You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alan Premselaar <al...@12inch.com> on 2006/12/01 07:19:17 UTC

Re: Problem with spam from non-existant users of my domain.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steven W. Orr wrote:
> On Tuesday, Nov 28th 2006 at 08:09 -0800, quoth John D. Hardin:
> 
> =>On Tue, 28 Nov 2006, Steven W. Orr wrote:
> =>
> =>> Spam comes in to steveo from barney@syslang.net and I want to
> =>> reject it because it's coming from an address that doesn't exist.
> =>> Sendmail does not support this; i.e., it can only reject mail *to*
> =>> an address that doesn't exist.
> =>> 
> =>> Is there a way to do this?
> =>
> =>First off, what exactly do you mean by "does not exist"? The domain
> =>is not registered? Or the username is not valid within the domain?
> 
> Sorry, I was afraid this might not be clear. I want to find a way to 
> reject/tag all messages that come From the syslang.net domain (I am that 
> domain) which are From a user which does not exist. I'm not talking about 
> messages coming in that have a From address that is not syslang.net.
> 
> One more example to be clearerer. This message came in from someplace in 
> Russia (maybe), to syslang.net and claims to come from bs at syslang.net. 
> I don't have a bs on my machine. If it helps, I'd even be willing to 
> create a file with a list of all of my valid account names.
...snip...
> 
> So this idea is to reject all mail from invalid accounts that claim to be 
> coming from my own domain.
...snip...

Steven,

 you should be able to do this pretty easily within MIMEDefang. you
could put a routine in the filter_sender() subroutine that does
something like a getpwent on the user portion of the sender address if
the domain portion is in your domain.  (there are probably plenty of
ways to do this)

on top of that, if you have any control over your DNS settings (and your
DNS provider supports TXT records) you may want to consider configuring
SPF.  SPF is designed (in part) to reduce this type of scenario.

so, with SPF what will happen is, some machine in RU connects to you and
sends a MAIL FROM: someone@yourdomain.tld ... the SPF checks will lookup
the SPF information from your DNS records and determine if that host in
RU is allowed to send mail for your domain. if not, it get a score
boost. (or with something like MIMEDefang you could just reject on
failed SPF if you chose to)

hope this helps,

Alan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFb8lfE2gsBSKjZHQRAqenAKDrcNu7h2l7xZFKC09CgQERto3OEwCgo1x/
Ivq9yfQf8kWC0FUcouCi9xI=
=HN2v
-----END PGP SIGNATURE-----