Ok.. I wasn't going to say anything.. But now I am... :) I don't like this perl script because it puts usernames and passwords to an internal system on the external box (more exposure) -- and won't work unless you poke holes in a firewall (assuming the mail server is in a DMZ. Running the script on a Windows box and pushing the files to your mail relay seems a more secure approach. I would like to give this script credit for making a very controlled (filtered) LDAP search and excluding anything other than SMTP addresses. You could easily run this script internally and then securely (SSH or other means ) copy it out to the relay, but that doesn't seem to be the author's intent.
---- I don't like the last VB script that was offered up because it looks to only gather user/mail info from one container (not the entire mail domain). This script does gather the info internally, and then pushes it externally, and that seems more secure (while it should undergo a rewrite to exclude NON-SMTP [X400 addresses and the like], as the perl script does, before it gets to your mailrelay). $.02 Steven Windows scripter and win32-perl advocate -----Original Message----- From: Matt Linzbach [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 20, 2005 9:25 AM To: [EMAIL PROTECTED]; spamassassin-users@incubator.apache.org Subject: RE: Postfix/SA/Exchange 2000 'NDR attack' exploit spam and other bad things > So, I guess my question would be, does anyone know of a way to allow a > natural recipient validation check downstream to the Exchange > 2003 server > before SA starts working, so that SA does not start testing on all > these bogus email addresses. Again, I am looking for some solution > that does not involve creating recipient verification maps on the > Postfix server. We use the following script to verify the intended recipeint is a valid smtp address. http://www-personal.umich.edu/~malth/gaptuning/postfix/ You might want to check these archives or the amavisd-new archives for getadsmtp.pl. HTH -- Matt
