On Thu, January 18, 2007 22:04, Doran Barton wrote: > Unfortunately, until the whole world standardizes on some kind of relay > validation system there will always be some spam that seeps out disguised as > being from someone at your domain.
I got away with using a catch-all on my domain for years (since 2000). Last year the spammers finally got me. One day I woke up to thousands of <random-user>@ryansimpkins.com bounce backs. My luck had run out. So I added an SPF record. That didn't seem to have an real benefit. At least not a measurable one. Next I removed my catch-all. That presented a problem. With six years worth of sending out <companyname|random>@ryansimpkins.com addresses I no longer new which were valid and which weren't. I did this so I could find out who was selling my contact information. So I threw together a little bash one-liner in a few seconds to help me find which addresses were being sent to that I didn't have a specific entry set up for. I use sendmail virtusertables. It might be useful to someone: for x in `cat /var/log/maillog | perl -ne '$_ =~ m/\b(\w+)\@(ryansimpkins).*/; print "$1\n";' | sort | uniq`; do if ! grep -q $x /etc/mail/virtusertable; then echo "$x NOT FOUND"; fi done To use it just replace 'ryansimpkins' with your catch-all domain. Using this one-liner I was able to very quickly identify all the legitimate e-mail addresses I receive e-mail to (about 30 in total). Of course, now when I add a new e-mail address I have to add an entry to virtusertable. But a quick script made that much easier. Finally I added multiple-layers of protection to my inbound e-mail stack. RBL->SPF->clamav->dspam. I still probably get 60-80 spam a day past RBL and SPF, but 98.478% of it is filtered by dspam before it hits the inbox. Good luck, -Ryan /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
