RE: [Mimedefang] MIMEDefang embedded perl stability issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Have run run mimedefang.pl -f mimedefang-filter /tmp as test > ? Are there > still any warnings ? Yes, I have. There are no warnings. There are no errors at runtime either. Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQNzmUG31OrleHxvOEQLbJgCbBhEEXXDG88OnWMn6dVVT1HIRdWwAoKbw 8L4BCGu/SI/07WDyhxlJ+uGR =1I8Z -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender validation
On Fri, 25 Jun 2004 18:41:15 -0500, Les Mikesell wrote: > If your server can't handle a database update, it's going to have > a hard time delivering or bouncing the message... True. > it would be nice to avoid any more connections to the spoofed > From: hosts than necessary. However, maybe the greylist check > should come first which would probably avoid the issue in the > first place. In my implementation the greylist check comes after the sender check. I'm doing the sender check in filter_sender and the greylist in filter_begin. So the sender check would save some processing for every mail it rejects even for mails that would have been stopped by the greylist (1: it would do a REJECT instead of the greylists TEMPFAIL and 2: it would reject before reciving the actual mail while my greylist rejects after receiving it (because of stupid mailers)). /Jonas -- Jonas Eckerman, [EMAIL PROTECTED] http://www.fsdb.org/ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender validation
On Fri, 2004-06-25 at 15:20, Jonas Eckerman wrote: > > rejects should start with > > a short life but live increasingly longer as the use count > > increases. > > That could work. But that would also mean the database has to be updated for for > every incoming mail. With a static (short) lifetime for rejects the databse would > only have to be updated when a check has been done for an address. If your server can't handle a database update, it's going to have a hard time delivering or bouncing the message... The thing I'm seeing recently looks like a distributed dictionary attack probably from virus-infected PCs where the To: cycles through random looking letter combinations but the From: has a much smaller set of entries. There might be several thousand a day from the same address which is probably already being clobbered by bounces (maybe that is the point of the virus) and these repeat as a new machine finds the smtp receiver. I thought it would be nice to avoid any more connections to the spoofed From: hosts than necessary. However, maybe the greylist check should come first which would probably avoid the issue in the first place. --- Les Mikesell [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender validation
On Fri, 25 Jun 2004 10:01:37 -0500, Les Mikesell wrote: > Wouldn't this work best with a database approach similar to > greylisting? That is, store the results of your tests with a > count and timestamp so you don't have to repeat them often. Yes, some kind of cache is probably a good idea. If I decide to use this check, I'll probably do just that. > rejects should start with > a short life but live increasingly longer as the use count > increases. That could work. But that would also mean the database has to be updated for for every incoming mail. With a static (short) lifetime for rejects the databse would only have to be updated when a check has been done for an address. Regards /Jonas -- Jonas Eckerman, [EMAIL PROTECTED] http://www.fsdb.org/ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang embedded perl stability issues
Hi, > This is not true in all cases. This is the same problem I'm having. I > can't do a reread. I've been using "use strict" in my filter as long > as I remember. Have run run mimedefang.pl -f mimedefang-filter /tmp as test ? Are there still any warnings ? Martin ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang embedded perl stability issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Add: > > use strict; > > to your mimedefang filter and the problem will stop after you > have fixed all > the error messages. This is not true in all cases. This is the same problem I'm having. I can't do a reread. I've been using "use strict" in my filter as long as I remember. David, I still haven't gotten around to running the gdb commands you suggested in the other thread a few days back. I hope to get to that soon if I have time. Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQNyAn231OrleHxvOEQKfRACgj5TPGIzWaCxGWxh70+zjfwChHwIAmwWe UtEhskBtvRFI+dFgAnnrDUM3 =Q1lK -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Greylisting code, now with mysql Backend
on 6/25/04 9:59 AM, John Kirkland at [EMAIL PROTECTED] wrote: > The mysql version of the greylisting backend has been running fine > overnight, so here is the new code: > > http://www.bl.org/~jpk/md-greylist/ I know my next question is pretty open ended, but what do people on this list prefer for their backend database, and why? I am currently using the DB-File method, but looking at this MySQL implementation. I am worried about the corruption issue that I have been reading about on here lately with DB-File. Thanks, Jeff -- Jeff Grossman ([EMAIL PROTECTED]) ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] GraphDefang
I have been running into problems getting GraphDefang to work in my Redhat 9 machine. Is there anyone willing to chat with me offline about the problems I am having and some of the questions I have. Thank You Will McCorkle Systems Admin. DG Systems (Dallas) [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Greylisting code, now with mysql Backend
The mysql version of the greylisting backend has been running fine overnight, so here is the new code: http://www.bl.org/~jpk/md-greylist/ Regards, John ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] watch-mimedefang
Root permissions.. Nevermind. -Ben Ben Kamen wrote: Hey there, I haven't used watch-mimedefang in a long time and I fired it up today and get this error on the screen: MXCommand: connect: permission denied ??? Is that an X error or something else? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang embedded perl stability issues
On Fri, 25 Jun 2004, Chris Gauch wrote: > Yep -- just realized that -- see my previous email about doing a mimedefang > reread in a cron.daily script. Hopefully removing that reread command will > fix the issue! Could you see if 2.44-BETA-1 fixes it? I applied a patch from Martin Blapp: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-June/022707.html -- David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] watch-mimedefang
On Fri, 25 Jun 2004, Ben Kamen wrote: > I haven't used watch-mimedefang in a long time and I fired it up > today and get this error on the screen: MXCommand: connect: > permission denied It has to be able to read/write /var/spool/MIMEDefang/mimedefang-multiplexor.sock, which means you need to run it as defang or root (or change the permissions on the socket -- not recommended.) -- David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] watch-mimedefang
Hey there, I haven't used watch-mimedefang in a long time and I fired it up today and get this error on the screen: MXCommand: connect: permission denied ??? Is that an X error or something else? Thanks, -Ben ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang embedded perl stability issues
> Yep -- just realized that -- see my previous email about doing a mimedefang > reread in a cron.daily script. Hopefully removing that reread command will > fix the issue! Hi, We had exactly the same issue. Add: use strict; to your mimedefang filter and the problem will stop after you have fixed all the error messages. Martin ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender validation
On Fri, 2004-06-25 at 05:53, Jonas Eckerman wrote: > > (I suppose you use "MAIL FROM: <>" ;-) > > Yep. Don't want to get into a recursive loop with another server doing similar > checks. :-) I was wondering about that possibility. > Yes, there are problems, wich is why my little test is done the way it is. I'd > rather accept too much than reject too much. It still looks like it'd give good > results though. Wouldn't this work best with a database approach similar to greylisting? That is, store the results of your tests with a count and timestamp so you don't have to repeat them often. Success should be good for a long time, rejects should start with a short life but live increasingly longer as the use count increases. This could be hooked to another table via the same database connection as the greylist and a database failure could fall over to allowing mail through so as not to break anything. > Currently I'm monitoring this stuff with a small script that compares the result of > the check to mails that are accepted. As the check looks now, it has not hit *any* > legit mail at all. Every single mail that would have been stopped by my sender check > as it looks now has been stopped by the greylist or the SA check. Of course this > means that the sender check wouldn't really help me stop more spam or virii, but it > would stop some of them at an earlier stage. You could periodically add the most frequently used bad senders into sendmail's access list with REJECT to drop them with even less work. --- Les Mikesell [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang embedded perl stability issues
Yeah, you might want to tail -f your maillog and then do a reread and see if your mimedefang is even capable of a reread on your platform with embedded perl. It is not on mine. Regards, KAM > The only item of doubt is a rulesdujour script that runs in cron.daily -- > this updates a number of my spamassassin rules. I placed a > "/etc/init.d/mimedefang reread" command in that script so that the > multiplexor reread the configuration after a rules update, I suppose that is > the source of the problems (afterall, the server does deal with a large > volume of email, and is quite underpowered). I removed the "reread" command > in the script and have re-enabled the embedded interpreter. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: MIMEDefang embedded perl stability issues
* Chris Gauch <[EMAIL PROTECTED]> > I'm on Redhat Linux 9 for the OS, latest kernel, etc. (through RHN > update). MIMEDefang version is 2.43, Spamassassin 2.63, and ClamAV > 0.72. This problem was fairly consistent when using the embedded perl > interpreter, the MD multiplexor would crash at almost the exact same > time every morning (around 4-5am). I don't encounter the problem when > I'm not using embedded perl. That time of morning is when various cron jobs are run by default, such as those under /etc/cron.{hourly,daily}. I have seen Mandrake and RedHat systems croak in a variety of entertaining ways due to these cron jobs when the system is under heavy load or using excessive amounts of RAM for something. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang embedded perl stability issues
Yep -- just realized that -- see my previous email about doing a mimedefang reread in a cron.daily script. Hopefully removing that reread command will fix the issue! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Blapp Sent: Friday, June 25, 2004 10:34 AM To: [EMAIL PROTECTED] Subject: Re: [Mimedefang] MIMEDefang embedded perl stability issues > I would check your crontab to see what is running at 5AM. This sounds more > like the box running out or ram or something. Are you doing a mimedefang reload at this time ? Martin ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang embedded perl stability issues
The only item of doubt is a rulesdujour script that runs in cron.daily -- this updates a number of my spamassassin rules. I placed a "/etc/init.d/mimedefang reread" command in that script so that the multiplexor reread the configuration after a rules update, I suppose that is the source of the problems (afterall, the server does deal with a large volume of email, and is quite underpowered). I removed the "reread" command in the script and have re-enabled the embedded interpreter. - Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin A. McGrail Sent: Friday, June 25, 2004 10:24 AM To: [EMAIL PROTECTED] Subject: Re: [Mimedefang] MIMEDefang embedded perl stability issues I would check your crontab to see what is running at 5AM. This sounds more like the box running out or ram or something. > A couple weeks ago I opted to use the MIMEDefang embedded perl interpreter > (by turning on MX_EMBED_PERL=yes in the MD init script), however, I have > noticed some stability problems when using the embedded interpreter. Every > morning at 5am the MD multiplexor essentially craps out, requiring > MIMEDefang, clamd, and sendmail to be restarted. I didn't see much in the > log files indicating what was causing the multiplexor to die off, but I do > know that the daily CRON jobs run at around 4-5am every night. > > Any insight would be appreciated. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang embedded perl stability issues
> I would check your crontab to see what is running at 5AM. This sounds more > like the box running out or ram or something. Are you doing a mimedefang reload at this time ? Martin ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang embedded perl stability issues
I would check your crontab to see what is running at 5AM. This sounds more like the box running out or ram or something. > A couple weeks ago I opted to use the MIMEDefang embedded perl interpreter > (by turning on MX_EMBED_PERL=yes in the MD init script), however, I have > noticed some stability problems when using the embedded interpreter. Every > morning at 5am the MD multiplexor essentially craps out, requiring > MIMEDefang, clamd, and sendmail to be restarted. I didn't see much in the > log files indicating what was causing the multiplexor to die off, but I do > know that the daily CRON jobs run at around 4-5am every night. > > Any insight would be appreciated. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang embedded perl stability issues
Hi, > > noticed some stability problems when using the embedded interpreter. Every > > morning at 5am the MD multiplexor essentially craps out, We had the same issue. We found that unproper handling with global variables was the cause. So use 'use strinct' in mimedefang-filter and be careful with global variables. Defined them in the class qw(). Then the errors may stop. Martin ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang embedded perl stability issues
I'm on Redhat Linux 9 for the OS, latest kernel, etc. (through RHN update). MIMEDefang version is 2.43, Spamassassin 2.63, and ClamAV 0.72. This problem was fairly consistent when using the embedded perl interpreter, the MD multiplexor would crash at almost the exact same time every morning (around 4-5am). I don't encounter the problem when I'm not using embedded perl. - Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David F. Skoll Sent: Friday, June 25, 2004 10:02 AM To: [EMAIL PROTECTED] Subject: Re: [Mimedefang] MIMEDefang embedded perl stability issues On Fri, 25 Jun 2004, Chris Gauch wrote: > A couple weeks ago I opted to use the MIMEDefang embedded perl interpreter > (by turning on MX_EMBED_PERL=yes in the MD init script), however, I have > noticed some stability problems when using the embedded interpreter. Every > morning at 5am the MD multiplexor essentially craps out, What OS are you on? I don't observe this. > The embedded perl interpreter definitely minimizes the memory usage by the > MD slaves, but I don't really notice an overall improvement in total memory > usage when using the embedded perl option. All 1.5GB of RAM is still used > up entirely, That's normal under Linux. It uses memory aggressively to do file system caching. -- David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang embedded perl stability issues
On Fri, 25 Jun 2004, Chris Gauch wrote: > A couple weeks ago I opted to use the MIMEDefang embedded perl interpreter > (by turning on MX_EMBED_PERL=yes in the MD init script), however, I have > noticed some stability problems when using the embedded interpreter. Every > morning at 5am the MD multiplexor essentially craps out, What OS are you on? I don't observe this. > The embedded perl interpreter definitely minimizes the memory usage by the > MD slaves, but I don't really notice an overall improvement in total memory > usage when using the embedded perl option. All 1.5GB of RAM is still used > up entirely, That's normal under Linux. It uses memory aggressively to do file system caching. -- David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang embedded perl stability issues
A couple weeks ago I opted to use the MIMEDefang embedded perl interpreter (by turning on MX_EMBED_PERL=yes in the MD init script), however, I have noticed some stability problems when using the embedded interpreter. Every morning at 5am the MD multiplexor essentially craps out, requiring MIMEDefang, clamd, and sendmail to be restarted. I didn't see much in the log files indicating what was causing the multiplexor to die off, but I do know that the daily CRON jobs run at around 4-5am every night. The embedded perl interpreter definitely minimizes the memory usage by the MD slaves, but I don't really notice an overall improvement in total memory usage when using the embedded perl option. All 1.5GB of RAM is still used up entirely, and I have the same number of min/max slaves that I used when I was not using the embedded perl interpreter. I also use a RAM disk for the /var/spool/MIMEDefang directory, and have that set at 128MB. Maybe I'm doing something wrong here, but I haven't found much documentation on the embedded perl interpreter, other than it improves throughput and reduces memory usage. Any insight would be appreciated. - Chris ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender validation
On Fri, 25 Jun 2004 12:01:35 +0200 (CEST), Steffen Kaiser wrote: > Wouldn't you qualify as an address harvester by some IDSes, > because you just connect to the server issue the RCPT TO then drop > the connection? I guess that's a possible problem if you get a lot of mail from one domain. Have to think about that one. > (I suppose you use "MAIL FROM: <>" ;-) Yep. Don't want to get into a recursive loop with another server doing similar checks. :-) > Anyway, what about mail servers that always accepts RCPTs and fail > the connection during DATA phase only? Or when it tempfails you? > Or there is no connection possible? That just means I don't get a clear reject, so I accept the sender. > This method was discussed several times on this list and I got the > impression that it was found unreliable and good in the local > organization only. Yes, there are problems, wich is why my little test is done the way it is. I'd rather accept too much than reject too much. It still looks like it'd give good results though. Currently I'm monitoring this stuff with a small script that compares the result of the check to mails that are accepted. As the check looks now, it has not hit *any* legit mail at all. Every single mail that would have been stopped by my sender check as it looks now has been stopped by the greylist or the SA check. Of course this means that the sender check wouldn't really help me stop more spam or virii, but it would stop some of them at an earlier stage. Regards /Jonas -- Jonas Eckerman, [EMAIL PROTECTED] http://www.fsdb.org/ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender validation
On Thu, 24 Jun 2004, Kelson Vibber wrote: The logic is more along the lines of: - Sender claims to be [EMAIL PROTECTED] - Look up MX records for speed.net - Connect to mail.speed.net and see if it accepts mail for [EMAIL PROTECTED] - From "User unknown" error, conclude that the sender is invalid and reject the message In the old days, it might have been done using VRFY, but so many sites have disabled it to throw a roadblock in front of dictionary attacks. Wouldn't you qualify as an address harvester by some IDSes, because you just connect to the server issue the RCPT TO then drop the connection? (I suppose you use "MAIL FROM: <>" ;-) Anyway, what about mail servers that always accepts RCPTs and fail the connection during DATA phase only? Or when it tempfails you? Or there is no connection possible? This method was discussed several times on this list and I got the impression that it was found unreliable and good in the local organization only. Bye, -- Steffen Kaiser ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Out of memory problem and missing attachments
On Thu, 24 Jun 2004, Jonas Eckerman wrote: If you're using all the rules from the rulesemporium, then yes. To get the size down I would suggest using SURBLs (www.surbl.org) instead of "bigevil.cf" and "blacklist-uri.cf". That dropped the image by approx. 15MB. Also consider not using "blacklist.cf" (a 1MB file of regular expressions...). Doh! This one costs about 40MB!! Thanks, -- Steffen Kaiser ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender validation
On Thu, 24 Jun 2004 13:12:36 -0400 (EDT), David F. Skoll wrote: > See the thread at [...] for some pitfalls. Thanks for the link. That thread seems to mostly deal with <> and postmaster. I don't try to validate <> or [EMAIL PROTECTED] My current list of patterns to validate looks like this: if ($sender !~ /^?$/ && $sender !~ /^ to multiple recipients (after DATA). Even if it only catches a few spams (does it?), it'd be such a small addition to the filter's code that it'd be worth it...) /Jonas -- Jonas Eckerman, [EMAIL PROTECTED] http://www.fsdb.org/ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender validation
On Thu, Jun 24, 2004 at 09:35:35PM -0500, Daniel Taylor wrote: > |>The SPF Milter allows you to define a default SPF record > |>to be used when the site does not have a published record. > | > | I use the SPF Milter.. and missed the concept of default SPF record. > What would > | make sense as a value? mx ~all ? What do you use, and how do you set > it up? > > The default default record is essentially "a mx ?all". > > To enable it use: > push (@extraParams, guess => 1); Hmm.. this looks like it's using the perl module Mail::SPF::Query internally? As you can find in: http://search.cpan.org/~freeside/Mail-SPF-Query-1.997/Query.pm is: > The default mechanisms for guess=>1 are "a/24 mx/24 ptr". (I know, because I had this in mind when designing our new smtp and MX network layout :) -- #!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]> $p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+ $_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9, 3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender validation
On Thu, 24 Jun 2004 11:00:04 -0500, Daniel Taylor wrote: > It is easier to use SPF for this. Nah. SPF is a completely different thing. SPF is for checking wether the relay sending to me is supposed to send mail from a specific domain. That's not what I'm testing at all. I'm testing wether a senders address is valid (with a bunch of excemptions). /Jonas -- Jonas Eckerman, [EMAIL PROTECTED] http://www.fsdb.org/ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang