You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Robert Menschel <Ro...@Menschel.net> on 2004/10/27 07:24:59 UTC
Re[2]: slightly OT: sudden rise in Rumplestiltskin attacks?
Hello Christopher,
Tuesday, October 26, 2004, 9:25:18 AM, Christopher X. Candreva
responded to Dave Duffner:
>> Is there a way, possibly with SpamAssassin, to
>> simply reject anything not going to a valid user account?
CXC> I think the question is, why are you accepting mail that isn't
CXC> going to a valid user account in the first place ? This should
CXC> have happened in the SMTP dialog long before SA kicked in. As
CXC> soon as the sending site says
CXC> rcpt to: bogususer@yourdomain
CXC> You reply
CXC> 550 User unknown.
CXC> end of story.
As mail manager for three domains, we accept all mail regardless of
the validity of the destination email address. The reason is that we
get a significant fraction of ham addressed to slightly invalid
addresses (eg: email that should have gone to GoodUser@domain.com will
be addressed to GoodUsser@domain.com instead). We receive one or two
of these a week.
All of these are then fed through SA. Any that are flagged as spam get
dumped into our global spamtrap, and are reviewed briefly for FPs. We
receive about 5k spam a week across the three domains, and this FP
review takes about 5 min/day.
We do have some rules that check for reasonable validity of email
addresses. For instance, we have no email addresses that end in
multiple digits, so any /d/d\@domain.com can be flagged as spam and
dumped.
What we don't have is the ability to test for actually valid email
addresses. If we could add a plugin to our system that would check for
a) all valid pop3 account names, b) all valid auto-forwarding
addresses, and add SA points to any email that does not reference one
of these two classes of email addresses, that would be a big help to
our anti-spam work.
Exim apparently adds a Received header to our emails in the form
> Received from [source] by [our server] for [email address]; [date]
If we could read the email address from that header and compare it
against the two classes, that would be perfect.
Has anyone created or contemplated a plugin to do this sort of thing?
I can't write such plugin myself, but I'd be glad to discuss ideas
with anyone interested.
Bob Menschel
ps: In case anyone's concerned, we do NOT bounce any of this spam. All
spam gets sa-learned and then filed into our corpus, without bounce.