Many people do their SPAM testing prior to receiving the message so this
should be quite possible in filter_end. I've never done it, though so this
is just my $0.02 because you peaked my curiosity.
You are going to have to deal with whether to use streaming (which won't
allow for a mid-stream response prior to accepting the email). This pseudo
code might get you started but I'm only allowing for emails address to this
person and only this person:
filter_end {
...
$to_bounce = 0;
$not_to_bounce = 0;
foreach $recip (@Recipients) {
if ($recip =~ m/<[email protected]>?/i) {
$to_bounce++;
}else {
$not_to_bounce++;
}
}
if ($to_bounce > 0 && $not_to_bounce < 1) {
action_quarantine_entire_message("Message quarantined because of old
users");
$quarantine_dir = get_quarantine_dir();
md_syslog( 'info', "$QueueID: MSG Quarantined: $quarantine_dir");
return action_bounce("This user not accepted here");
}
}
...
However, in the end I question whether "trapping" once working emails is
likely a tainted source that will lead to false-positives in my opinion.
Our firm switched names nearly 10 years ago and we still get plenty of
legitimate mail from the old name.
regards,
KAM
----- Original Message -----
From: "NFN Smith" <[email protected]>
To: <[email protected]>
Sent: Tuesday, January 27, 2009 3:19 PM
Subject: [Mimedefang] spamtrap question
I'm running MIMEDefang 2.57 with Sendmail 8.13.8 on a Debian server, and
trying to improve my spamtrapping methodology, a bit.
In my current setups, when my server receives a mail delivery attempt, I
have things set to do an LDAP query, and for addresses that fail the
query, we reject the message.
I also watch my logs, and track invalid addresses that continually receive
mail. For the addresses that are hit frequently and consistently, I
convert those to spamtraps, adjusting the sendmail virtusertable to
redirect mail into a mailbox that I read.
The place where I have difficulty is with addresses with former users that
are now no longer valid. If a user leaves, I generally leave things set
for at least 6 months, where inbound mail to that address is rejected, to
allow for legitimate senders to get the idea that the address is no longer
accepting mail.
The problem is that with this methodology, if I'm accepting messages, then
senders aren't getting rejection messages (and some senders are just as
persistent over time, as the spammers).
Thus, what I want to do is adjust things so that when a message is sent to
an address that I'm trapping for, the sender gets the standard NDR from an
SMTP 554 error, but that the spamtrap still gets a copy of the of the
message content (as I'm currently doing with the virtusertable).
Is there a way to do this in MIMEDefang?
Smith
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
