Validating incoming email addresses
Bob McClure Jr
robertmcclure at earthlink.net
Mon Jun 27 19:19:14 UTC 2005
On Mon, Jun 27, 2005 at 12:00:30PM -0600, karlp at ourldsfamily.com wrote:
> > On Fri, Jun 24, 2005 at 10:50:43PM -0600, karlp at ourldsfamily.com wrote:
> >> How do I go about blocking incoming email based on validating the
> >> sender's
> >> email address? I am getting spam email which is from a non-existent
> >> email
> >> address on my own domain. A look at the header shows it's not from my
> >> domain. I expected that. But, the From: field is from my domain
> >> (ourldsfamily.com), even down to my server name
> >> (moroni.ourldsfamily.com)
> >> which NEVER sends email, per se, other than internally as in mail
> >> generated by cron jobs.
> >>
> >> Too much information, but I hope you get the gist of what I need.
> >>
> >> TIA,
> >>
> >> Karl
> >
> > Depends on your email setup and where you want to stop the mail. If
> > you want to stop it at the door, then it depends on what MTA
> > (sendmail, postfix, et al.) you are using.
> >
> > If you want to punt it after your MTA accepts it but before delivery,
> > I strongly recommend SpamAssassin. With or without SA, you can drop
> > it in the bit bucket with a well-crafted recipe in your ~/.procmailrc
> > (assuming procmail is your MDA (delivery agent)). But with SA, and
> > assuming SA scores it as spam, then procmail can (1) divert the spam
> > to a bucket for inspection, (2) punt spam scoring over XX points, or
> > (3) summarily punt all identified spam (not recommended), or some
> > combination.
> >
> > Let us know your constraints. I'm well versed in Postfix and
> > SpamAssassin.
> >
>
> I'm using sendmail and Spamassassin (v3.0.2) and these emails aren't
> getting caught.
Side note: SA vv3.0.1-3 have a known DOS vulnerability. I recommend
upgrade to v3.0.4.
> I have some other issues as well, such as email that is
> clearly, to me, spam which is not being caught. The score is only .1 (my
> threshold is set at 1.0) I guess in theory, my threshold should be 0.0
> rather than 1, but there are a bunch of emailers who have no clue and
> insist on 'pretty-ing' up their email by sending HTML email (curse the
> fool who came up with that functionality; and curse AOL for not allowing
> anyting BUT HTML email!).
Ouch! Threshold of 1.0? Surely you can improve things. I run with
the default threshold of 5.0 and rarely have to feed a missed spam
back to sa-learn. I strongly urge you to use the SpamAssassin Rules
Emporium's (SARE) add-on rulesets and keep them updated with
"rules_du_jour". Also make sure the SURBL (SpamAssassin URI Realtime
BlackList) checker is working. In particular, run
spamassassin -D --lint
and look to see that the Net::DNS module is up to date and loading.
Here are some URLs to get you started:
http://spamassassin.apache.org/index.html (of course)
http://www.rulesemporium.com/
http://wiki.apache.org/spamassassin/
http://www.surbl.org/
> I have a pretty complex set of procmail filters at both the enterprize
> level and the personal level in my own account. I'm no great procmail
> programmer as many of my rules are copied/tested and retested until they
> work 'right'. I may be wrong, but optimally, I think I'd like to have
> sendmail refuse delivery of email which isn't a user on my domain.
I use this, too:
http://www.stearns.org/doc/spamassassin-setup.current.html
> However
> if it's better to have procmail do it, I'm all over that, too.
>
> Thanks Bob. (and any others who have experience and can help)
>
> Karl
Finally, I recommend you joint the SA mailing list at least long
enough to get to where you need to set your spam threshold back to
5.0:
http://wiki.apache.org/spamassassin/MailingLists
Let me know, on or off list, if you need any additional help.
Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
robertmcclure at earthlink.net http://www.bobcatos.com
God doesn't have (or need) a Plan B.
More information about the Redhat-install-list
mailing list