From: Anthony Howe
Date: 2005-02-18 00:49:20 -0500
Subject: Re: user account fishing
More information..: http://www.milter.info/#Support
Aaron Berg wrote:
> That information is interesting. This would explain why I have found
> milters that allow you to do regular expressions on the recieved
> messages as the come in and before they get to sendmail.
> One idea might be to just keep a log of valid email addresses in a
> specified database. Then just autoblacklist ip's for some period of time
> after they have tried too many non-valid addresses. But it seems like
> this would be more work then is needed. Could the milter just parse
> passwd and virtusertable for valid email addresses just like sendmail
> does? Where there is a will there is a way
Early versions of milter-sender tried to detect legitimate local users
for the purpose of white-listing from within the milter, but determining
a local user address is actually pretty complex operation in sendmail.
Trivial attempts and assumptions with getpwnam(), virtusertable,
aliases, mascaraeding, relay forwarding, and other transformation, LDAP,
Cyrus virtual users, etc. just became a nightname to do correctly for
little gain. I abandoned that after a while, which simplied the
white-listing model and implementation and became better, leaving
sendmail to report "user unknown".
To do something similar is for the purpose of blacklisting would be
almost useless in a milter. There are too many edge cases to get right.
Anthony C Howe +33 6 11 89 73 78
7116561 AIM: Sir Wumpus
"held in my arms / his sun washed face / eyes closed" - Anthony
Copyright 2009, 2012 by SnertSoft. All rights reserved.