You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rick Macdougall <ri...@ummm-beer.com> on 2005/12/22 03:16:03 UTC
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Brian Leyton wrote:
> Rick Macdougall wrote:
>> My system would disagree with you for the last 3 days :)
>>
>> We've been under a constant bounce bombardment of bounced
>> spams (from f*cking idiot admins who can't understand that
>> you do not bounce after accepting, sorry for the language)
>> where the majority of user names are
>> roger[a-z][a-z]@example.com (where roger is any valid name).
>>
>> We had one advance MX server that usually ran 32 connections
>> out of 120 and now we've had to bring on 3 additional servers
>> all running 300 connections and we've had to turn off SA
>> processing because the incoming load is just too high.
>>
>> I'd really like to take a bat to the knees of the spammer
>> doing this AND the mail admins who bounce after accepting.
>>
>> Just my $0.02
>
> Don't get too mad, but I'm one of those "f*cking idiot" admins who is
> bouncing after acceptance. The reason isn't (just) because I'm a "f*cking
> idiot" admin, but because I use "f*cking idiot" software that Management
> hasn't seen fit to upgrade yet, probably because I'm doing such a good job
> keeping it running :-)
>
> What it comes down to is that I have a Linux machine at the front-end,
> running MimeDefang, Spamassassin, etc., which passes everything it hasn't
> rejected on to an old Exchange Server. I can't turn off the bounce messages
> at the Exchange Server (for various stupid reasons that only Bill Gates
> could explain), but I have no way of rejecting mail at the Linux machine,
> because I don't know which addresses are valid.
>
> I'm still working on a way to do this - I'm sure it's not impossible, but I
> haven't had much success yet. Ideally, the Linux machine would do an LDAP
> query to the Exchange server, but unless you can help me figure out how to
> do it, then I guess I'll just remain a "f*cking idiot admin".
>
> Brian Leyton
> IT Manager
> Commercial Petroleum Equipment
You aren't "f*cking idiot admin" but you should get yourself manually
listed in an RBL such as spamcop or something so we don't have to see
the bounces from your incoming MX server (I assume that outgoing mail
comes from your exchange server and not from your Linux front end).
Hey, if you are running qmail, add a default smtproute in smtproutes
mydomain.org:exchangeserver.mydomain.org
:127.0.0.1
That way your mail gets delivered and the bounces get routed back to
localhost and doublebouce, and then you can set doublebounceto to # in
qmail.
Voila, no more bounce backs!
Amazing!
I'm sure you can do the same thing in Postfix, sendmail or what ever
mail MTA you are using.
There are easy solutions to all problems, you just have to look at the
problem correctly.
Sorry, sarcasm is high tonight and I've had a few beers on about 8 hours
sleep in the last 72 hours. No offense meant, but the above will fix
the bounce backs.
Rick
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Posted by Matt Yackley <sa...@yackley.org>.
François Conil said:
snip
>
> it's kinda easy with postfix :
> http://www-personal.umich.edu/~malth/gaptuning/postfix/
>
> I strongly advise to run it manually instead of via cron, since if the
> exchange server sh*t itself, the exchange_recipients list will contains
> nothing and all mails will be bounced :/
Hi François,
I'm running my update via cron, but fearing the same issue I wrote a little shell
script that calls the getadsmtp.pl script, after it creates the new list I do a line
count on the new file and make sure it contains a minimum number (12000) of entries.
If the file does not contain the required number of lines, then it shoots an email
off to warn me that there were issues with the update and stops leaving the old
postmapped file in place. If the required number of lines are in the file then it
goes ahead and does a postmap on the raw file.
Yeah, if it mangles the contents of the file somehow I will have problems, but I
figure that most likely won't happen. This script has worked great for me and saved
me once or twice in the last several months when the export failed. Plus I don't
have to know whenever someone is hired or a new list, user, etc. has been created.
Cheers,
matt
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Posted by François Conil <co...@ece.fr>.
Rick Macdougall a écrit :
> Brian Leyton wrote:
>
>> Rick Macdougall wrote:
>>
>>> My system would disagree with you for the last 3 days :)
>>>
>>> We've been under a constant bounce bombardment of bounced spams
(from f*cking idiot admins who can't understand that you do not bounce
after accepting, sorry for the language) where the majority of user
names are roger[a-z][a-z]@example.com (where roger is any valid name).
>>>
>>> We had one advance MX server that usually ran 32 connections out of
120 and now we've had to bring on 3 additional servers all running 300
connections and we've had to turn off SA processing because the incoming
load is just too high.
>>>
>>> I'd really like to take a bat to the knees of the spammer doing
this AND the mail admins who bounce after accepting.
>>>
>>> Just my $0.02
>>
>>
>>
>> Don't get too mad, but I'm one of those "f*cking idiot" admins who is
>> bouncing after acceptance. The reason isn't (just) because I'm a
"f*cking
>> idiot" admin, but because I use "f*cking idiot" software that Management
>> hasn't seen fit to upgrade yet, probably because I'm doing such a
good job
>> keeping it running :-)
>>
>> What it comes down to is that I have a Linux machine at the front-end,
>> running MimeDefang, Spamassassin, etc., which passes everything it
hasn't
>> rejected on to an old Exchange Server. I can't turn off the bounce
messages
>> at the Exchange Server (for various stupid reasons that only Bill Gates
>> could explain), but I have no way of rejecting mail at the Linux
machine,
>> because I don't know which addresses are valid.
>>
>> I'm still working on a way to do this - I'm sure it's not
impossible, but I
>> haven't had much success yet. Ideally, the Linux machine would do
an LDAP
>> query to the Exchange server, but unless you can help me figure out
how to
>> do it, then I guess I'll just remain a "f*cking idiot admin".
>>
>> Brian Leyton
>> IT Manager
>> Commercial Petroleum Equipment
>
>
> I'm sure you can do the same thing in Postfix, sendmail or what ever
mail MTA you are using.
it's kinda easy with postfix :
http://www-personal.umich.edu/~malth/gaptuning/postfix/
I strongly advise to run it manually instead of via cron, since if the
exchange server sh*t itself, the exchange_recipients list will contains
nothing and all mails will be bounced :/
(sorry for the double post, Rick)
--
François Conil
Administrateur Systèmes et Réseaux
<Pax> I wish my lawn was emo, so it would cut itself.
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Posted by Patrick von der Hagen <pa...@wudika.de>.
Tony Finch wrote:
[...]
>>I'm still working on a way to do this - I'm sure it's not impossible, but I
>>haven't had much success yet. Ideally, the Linux machine would do an LDAP
>>query to the Exchange server, but unless you can help me figure out how to
>>do it, then I guess I'll just remain a "f*cking idiot admin".
>
>
> It's fairly straightforward with Exim.
>
> http://www.exim.org/eximwiki/MsExchangeAddressVerification
There are soooo many ways to do it.....
- you can have it done using LDAP online like described by the
documentation you pointed at....
- you can do it using LDAP offline by polling regularly and creating a
local database, like others pointed out
- using exim, you can simply perform callouts agains Exchange to
verify a given recipient actually exists
- someone told me that postfix could perform callouts like exim does?
- if postfix can't, you could use a very easy policy-daemon to perform
the callouts (I'd start using Perl Mail::Checkuser)
- sendmail could use a simple milter, probably not much harder than
postfix-policy-daemon
Basically, there is NO justification to bounce no-existant-recipients.
However, I admit that e.g. bounces caused by users being over-quota are
much harder to prevent, causing me lots of trouble...
--
CU,
Patrick.
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Posted by Tony Finch <do...@dotat.at>.
Brian Leyton wrote:
>
> What it comes down to is that I have a Linux machine at the front-end,
> running MimeDefang, Spamassassin, etc., which passes everything it hasn't
> rejected on to an old Exchange Server. I can't turn off the bounce messages
> at the Exchange Server (for various stupid reasons that only Bill Gates
> could explain), but I have no way of rejecting mail at the Linux machine,
> because I don't know which addresses are valid.
>
> I'm still working on a way to do this - I'm sure it's not impossible, but I
> haven't had much success yet. Ideally, the Linux machine would do an LDAP
> query to the Exchange server, but unless you can help me figure out how to
> do it, then I guess I'll just remain a "f*cking idiot admin".
It's fairly straightforward with Exim.
http://www.exim.org/eximwiki/MsExchangeAddressVerification
Tony.
--
f.a.n.finch <do...@dotat.at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.