Validating incoming email addresses

Wed Jun 29 19:06:09 UTC 2005

> Bob McClure Jr wrote:
>> On Mon, Jun 27, 2005 at 12:00:30PM -0600, karlp at ourldsfamily.com wrote:
>>
>>>>On Fri, Jun 24, 2005 at 10:50:43PM -0600, karlp at ourldsfamily.com wrote:
>>>>
>>>>>How do I go about blocking incoming email based on validating the
>>>>>sender's
>>>>>email address? I am getting spam email which is from a non-existent
>>>>>email
>>>>>address on my own domain. A look at the header shows it's not from my
>>>>>domain. I expected that. But, the From: field is from my domain
>>>>>(ourldsfamily.com), even down to my server name
>>>>>(moroni.ourldsfamily.com)
>>>>>which NEVER sends email, per se, other than internally as in mail
>>>>>generated by cron jobs.
>>>>>
>>>>>Too much information, but I hope you get the gist of what I need.
>>>>>
>>>>>TIA,
>>>>>
>>>>>Karl
>>>>
>>>>Depends on your email setup and where you want to stop the mail.  If
>>>>you want to stop it at the door, then it depends on what MTA
>>>>(sendmail, postfix, et al.) you are using.
>>>>
>>>>If you want to punt it after your MTA accepts it but before delivery,
>>>>I strongly recommend SpamAssassin.  With or without SA, you can drop
>>>>it in the bit bucket with a well-crafted recipe in your ~/.procmailrc
>>>>(assuming procmail is your MDA (delivery agent)).  But with SA, and
>>>>assuming SA scores it as spam, then procmail can (1) divert the spam
>>>>to a bucket for inspection, (2) punt spam scoring over XX points, or
>>>>(3) summarily punt all identified spam (not recommended), or some
>>>>combination.
>>>>
>>>>Let us know your constraints.  I'm well versed in Postfix and
>>>>SpamAssassin.
>>>>
>>>
>>>I'm using sendmail and Spamassassin (v3.0.2) and these emails aren't
>>>getting caught.
>>
>>
>> Side note: SA vv3.0.1-3 have a known DOS vulnerability.  I recommend
>> upgrade to v3.0.4.
>>
>>
>>>I have some other issues as well, such as email that is
>>>clearly, to me, spam which is not being caught. The score is only .1 (my
>>>threshold is set at 1.0) I guess in theory, my threshold should be 0.0
>>>rather than 1, but there are a bunch of emailers who have no clue and
>>>insist on 'pretty-ing' up their email by sending HTML email (curse the
>>>fool who came up with that functionality; and curse AOL for not allowing
>>>anyting BUT HTML email!).
>>
>>
>> Ouch!  Threshold of 1.0?  Surely you can improve things.  I run with
>> the default threshold of 5.0 and rarely have to feed a missed spam
>> back to sa-learn.  I strongly urge you to use the SpamAssassin Rules
>> Emporium's (SARE) add-on rulesets and keep them updated with
>> "rules_du_jour".  Also make sure the SURBL (SpamAssassin URI Realtime
>> BlackList) checker is working.  In particular, run
>>
>>   spamassassin -D --lint
>>
>> and look to see that the Net::DNS module is up to date and loading.
>>
>> Here are some URLs to get you started:
>>
>> http://spamassassin.apache.org/index.html (of course)
>> http://www.rulesemporium.com/
>> http://wiki.apache.org/spamassassin/
>> http://www.surbl.org/
>>
>>
>>>I have a pretty complex set of procmail filters at both the enterprize
>>>level and the personal level in my own account. I'm no great procmail
>>>programmer as many of my rules are copied/tested and retested until they
>>>work 'right'. I may be wrong, but optimally, I think I'd like to have
>>>sendmail refuse delivery of email which isn't a user on my domain.
>>
>>
>> I use this, too:
>>
>> http://www.stearns.org/doc/spamassassin-setup.current.html
>>
>>
>>>However
>>>if it's better to have procmail do it, I'm all over that, too.
>>>
>>>Thanks Bob. (and any others who have experience and can help)
>>>
>>>Karl
>>
>>
>> Finally, I recommend you joint the SA mailing list at least long
>> enough to get to where you need to set your spam threshold back to
>> 5.0:
>>
>> http://wiki.apache.org/spamassassin/MailingLists
>>
>> Let me know, on or off list, if you need any additional help.
>
> You should also NOT accept mail from non-resolvable hosts, e.g. make
> sure "accept_unresolveable_domains" is turned OFF in your sendmail.mc
> file.

I just checked and it was enabled. I put dnl and then m4 sendmail.mc >
sendmail.cf then service sendmail restart, then telnet locahost 25 and did
a mail from: me at badomain.com and it wouldn't accept it. Cool. Thanks Rick.

I thought that was turned off by default. If so, I just have turned it on
for whatever reason.

Karl

> ----------------------------------------------------------------------
> - Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
> - VitalStream, Inc.                       http://www.vitalstream.com -
> -                                                                    -
> -    I don't suffer from insanity...I enjoy every minute of it!      -
> ----------------------------------------------------------------------
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
>