On 09/04/18 15:24, David Jones wrote:
I was wondering if anyone knows of an SA plugin or another method to determine if the envelope-from domain has a valid MX record that is listening on TCP port 25. I don't think it would be a major scorer but it could be useful in meta rules.
This might not really answer your question, but I've had really good results leaving all this to the MTA (Exim in my case). I actually go for the whole hog full callout verification - checking with the MX that the sender really exists. I know that some people are against this and say that you get blacklisted - but I've been doing this for about 8 months on 4 sites and it has worked very well. I have a local full callout verification whitelist - to skip callout verification mainly for Microsoft operated domains - which will blacklist you at the drop of the hat. Pretty much everybody else on the internet seems to understand the full callout verification has more advantages than disadvantages in fighting spam. I also use Exim to keep count of how many callout verifications have failed for an origin IP address and then start rejecting connections after 10/24 hours - to stop spammers from using my boxes as dictionary attacks proxies against other domains (and getting me blacklisted in the process).
All of this seems to have worked out very well so far - but I realise that it will depend on the size of the email system and number of mailboxes and all sorts of other things - so it might not work so well elsewhere.
