Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmail

Christopher Martin outsidefactor at
Sat Apr 7 12:28:37 UTC 2007

> -----Original Message-----
> From: Chuck Swiger [mailto:cswiger at]
> Sent: Saturday, 7 April 2007 12:44 AM
> You don't seem to mention using greylisting-- that will return a 4xx temp
> failure for all initial connections (except from sites which have been
> whitelisted).  Only if the sender retries will the mail go through-- this
> works great against dictionary-style attacks.
> --
> -Chuck

The nervous nelly's above me with more sway are anti-greylisting, and my
powers of persuasion have not been up to the task of changing their
thinking. I have also read many comments along the lines of "It won't be
long before the spammers change their tactics again to remove the
effectiveness of greylisting"

Additionally, we have a sales department and they all whinge about any sort
of lag, and get full support of management to yell at us when they have to
wait an extra minute or two for mail to arrive (and boy do they complain
when a 30 MB e-mail takes 10 minutes to get to a client! Not that that is
relevant to this subject).

I guess I could white-list out all of sales' and senior management's
addresses. I could even do an export from Active Directory to produce the
whitelist, and that would allow me to only do certain departments. And worse
case scenario is everyone's mail is delayed a little, where as the other
method could result in lost mail if the LDAP query gets weird results. As
that actually is lowering risk I could probably convince management on that

Great suggestion! Will have to run up a trial and check it out.

Chris Martin

More information about the freebsd-questions mailing list