do a HELO, FROM and RCPT and see if the account is > valid. > > Am I missing something basic? Currently, we're very happy with the accuracy > of our system, but 80% of the spam that hits our quarantine isn't even > addressed to someone in the organisation, thus giving us a pile of cruft to > go through that is 5 times as big as it should be. > > Any help or suggestions are appreciated! You could use /usr/ports/mail/mimedefang (www.mimedefang.org) miltered into your sendmail. Sorta like py-milter but in perl. The simplest, quickest and dirtiest solution would be to feed a list of valid recipients into mimedefang and let it "accept" or "reject" incoming mail. Then it is a matter of finding a way to keep the list up to date. Or, instead of feeding mimedefang with a list, you could instruct it to poll your internal mail server like you already suggested. For a long term solution I prefer storing aliases, maps, etc. in LDAP. I hope this helps. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: mikhailg@webanoide.org Web: www.webanoide.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46172A9C.40709>