Even not giving the politically correct error numbers, rejecting the message saying that we have reason to believe the message is SPAM. I don't mind missing one or two emails which are incorrectly addressed, 99% of the mail that comes in like this is spam. Since having to support our mail services, I have decided the only thing to do is get tough on spam.
Justin.
Adam Goryachev wrote:
On Tue, 2004-11-23 at 18:57, Jason Haar wrote:
Justin Fielding wrote:
I am suffering from dictionary spam attacks causing qmail-scanner with clamav and SA to overload the servers memory and now and then crash it. When the spammer connects and starts firing off all these emails, before qmail can just dump the ones to non-exising addresses, they go through clamav and spamassassin. Quite often these spams will have attachments too with spyware inside, so these are scanned. It would be great to have the qmail-scanner script give the option to check for a mailboxes validity, and if it does not exist, reject it at the smtp level. This could be done by recompiling qmail-smtpd, but I have a plesk system which uses a custom qmail-smtpd so I can't patch.Please listen to what you said: "I won't patch my qmail install to do what I want, so I think Q-S should be 'fixed' to do it for me"...
Even if qmail-scanner did support this, you need to re-compile qmail anyway, so that you can provide a reasonable message as to *why* you have rejected the message.
I agree that dictionary attacks are a real problem for relay servers in general (not just Qmail: doesn't help to be running sendmail or postfix if all your Internet mail server does is relay to an Exchange/or other backend) - and the best solution is to patch qmail-smtpd with one of the recipient-check patches - as outlined on http://www.qmail.org.
True.... Though (for me at least) it is much easier to edit a perl script to check my customised setup, than it is to try to edit the C code within qmail!
In any case, I'm not particularly concerned about this (at least not yet).
But Q-S doesn't have "hooks" into that part of the SMTP transaction - it only gets called after the DATA command is sent. So best-case is that after the client has *finished* sending the e-mail - Q-S could reject it. But that won't work either! What if there were 5 recipients - and only one was a bogus user? Q-S can't reject it then - the 4 valid users WOULD LOSE MAIL.
However, it is *perfect* for rejecting emails based on content. There was a lengthy discussion some time ago regarding 55x mail that included viruses, spam, or other unwanted content. qmail-scanner is the best place for this code, but it still doesn't exist!
IMHO, qmail-scanner should allow for this! (In fact, I patched my qmail-scanner to do this today).
Sure, it requires a patch to also be applied to qmail, but if the patch is not applied, it *can* still be done. Either qmail-scanner should try to detect if the patch is applied, or should be provided with this information at configure time. Then, a couple extra configure options: --reject-virus [yes|no] --reject-spam [yes|no|<score>] --reject-badmime [yes|no]
It's not the best tool for the job. It's not even possible for it to do the job!
Of course, it would be much nicer if qmail would allow us to send a detailed, custom message back explaining why the message was rejected, but even a generic message for each of the above 3 categories is better than nothing. I've yet to notice whether this provides a load decrease or not, but technically it should mean that my server will no longer need to send/generate the notification emails to sender/recipient, and that it doesn't need to deal with the bounce messages etc...
For those people that are interested, wait until the end of the week, and then ask me for the patch... I'd like to wait and see if there are any other bugs etc first...
For those other interested people, so far I have rejected 1060 spam, 201 virus, 1417 "BAD MIME" messages in approx 9 hours.
Regards, Adam
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
smime.p7s
Description: S/MIME Cryptographic Signature
