> On 2024-01-23 12:35, Randolf Richardson, Postmaster via mailop wrote:
> >>> Hi folks,
> >>>
> >>> I suspect this exists, but can't come up with the right search.
> >>>
> >>> I have domains that should never receive mail. I'd like a milter that
> >>> looks for mail to those domains and feeds the IP of the sender to an
> >>> outside program.
> >>>
> >>> Surely someone wrote this spamtrap software? Or does everyone just
> >>> parse the log?
> >>
> >> Ever looked at MIMEDefang? You can write your milter code in Perl.
> >
> > MIMEDefang is an excellent suggestion.
> >
> >> Only thing is I think you'll have to let the domains that should never
> >> receive email get email for your MTA so the milter "sees" the email.
> >
> > Setting up MX records will certainly make it easier for the spammers
> > to spew their crap to your systems, but in my experience their
> > spamware seems to fall back to the "A" and "AAAA" records in the
> > absence of an MX records (and sometimes in addition to the presence
> > of an MX record when any or all of the defined MXes rejects their
> > attempts with 4yz {temporary} or 5yz {permanent} SMTP error codes).
>
> But, in reality not really worth the trouble.. domains are easy to
> forge, and innocent companies maybe trying to verify the address,
> because a bad guy used it in a contact form..
Not when SPF/DKIM/DMARC are configured properly. Unfortunately, you
are generally correct because many domains that are actively used for
legitimate eMail don't employ SPF/DKIM/DMARC to prevent forgeries. :(
(I'm holding off until February 2024 to re-consider rejecting or
tagging eMail from domains without SPF/DKIM/DMARC configured. At
this point we're still seeing plenty of legitimate eMail coming from
such systems to the point that even system-wide tagging with
SpamAssassin will be problematic for many of our users.)
> Not to mention, how does that stop Gmail or o365 spammers from targeting
> your traps.. we auto blockling gmail now? (oh, yeah it might be time
> soon, but not yet)
I'm seeing significantly more spam emanating from Microsoft's
netblocks than from Google's (although Google's GMail users certainly
don't have clean hands either). At least Google seems to be more
willing to terminate spammer accounts than Microsoft does. YMMV.
--
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
