f



Rejecting based on from address

Sendmail version 8.14.5 (Yeah, I know; I'm not in a position to update.)

In the neverending battle against spammers, I have, of late, noticed a
number of emails coming in like this:

from=<99999-99999999999-99999-user=domain.invalid@bounce.yorlantrails.com>

(and other variants using non-numerics...)

They're coming in from a variety of IP addresses and domain names. 
I've managed to successfully kill off mails from, say, the .stream 
domain by adding it to the access file.  What I would like to do is to 
to reject these mails based not on the domain name, but on what's to
the left of the @ sign - something like:

from:.*user=domain.invalid@   REJECT

I tried using just "from:user=domain.invalid@" but it doesn't seem to work.

-- 
Joe Makowiec
http://makowiec.org/
Email: http://makowiec.org/contact/?Joe
Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/
0
Joe
9/8/2016 4:41:52 PM
comp.mail.sendmail 13518 articles. 1 followers. jfretby (35) is leader. Post Follow

10 Replies
139 Views

Similar Articles

[PageSpeed] 37

Joe Makowiec  wrote:

> from=<99999-99999999999-99999-user=domain.invalid@bounce.yorlantrails.com>

> from:.*user=domain.invalid@   REJECT

> I tried using just "from:user=domain.invalid@" but it doesn't seem to work.

Why would you expect it to work?


You can write a custom rule (Local_check_mail) and use a regex map to
match the pattern. You can most likely find some examples on the 'net.


-- 
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.
0
Claus
9/8/2016 5:42:02 PM
On 08 Sep 2016 in comp.mail.sendmail, Claus A�mann wrote:

> You can write a custom rule (Local_check_mail) and use a regex map to
> match the pattern. You can most likely find some examples on the 'net.

Thank you.  Off to do some research...

-- 
Joe Makowiec
http://makowiec.org/
Email: http://makowiec.org/contact/?Joe
Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/
0
Joe
9/8/2016 6:12:27 PM
On 08/09/16 19:12, Joe Makowiec wrote:
> On 08 Sep 2016 in comp.mail.sendmail, Claus A�mann wrote:
>
>> You can write a custom rule (Local_check_mail) and use a regex map to
>> match the pattern. You can most likely find some examples on the 'net.
>
> Thank you.  Off to do some research...
>

You might also like to check milter-regex. Less efficient, but possibly 
more flexible and easier to use.
http://www.benzedrine.ch/milter-regex.html


-- 
Mike Scott (unet2 <at> [deletethis] scottsonline.org.uk)
Harlow Essex
"The only way is Brexit" -- anon.
0
Mike
9/9/2016 7:06:31 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:

> from:.*user=domain.invalid@   REJECT

> I tried using just "from:user=domain.invalid@" but it doesn't seem to
> work.

If you are already using spamassassin, you could add a rule to your
local.cf

header INVALID_DOMAIN_RULE From =~ /from:user=domain.invalid\@/
score  INVALID_DOMAIN_RULE 10.0


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlfTJaMACgkQL6j7milTFsHzswCfbUr+gFQjiXS/r0WBTLJVNx/z
/FEAn2IOqNMjoQyn3pesmlivSYgCL5q2
=IwaH
-----END PGP SIGNATURE-----
0
Carl
9/9/2016 9:12:24 PM
On 09 Sep 2016 in comp.mail.sendmail, Carl Byington wrote:

> On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:
> 
>> from:.*user=domain.invalid@   REJECT
> 
>> I tried using just "from:user=domain.invalid@" but it doesn't seem to
>> work. 
> 
> If you are already using spamassassin, you could add a rule to your
> local.cf
> 
> header INVALID_DOMAIN_RULE From =~ /from:user=domain.invalid\@/
> score  INVALID_DOMAIN_RULE 10.0

Thanks.  Good idea, and I've implemented it.  However, I've got 
spamassassin configured only to tag, not to kill, and I'd like to set up 
something which will kill messages with that pattern before they even get 
to spamassassin.

-- 
Joe Makowiec
http://makowiec.org/
Email: http://makowiec.org/contact/?Joe
Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/
0
Joe
9/10/2016 7:38:22 PM
On 09 Sep 2016 in comp.mail.sendmail, Mike Scott wrote:

> You might also like to check milter-regex. Less efficient, but
> possibly more flexible and easier to use.
> http://www.benzedrine.ch/milter-regex.html

I'll look at that, too.  Thanks.

-- 
Joe Makowiec
http://makowiec.org/
Email: http://makowiec.org/contact/?Joe
Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/
0
Joe
9/10/2016 7:42:48 PM
Joe Makowiec <makowiec@invalid.invalid> wrote:

> On 09 Sep 2016 in comp.mail.sendmail, Carl Byington wrote:
> 
>> On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:
>> 
>>> from:.*user=domain.invalid@   REJECT
>> 
>>> I tried using just "from:user=domain.invalid@" but it doesn't seem to
>>> work. 
>> 
>> If you are already using spamassassin, you could add a rule to your
>> local.cf
>> 
>> header INVALID_DOMAIN_RULE From =~ /from:user=domain.invalid\@/
>> score  INVALID_DOMAIN_RULE 10.0
> 
> Thanks.  Good idea, and I've implemented it.  However, I've got 
> spamassassin configured only to tag, not to kill, and I'd like to set up 
> something which will kill messages with that pattern before they even get 
> to spamassassin.

I recommend mailfromd in general, one of the best.

Mike
 

--- news://freenews.netfront.net/ - complaints: news@netfront.net ---
0
dl8fbh
9/11/2016 10:07:58 AM
On 11/09/16 11:07, dl8fbh@dl8fbh.ampr.org wrote:
....
>
> I recommend mailfromd in general, one of the best.
>
> Mike


I've just had a look at that - maybe I'm misunderstanding something, but 
I think the 'strict' 'callout' test for sender email address validity is 
wrong.

Rather than check the given domain name ("standard" check), "strict" 
does a reverse lookup on sender IP, gets an MX list for that name, and 
checks whether any of those will accept mail for the sender's email 
address. That's fine if outbound and inbound email are handled by the 
exact same server(s).

But an outbound route is not necessarily the same as inbound: my own 
home setup is a case in point, where outbound mail all passes through my 
ISP's mail server, yet I handle inbound directly on my own server, the 
ISP server knowing nothing about my domain. Thus if I send mail to 
someone using mailfromd's "strict" mode, they'll see my ISP's IP 
address, get my ISP's domain name and MX records, test /my/ email 
address against each of /those/, which will of course fail, and bounce 
the email. Which is quite wrong behaviour, as everything I'm doing is 
legitimate.

Or have I not understood correctly?



-- 
Mike Scott (unet2 <at> [deletethis] scottsonline.org.uk)
Harlow Essex
"The only way is Brexit" -- anon.
0
Mike
9/12/2016 7:56:09 AM
On Thu, 08 Sep 2016 16:41:52 +0000, Joe Makowiec wrote:

> Sendmail version 8.14.5 (Yeah, I know; I'm not in a position to update.)
> 
> In the neverending battle against spammers, I have, of late, noticed a
> number of emails coming in like this:
> 
> from=<99999-99999999999-99999-
user=domain.invalid@bounce.yorlantrails.com>
> 
> (and other variants using non-numerics...)
> 
> They're coming in from a variety of IP addresses and domain names. I've
> managed to successfully kill off mails from, say, the .stream domain by
> adding it to the access file.  What I would like to do is to to reject
> these mails based not on the domain name, but on what's to the left of
> the @ sign - something like:
> 
> from:.*user=domain.invalid@   REJECT
> 
> I tried using just "from:user=domain.invalid@" but it doesn't seem to
> work.

Yet another use for mime-defang milter! Simplicity itself, Perl's 
comprehensive regex capabilities are just magic.  See my earlier post Re: 
Intercepting and redirecting emails.

Yes, it can dump emails too.  (Rejecting spam is a VERY BAD THING to do, 
ALWAYS dump them to the great bit-bucket in the sky).
0
Robin
9/14/2016 11:44:18 PM
On Wed, 14 Sep 2016 23:44:18 +0000, Robin wrote:

> Yet another use for mime-defang milter! Simplicity itself, Perl's
> comprehensive regex capabilities are just magic.  See my earlier post
> Re: Intercepting and redirecting emails.
> 
> Yes, it can dump emails too.  (Rejecting spam is a VERY BAD THING to do,
> ALWAYS dump them to the great bit-bucket in the sky).

Plus of course procmail, the default delivery agent that comes with just 
about every sendmail package I've seen, can also do the job. Has similar 
powerful regex's that can be applied to 'from' addresses (and a load of 
other spam identifiers that may be available - e.g., clamav, spamassin, 
etc) whence the entire email can be dumped to /dev/null, never to be seen 
again (except in the logfile, if configured).

Since it's probably already installed and used to deliver your email, all 
you need do is configure it in /etc/procmailrc (create if it doesn't 
already exist).

Once again, DO NOT REJECT IDENTIFIED SPAM in sendmail.  Never, not ever.  
Or ever.  Don't even think about it (except, perhaps, the consequences 
and the error of your ways).  Sorry if the cap fits.
0
Robin
9/15/2016 12:15:34 AM
Reply: