Thanks for your reply.
Stuart D. Gathman elucidated on 13/11/06 16:49:
On Mon, 13 Nov 2006, Julian Mehnle wrote:
I wonder if there is complete solution to spam, which checks upon
connection to the MX and does Reject 554 at the SMTP level if certain
checks fail before the email ever really enters the MX propper?
I'll leave it for others to explain how that can be easily accomplished
with modern MTAs using various tools such as SpamAssassin, DNS reputation
Here is another example, the complete solution I use is pymilter
[http://pymilter.sourceforge.net]. This uses sendmail (or postfix)
with milter API and a python script.
Briefly, it checks SPF on incoming mail. It notes recipients
on outgoing email, and any incoming SPF pass that matches an outgoing
rcpt to is whitelisted. That delivers all regular correspondents
email that publish SPF with no fuss. Before checking SPF, blacklisted
domains and IPs are rejected.
Where does the blacklist of domains and IPs come from?
Can I add my own blacklisted From: user(_at_)host(_dot_)com to be Rejected with
554 as well?
For non-SPF correspondents (or lame ?all or ~all policies),
some heuristics are applied. E.g., SPF none is converted to a
guessed neutral or pass by applying the guessed policy "v=spf1 a/24 mx/24
A guessed pass proceeds to the above.
If we don't have a pass yet, we check whether either the rDNS (PTR)
or HELO name is valid. If neither is valid, we reject the connection.
(Many ISPs reject on invalid rDNS alone, but that policy is unfair
to small domain owners don't always have access to an ISP capable
of setting it properly. The HELO, on the other hand, is also required
by rfc2821 and completely under their control.)
So if they put "HELO gmail.com" will that get through even though they
dont have Reverse DNS set up on their IP?
DSNs to unsigned recipients are rejected (we sign all outgoing mail with SRS).
We use some heuristics to treat mail from, e.g., postmaster as a DSN
because of all the RFC ignorant MTAs out there.
Sorry, what's a DSN?
If we haven't passed or rejected yet, we check a local policy database
(sendmail access file) with rules like
which says to accept anonymous mail claiming to be from example.com,
presumably because example.com is an important client, despite being
clueless about email, and we haven't been badly bitten by forgeries yet.
Email to honeypot mailboxes is used to train a bayesian content filter.
(As is whitelisted incoming mail with SPF pass.)
The content filter quarantines statistically spammy messages.
Do you ever do a Reject 554 on emails determined spam by Bayesian or
statistically likely to be spam? or having a gif attachment etc?
At this point, we do CBV, or send a DSN (explaining permerrors,
invalid HELO, quarantined mail, etc) to verify the sender. If this fails, the
sender is blacklisted, and is immediately rejected from this point on.
Is that an automated email to the user, asking them to confirm they are
a person and not a spam bot etc? I'm not fond of these, I wrote about
the problems with auto-responder solutions on my webblog:
Anonymous or never before seen mail that doesn't look spammy to the
content filter is delivered.
That sounds good
Thanks for your reply, kind regards
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
please go to http://v2.listbox.com/member/?list_id=735