From owner-freebsd-questions@FreeBSD.ORG Sat Mar 10 23:44:08 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EDDEE16A408 for ; Sat, 10 Mar 2007 23:44:08 +0000 (UTC) (envelope-from prandal@herefordshire.gov.uk) Received: from gateway.herefordshire.gov.uk (gateway.herefordshire.gov.uk [81.171.138.7]) by mx1.freebsd.org (Postfix) with ESMTP id 28D1613C4B2 for ; Sat, 10 Mar 2007 23:44:07 +0000 (UTC) (envelope-from prandal@herefordshire.gov.uk) Received: from hc-exfe02.herefordshire.gov.uk ([10.1.251.245]) by gateway.herefordshire.gov.uk (8.13.8/8.13.8) with ESMTP id l2ANNamY006580; Sat, 10 Mar 2007 23:23:36 GMT Received: from HC-MBX02.herefordshire.gov.uk ([10.1.250.54]) by hc-exfe02.herefordshire.gov.uk with Microsoft SMTPSVC(6.0.3790.1830); Sat, 10 Mar 2007 23:23:36 +0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Sat, 10 Mar 2007 23:23:35 -0000 Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CEA0@HC-MBX02.herefordshire.gov.uk> In-reply-to: <26face530703101127l558d2db7y54ddb6674d663383@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Tool for validating sender address as spam-fighting technique? Thread-Index: AcdjSknO27CbNRFjSry+oMP8MVOQ8gAINRWw References: <26face530703101127l558d2db7y54ddb6674d663383@mail.gmail.com> From: "Randal, Phil" To: "Kelly Jones" , , , , , X-OriginalArrivalTime: 10 Mar 2007 23:23:36.0651 (UTC) FILETIME=[20D021B0:01C7636B] X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (gateway.herefordshire.gov.uk [172.27.0.2]); Sat, 10 Mar 2007 23:23:37 +0000 (GMT) X-herefordshire-gov-uk-MailScanner-Information: Please contact the ISP for more information X-herefordshire-gov-uk-MailScanner: Found to be clean X-MailScanner-From: prandal@herefordshire.gov.uk X-Mailman-Approved-At: Sun, 11 Mar 2007 11:18:46 +0000 Cc: Subject: RE: Tool for validating sender address as spam-fighting technique? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Mar 2007 23:44:09 -0000 smf-sav is one sendmail milter which does this: http://smfs.sourceforge.net/smf-sav.html SAV v1.3.0 - console utility for e-Mail Sender Address Verification (also at http://smfs.sf.net/ ) Cheers, Phil -----Original Message----- From: Kelly Jones [mailto:kelly.terry.jones@gmail.com]=20 Sent: 10 March 2007 19:28 To: freebsd-questions@freebsd.org; users@spamassassin.apache.org; linuxusersgroup@googlegroups.com; nmlug@nmlug.org; nmosug-l@mailman.swcp.com Subject: Tool for validating sender address as spam-fighting technique? To fight spam, I want to validate the address (not necessarily in real-time) of the a given email sender. Is there a Unix tool that does this? The basics are simple: to validate "kmnyqi@wnonline.net", I connect to the MX record of wnonline.net and go as far as "RCPT TO" as follows: > host -t mx wnonline.net wnonline.net mail is handled by 5 wnspf.bayou.com. > telnet wnspf.bayou.com. 25 Trying 209.209.192.75... Connected to wnspf.bayou.com.. Escape character is '^]'. 220 Welcome to Bayou mxfilter HELO domaintester.com 250 mxfilter.bayou.com MAIL FROM: 250 Ok RCPT TO: 550 : Recipient address rejected: 5.1.1 ... User unknown QUIT 221 Bye Connection closed by foreign host. This tells me kmnyqi@wnonline.net is an invalid address and that mail from that address is probably bogus. A more sophisticated tool would cache results, handle temporary failures (eg, inability to connect to the MX server), handle multiple MX records, perhaps even publish results [carefully, to avoid giving spammers a source of legit email addresses!], etc. Plus, I'd prefer to use a tested tool vs hacking something up myself. I realize this technique is far from perfect: Spammers spoof legit addresses Bounces/Mailing lists/etc legitimately use "do not reply" addresses It could be considered unfriendly to the target MX servers Some mail servers incorrectly say "user unknown" when they see spam, figuring it's more of a deterrent than saying "you're a spammer" Some mail servers inefficiently accept mail for "foo@xxx.com" (where xxx.com is one of their domains), figure out if foo exists later, and send a bounce back to the envelope sender, instead of rejecting email at the SMTP level (a really good tool would create throwaway addresses to catch these cases too) ... but I still think it might help. --=20 We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile.