info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Rejecting based on from address
22 views
Skip to first unread message
Joe Makowiec
Sep 8, 2016, 12:41:56 PM9/8/16
to
Sendmail version 8.14.5 (Yeah, I know; I'm not in a position to update.)
In the neverending battle against spammers, I have, of late, noticed a
number of emails coming in like this:
from=<99999-99999999999-99999-user=domain....@bounce.yorlantrails.com>
(and other variants using non-numerics...)
They're coming in from a variety of IP addresses and domain names.
I've managed to successfully kill off mails from, say, the .stream
domain by adding it to the access file. What I would like to do is to
to reject these mails based not on the domain name, but on what's to
the left of the @ sign - something like:
from:.*user=domain.invalid@ REJECT
I tried using just "from:user=domain.invalid@" but it doesn't seem to work.
--
Joe Makowiec
http://makowiec.org/
Email: http://makowiec.org/contact/?Joe
Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/
In the neverending battle against spammers, I have, of late, noticed a
number of emails coming in like this:
from=<99999-99999999999-99999-user=domain....@bounce.yorlantrails.com>
(and other variants using non-numerics...)
They're coming in from a variety of IP addresses and domain names.
I've managed to successfully kill off mails from, say, the .stream
domain by adding it to the access file. What I would like to do is to
to reject these mails based not on the domain name, but on what's to
the left of the @ sign - something like:
from:.*user=domain.invalid@ REJECT
I tried using just "from:user=domain.invalid@" but it doesn't seem to work.
--
Joe Makowiec
http://makowiec.org/
Email: http://makowiec.org/contact/?Joe
Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/
Claus Aßmann
Sep 8, 2016, 1:50:03 PM9/8/16
to
Joe Makowiec wrote:
> from=<99999-99999999999-99999-user=domain....@bounce.yorlantrails.com>
> from:.*user=domain.invalid@ REJECT
> I tried using just "from:user=domain.invalid@" but it doesn't seem to work.
Why would you expect it to work?
You can write a custom rule (Local_check_mail) and use a regex map to
match the pattern. You can most likely find some examples on the 'net.
--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.
> from=<99999-99999999999-99999-user=domain....@bounce.yorlantrails.com>
> from:.*user=domain.invalid@ REJECT
> I tried using just "from:user=domain.invalid@" but it doesn't seem to work.
You can write a custom rule (Local_check_mail) and use a regex map to
match the pattern. You can most likely find some examples on the 'net.
--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.
Joe Makowiec
Sep 8, 2016, 2:12:29 PM9/8/16
to
On 08 Sep 2016 in comp.mail.sendmail, Claus Aßmann wrote:
> You can write a custom rule (Local_check_mail) and use a regex map to
> match the pattern. You can most likely find some examples on the 'net.
Thank you. Off to do some research...
> You can write a custom rule (Local_check_mail) and use a regex map to
> match the pattern. You can most likely find some examples on the 'net.
Mike Scott
Sep 9, 2016, 3:06:33 AM9/9/16
to
On 08/09/16 19:12, Joe Makowiec wrote:
> On 08 Sep 2016 in comp.mail.sendmail, Claus Aßmann wrote:
>
>> You can write a custom rule (Local_check_mail) and use a regex map to
>> match the pattern. You can most likely find some examples on the 'net.
>
> Thank you. Off to do some research...
>
You might also like to check milter-regex. Less efficient, but possibly
> On 08 Sep 2016 in comp.mail.sendmail, Claus Aßmann wrote:
>
>> You can write a custom rule (Local_check_mail) and use a regex map to
>> match the pattern. You can most likely find some examples on the 'net.
>
> Thank you. Off to do some research...
>
more flexible and easier to use.
http://www.benzedrine.ch/milter-regex.html
--
Mike Scott (unet2 <at> [deletethis] scottsonline.org.uk)
Harlow Essex
"The only way is Brexit" -- anon.
Carl Byington
Sep 9, 2016, 5:12:56 PM9/9/16
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:
> from:.*user=domain.invalid@ REJECT
> I tried using just "from:user=domain.invalid@" but it doesn't seem to
> work.
If you are already using spamassassin, you could add a rule to your
local.cf
header INVALID_DOMAIN_RULE From =~ /from:user=domain.invalid\@/
score INVALID_DOMAIN_RULE 10.0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAlfTJaMACgkQL6j7milTFsHzswCfbUr+gFQjiXS/r0WBTLJVNx/z
/FEAn2IOqNMjoQyn3pesmlivSYgCL5q2
=IwaH
-----END PGP SIGNATURE-----
Hash: SHA512
On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:
> from:.*user=domain.invalid@ REJECT
> I tried using just "from:user=domain.invalid@" but it doesn't seem to
> work.
local.cf
header INVALID_DOMAIN_RULE From =~ /from:user=domain.invalid\@/
score INVALID_DOMAIN_RULE 10.0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAlfTJaMACgkQL6j7milTFsHzswCfbUr+gFQjiXS/r0WBTLJVNx/z
/FEAn2IOqNMjoQyn3pesmlivSYgCL5q2
=IwaH
-----END PGP SIGNATURE-----
Joe Makowiec
Sep 10, 2016, 3:38:26 PM9/10/16
to
On 09 Sep 2016 in comp.mail.sendmail, Carl Byington wrote:
> On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:
>
>> from:.*user=domain.invalid@ REJECT
>
>> I tried using just "from:user=domain.invalid@" but it doesn't seem to
>> work.
>
> If you are already using spamassassin, you could add a rule to your
> local.cf
>
> header INVALID_DOMAIN_RULE From =~ /from:user=domain.invalid\@/
> score INVALID_DOMAIN_RULE 10.0
Thanks. Good idea, and I've implemented it. However, I've got
> On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:
>
>> from:.*user=domain.invalid@ REJECT
>
>> I tried using just "from:user=domain.invalid@" but it doesn't seem to
>> work.
>
> If you are already using spamassassin, you could add a rule to your
> local.cf
>
> header INVALID_DOMAIN_RULE From =~ /from:user=domain.invalid\@/
> score INVALID_DOMAIN_RULE 10.0
spamassassin configured only to tag, not to kill, and I'd like to set up
something which will kill messages with that pattern before they even get
to spamassassin.
Joe Makowiec
Sep 10, 2016, 3:42:52 PM9/10/16
to
On 09 Sep 2016 in comp.mail.sendmail, Mike Scott wrote:
> You might also like to check milter-regex. Less efficient, but
> possibly more flexible and easier to use.
> http://www.benzedrine.ch/milter-regex.html
I'll look at that, too. Thanks.
> You might also like to check milter-regex. Less efficient, but
> possibly more flexible and easier to use.
> http://www.benzedrine.ch/milter-regex.html
dl8...@dl8fbh.ampr.org
Sep 11, 2016, 6:15:16 AM9/11/16
to
Joe Makowiec <mako...@invalid.invalid> wrote:
> On 09 Sep 2016 in comp.mail.sendmail, Carl Byington wrote:
>
>> On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:
>>
>>> from:.*user=domain.invalid@ REJECT
>>
>>> I tried using just "from:user=domain.invalid@" but it doesn't seem to
>>> work.
>>
>> If you are already using spamassassin, you could add a rule to your
>> local.cf
>>
>> header INVALID_DOMAIN_RULE From =~ /from:user=domain.invalid\@/
>> score INVALID_DOMAIN_RULE 10.0
>
> Thanks. Good idea, and I've implemented it. However, I've got
> spamassassin configured only to tag, not to kill, and I'd like to set up
> something which will kill messages with that pattern before they even get
> to spamassassin.
I recommend mailfromd in general, one of the best.
> On 09 Sep 2016 in comp.mail.sendmail, Carl Byington wrote:
>
>> On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:
>>
>>> from:.*user=domain.invalid@ REJECT
>>
>>> I tried using just "from:user=domain.invalid@" but it doesn't seem to
>>> work.
>>
>> If you are already using spamassassin, you could add a rule to your
>> local.cf
>>
>> header INVALID_DOMAIN_RULE From =~ /from:user=domain.invalid\@/
>> score INVALID_DOMAIN_RULE 10.0
>
> Thanks. Good idea, and I've implemented it. However, I've got
> spamassassin configured only to tag, not to kill, and I'd like to set up
> something which will kill messages with that pattern before they even get
> to spamassassin.
Mike
--- news://freenews.netfront.net/ - complaints: ne...@netfront.net ---
Mike Scott
Sep 12, 2016, 3:56:12 AM9/12/16
to
On 11/09/16 11:07, dl8...@dl8fbh.ampr.org wrote:
...
I think the 'strict' 'callout' test for sender email address validity is
wrong.
Rather than check the given domain name ("standard" check), "strict"
does a reverse lookup on sender IP, gets an MX list for that name, and
checks whether any of those will accept mail for the sender's email
address. That's fine if outbound and inbound email are handled by the
exact same server(s).
But an outbound route is not necessarily the same as inbound: my own
home setup is a case in point, where outbound mail all passes through my
ISP's mail server, yet I handle inbound directly on my own server, the
ISP server knowing nothing about my domain. Thus if I send mail to
someone using mailfromd's "strict" mode, they'll see my ISP's IP
address, get my ISP's domain name and MX records, test /my/ email
address against each of /those/, which will of course fail, and bounce
the email. Which is quite wrong behaviour, as everything I'm doing is
legitimate.
Or have I not understood correctly?
...
>
> I recommend mailfromd in general, one of the best.
>
> Mike
I've just had a look at that - maybe I'm misunderstanding something, but
> I recommend mailfromd in general, one of the best.
>
> Mike
I think the 'strict' 'callout' test for sender email address validity is
wrong.
Rather than check the given domain name ("standard" check), "strict"
does a reverse lookup on sender IP, gets an MX list for that name, and
checks whether any of those will accept mail for the sender's email
address. That's fine if outbound and inbound email are handled by the
exact same server(s).
But an outbound route is not necessarily the same as inbound: my own
home setup is a case in point, where outbound mail all passes through my
ISP's mail server, yet I handle inbound directly on my own server, the
ISP server knowing nothing about my domain. Thus if I send mail to
someone using mailfromd's "strict" mode, they'll see my ISP's IP
address, get my ISP's domain name and MX records, test /my/ email
address against each of /those/, which will of course fail, and bounce
the email. Which is quite wrong behaviour, as everything I'm doing is
legitimate.
Or have I not understood correctly?
Robin
Sep 14, 2016, 7:44:20 PM9/14/16
to
On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:
> Sendmail version 8.14.5 (Yeah, I know; I'm not in a position to update.)
>
> In the neverending battle against spammers, I have, of late, noticed a
> number of emails coming in like this:
>
> from=<99999-99999999999-99999-
user=domain....@bounce.yorlantrails.com>
>
> (and other variants using non-numerics...)
>
> They're coming in from a variety of IP addresses and domain names. I've
> managed to successfully kill off mails from, say, the .stream domain by
> adding it to the access file. What I would like to do is to to reject
> these mails based not on the domain name, but on what's to the left of
> the @ sign - something like:
>
> from:.*user=domain.invalid@ REJECT
>
> I tried using just "from:user=domain.invalid@" but it doesn't seem to
> work.
Yet another use for mime-defang milter! Simplicity itself, Perl's
>
> In the neverending battle against spammers, I have, of late, noticed a
> number of emails coming in like this:
>
> from=<99999-99999999999-99999-
user=domain....@bounce.yorlantrails.com>
>
> (and other variants using non-numerics...)
>
> They're coming in from a variety of IP addresses and domain names. I've
> managed to successfully kill off mails from, say, the .stream domain by
> adding it to the access file. What I would like to do is to to reject
> these mails based not on the domain name, but on what's to the left of
> the @ sign - something like:
>
> from:.*user=domain.invalid@ REJECT
>
> I tried using just "from:user=domain.invalid@" but it doesn't seem to
> work.
comprehensive regex capabilities are just magic. See my earlier post Re:
Intercepting and redirecting emails.
Yes, it can dump emails too. (Rejecting spam is a VERY BAD THING to do,
ALWAYS dump them to the great bit-bucket in the sky).
Robin
Sep 14, 2016, 8:15:36 PM9/14/16
to
On Wed, 14 Sep 2016 23:44:18 +0000, Robin wrote:
> Yet another use for mime-defang milter! Simplicity itself, Perl's
> comprehensive regex capabilities are just magic. See my earlier post
> Re: Intercepting and redirecting emails.
>
> Yes, it can dump emails too. (Rejecting spam is a VERY BAD THING to do,
> ALWAYS dump them to the great bit-bucket in the sky).
Plus of course procmail, the default delivery agent that comes with just
> Yet another use for mime-defang milter! Simplicity itself, Perl's
> comprehensive regex capabilities are just magic. See my earlier post
> Re: Intercepting and redirecting emails.
>
> Yes, it can dump emails too. (Rejecting spam is a VERY BAD THING to do,
> ALWAYS dump them to the great bit-bucket in the sky).
about every sendmail package I've seen, can also do the job. Has similar
powerful regex's that can be applied to 'from' addresses (and a load of
other spam identifiers that may be available - e.g., clamav, spamassin,
etc) whence the entire email can be dumped to /dev/null, never to be seen
again (except in the logfile, if configured).
Since it's probably already installed and used to deliver your email, all
you need do is configure it in /etc/procmailrc (create if it doesn't
already exist).
Once again, DO NOT REJECT IDENTIFIED SPAM in sendmail. Never, not ever.
Or ever. Don't even think about it (except, perhaps, the consequences
and the error of your ways). Sorry if the cap fits.
0 new messages