Because of various legacy issues, I find myself managing a pretty crusty old
infrastructure, where the mailers at the edge can't fully check mail for "user
unknown" or even "domain unknown" conditions. We instead end up accepting a
large amount of crap mail in (such as dictionary attacks) which we are forced
to bounce when it gets to the second stage. Thus, the scene is set: we
contribute to blowback.
I would really like to do something about it. What I really want to do is
limit the domains (list of <200 instead of * MX) and do address-verification
on recipients to make sure the second-stage is going to be able to deliver.
I'm going down that path but it's going to be a long road.
In the meantime, I have been thinking about whether I can do something with
the outbound messages, such as searching through and verifying SPF after the
fact, and tossing the bounce if SPF wouldn't have given a PASS result. For
that, I would have to analyze the Received: line added by my mailserver.
So, while we are on the subject of Received: lines, has anyone out there
created tools to take apart the Received: lines and to do SPF after the fact?
In my case I would be doing SPF on the message being bounced, not the bounce
itself (i.e. scanning the attachment, not the actual headers). But if someone
has already done the parsing Received: part I would love to not reinvent the
wheel.
So far Spamassassin is the only thing I know of that analyzes Received:
headers and gives an SPF result. Anything else out there that you guys know
of?
Thanks
gregc
--
Greg Connor
gconnor(_at_)nekodojo(_dot_)org
Everyone says that having power is a great responsibility. This is a lot
of bunk. Responsibility is when someone can blame you if something goes
wrong. When you have power you are surrounded by people whose job it is
to take the blame for your mistakes. If they're smart, that is.
-- Cerebus, "On Governing"