http://www.snert.com/Software/milter-sender/
It basically verifies the sender address before allowing it through. It is fairly resource intensive though (mainly memory), and you may need to raise the limit on your sendmail child daemons if you have it set moderately (depending on your load of course).
I've thought of doing the same thing, but every double bounce I've run through SA (just a few dozen different ones) are caught by spamassassin for us (SA runs on the internal mail server in our case, gateway runs virus+rbl+miltersender blocks at the connection/mta level). Though in the past two weeks we've still accumulated about 900MB of double bounced junk. We've stopped actively collecting it for now, since it was pretty much a waste of time for us really. Perhaps once or twice a month there was a real message that got stuck in the queue from a user that didn't know what they were doing (wrong to:/from: addresses, etc). We did lower the queue time to 36hrs or so, down from 96hrs, which helped lower the burden on the box as well.
Anyway, it probably would be useful in the end to help stop junk from getting through, I've not done anything with it so far since SA is running really well for us without rocking the boat too much.
Ryan Moore ---------- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net
Adam D. Lopresto wrote:
No. I guess I didn't convey my meaning very well. My situation: I have a box called postal receives all incoming mail for a few domains, runs SpamAssassin on it, and then sends it on to the real mailserver for intended domain. The problem is that postal can't know what users are valid on the actual domains, so it allows everything through, including a lot of spam for users whose accounts expired years ago. So it sends the mail on to the domain, which rejects it with a 550 User unknown. At that point, postal tries to send back a bounce to the sender, to say that the mail can't be delivered. But in many, many cases the sender is a spammer who forged an address that itself can't be delivered to. So I end up with large numbers of emails that will never be delivered.
----- The following addresses had permanent fatal errors ----- <[EMAIL PROTECTED]> (reason: 554 delivery error: dd This user doesn't have a yahoo.com account ([EMAIL PROTECTED]) [0] - mta166.mail.scd.yahoo.com)
If you set confDOUBLE_BOUNCE_ADDRESS in sendmail.mc (or the DoubleBounceAddress option in sendmail.cf if you're masochistic that way) you can give it an address that those messages will go to. Analyzing a few thousand of them (the result of one typical day) I found that they all had the same format (predictably, since they came through the same process), and they were *all* spam (but there were false negatives that didn't get flagged as spam, and many that didn't either autolearn as bayes or trigger the bayes rules). Since we have a sitewide bayes, it would be really, really nice to be able to feed those automatically to it (they get spam I don't, and I'm one of very few people who actually feeds bayes).
So I could write a script that splits out the appropriate mime part, but it would take a little work, and I was hoping someone had already done it. And if not, the question is whether I'm the first one to think of something great, or whether there's some (semi-)obvious reason it's a bad idea and no one has pursued it in the first place.
On Sun, 23 Nov 2003, Robert Menschel wrote:
Hello Adam,
Thursday, November 20, 2003, 2:13:24 PM, you wrote:
ADL> Recently I got sick of seeing the queue on my SpamAssassin gateway full of ADL> double bounces that will never be delivered, ...
Would http://www.exit0.us/index.php/VirusBounceRules help?
Bob Menschel
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
