Receiver (To/CC envelope fields) addresses verification against
LDAP/Active Directory in sendmail
Mikhail Goriachev
mikhailg at webanoide.org
Sat Apr 7 05:22:39 UTC 2007
Christopher Martin wrote:
> Spam with randomly generated recipient addresses is draining our mail
> system's life away, and it seems the easiest way would be to verify the
> receiving party's/parties' address against Active Directory and then
> TEMPFAIL any mails that don't have any valid internal mails (rejects would
> allow directory harvesting to work).
[ trim ]
> Anyone have any suggestions? Has anyone used the hacked LDAProuting method
> with smarthost and had it work? Maybe I am going to have to hack something
> together using milter-cli or py-milter to connect up on SMTP port of the
> Exchange server and do a HELO, FROM and RCPT and see if the account is
> valid.
>
> Am I missing something basic? Currently, we're very happy with the accuracy
> of our system, but 80% of the spam that hits our quarantine isn't even
> addressed to someone in the organisation, thus giving us a pile of cruft to
> go through that is 5 times as big as it should be.
>
> Any help or suggestions are appreciated!
You could use /usr/ports/mail/mimedefang (www.mimedefang.org) miltered
into your sendmail. Sorta like py-milter but in perl. The simplest,
quickest and dirtiest solution would be to feed a list of valid
recipients into mimedefang and let it "accept" or "reject" incoming
mail. Then it is a matter of finding a way to keep the list up to date.
Or, instead of feeding mimedefang with a list, you could instruct it to
poll your internal mail server like you already suggested.
For a long term solution I prefer storing aliases, maps, etc. in LDAP.
I hope this helps.
Regards,
Mikhail.
--
Mikhail Goriachev
Webanoide
Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: mikhailg at webanoide.org
Web: www.webanoide.org
More information about the freebsd-questions
mailing list