Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmail

Mikhail Goriachev mikhailg at
Sat Apr 7 05:22:39 UTC 2007

Christopher Martin wrote:
> Spam with randomly generated recipient addresses is draining our mail
> system's life away, and it seems the easiest way would be to verify the
> receiving party's/parties' address against Active Directory and then
> TEMPFAIL any mails that don't have any valid internal mails (rejects would
> allow directory harvesting to work).

[ trim ]

> Anyone have any suggestions? Has anyone used the hacked LDAProuting method
> with smarthost and had it work? Maybe I am going to have to hack something
> together using milter-cli or py-milter to connect up on SMTP port of the
> Exchange server and do a HELO, FROM and RCPT and see if the account is
> valid.
> Am I missing something basic? Currently, we're very happy with the accuracy
> of our system, but 80% of the spam that hits our quarantine isn't even
> addressed to someone in the organisation, thus giving us a pile of cruft to
> go through that is 5 times as big as it should be.
> Any help or suggestions are appreciated!

You could use /usr/ports/mail/mimedefang ( miltered
into your sendmail. Sorta like py-milter but in perl. The simplest,
quickest and dirtiest solution would be to feed a list of valid
recipients into mimedefang and let it "accept" or "reject" incoming
mail. Then it is a matter of finding a way to keep the list up to date.

Or, instead of feeding mimedefang with a list, you could instruct it to
poll your internal mail server like you already suggested.

For a long term solution I prefer storing aliases, maps, etc. in LDAP.

I hope this helps.


Mikhail Goriachev

Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: mikhailg at

More information about the freebsd-questions mailing list