[milters] Archive

Lists Index Date Thread Search

Article: 351
From: Adam Gibson
Date: 2005-02-18 10:23:50 -0500
Subject: Re: user account fishing

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

I have run across a problem where a mail server was doing something 
similar to combat spam which caused us to become deadlocked with each 
other and not be able to send email to their domain because they blocked us.

 From what their email admin told me they apparently put some bogus 
emails on their website for spam email harvesters to find.  The 
anti-spam software they use waits for a mail server to try and send an 
email to that trap email address and temporarily sets a block on that 
sending server.  I think you can see where this is going...

A spammer sends an email to us with a from address of a random email 
from their harvested list which just happens to be one of the emails 
that the company put on their website.  Milter-sender sees the from 
address and tries to do a verification of the email address against 
their email server.  Their email server sees the rcpt to: with the trap 
email address and blocks our servers for awhile...  Hours later when we 
try to resend it we get the same thing over again.

Meanwhile any emails that we need to send to that companies domain just 
get rejected by their server because of the spam email that is trying to 
get sent to our domain.

I had to manually contact their email admin to get all this straightened 
out but eventually we both setup a whitelist to bypass the spam checks 
for each others mail servers.

I sure hope this is not something that will catch on because it could 
cause major problems with milter-sender.  Has anyone else seen this type 
of spam protection on mail server before?

Aaron Berg wrote:
...
> One idea might be to just keep a log of valid email addresses in a 
> specified database. Then just autoblacklist ip's for some period of time 
> after they have tried too many non-valid addresses. But it seems like 
> this would be more work then is needed. Could the milter just parse 
> passwd and virtusertable for valid email addresses just like sendmail 
> does? Where there is a will there is a way.

Lists Index Date Thread Search