Export your user addresses from your IMail server peering group every-so-many-hours and upload it to your gateway servers (see http://www.smartbusiness.net/imail/). We do this from our IMail servers to our Postfix gateways and reject everything except e-mail addresses listed in our address list.
Bill ----- Original Message ----- From: "Rick Davidson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 12, 2004 2:36 PM Subject: Re: [Declude.Virus] Accepting SPAM pads spammer's success stats > I should have been more clear, I use gateways in from of Imail peer groups > neither can use the nobody alias becuase they do not know where the mail is > going to be delivered. Currently I have two gateways in front of a 7 server > peering group > > Rick Davidson > National Systems Manager > North American Title Company > 440-953-9346 - Office > 440-953-0925 - Fax > 440-487-7344 - Mobile > [EMAIL PROTECTED] > - > ----- Original Message ----- > From: "Matt" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, March 12, 2004 5:25 PM > Subject: Re: [Declude.Virus] Accepting SPAM pads spammer's success stats > > > > Remove the "nobody" alias and IMail will reject all invalid addresses > > during the SMTP envelope. > > > > Matt > > > > > > > > Rick Davidson wrote: > > > > >As a long time anti-spam combatant and Declude user I am seeing something > I > > >am interpreting as another way spammers are exploiting us. The problem > with > > >this scenario is that it is a catch22 because we cant bounce spam back to > > >the senders. I used to own an ISP but sold it a few months ago due to the > > >stiff competition and had been using Imail and Declude as spam and anti > > >virus gateways, which I am now doing for the large company I work for > now. I > > >see guys asking about server specs and high spam loads so this prompted > me > > >to share what I have seen and am now seeing in my new workplace. > > > > > >It seems that the more successful we are at stopping spam the more then > send > > >to us, not just to valid addresses and dictionary type deliveries but > large > > >volumes of spam that have no chance of being sent to a valid user for > > >example [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] and so on on > and > > >on and on and on. I have seen this in the millions of messages and I > believe > > >its because we accept the mail and delete it because its obvious spam. > The > > >spammers then can say to their customers that they delivered some huge > > >amount of their advertisements when in fact they just sent invalid > recipient > > >email to our mail vaporizers because they know we will accept it. > > > > > >The company that bought my ISP is Unix based and was able to write a > program > > >that looked at a list of valid email addresses and only accepted the > > >connection if it found a valid recipient. And then after x amount of > invalid > > >user attempts they blacklisted the IPs. We found over 30,000 spam zombies > > >were responsible for the invalid user email flood, I felt better knowing > I > > >didn't stand a chance of manually adding IPs to the Imail access control > > >lists but still made me very angry. > > > > > >So is there a way to deal with this? How can we check for valid users > before > > >we accept the SMTP connection itself when using a gateway or peering > > >configuration? Would it be possible to use the DNS blacklist concept but > > >have our users on there so it becomes a DNS whitelist? > > > > > >Bottom line is that ALOT of our spam and virus processing overhead and > could > > >be stopped at the SMTP connection level. Short of hiring hit men to thin > the > > >Rokso list what can we do? > > > > > >Scott, > > >Could you at least write a run first test to check a text file for valid > > >users and if it doesn't find one fail the message and stop all further > > >testing? If we can do this now can you provide and explanation of how? > > > > > >Comments? Ideas? > > > > > >Thanks for listening, > > >Rick Davidson > > >National Systems Manager > > >North American Title Company > > > > > >--- > > >[This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > > >--- > > >This E-mail came from the Declude.Virus mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > >type "unsubscribe Declude.Virus". The archives can be found > > >at http://www.mail-archive.com. > > > > > > > > > > > > > > > > -- > > ===================================================== > > MailPure custom filters for Declude JunkMail Pro. > > http://www.mailpure.com/software/ > > ===================================================== > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
