Steve wrote: > I'm looking for suggestions as to the best way to do this. > > I've a catch-all mail strategy for a domain, and a number of users > have accounts - say - [EMAIL PROTECTED]; [EMAIL PROTECTED] etc. When > engaging with a new contact, or mailing list, a new email address is > generated. For example: > > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > etc. etc. etc. > > Valid email addresses have a well-known structure (i.e. [A-z.]*_NAME) > so, for example [EMAIL PROTECTED] is clearly a bogus address. > > Is there a straightforward way to establish rules to validate the > intended recipient using spamassassin? Is the spamassassin level the > best way to go about exploiting this clear spam-trait, or is it better > exploited at the MTA level. Any ideas? > > An idea for the future might well be to add to the spam-score of > messages sent to an individual contact's email address which doesn't > originate from the expected domain.
Catch-all setups always have this problem. You could use SA to figure out which addresses are likely to be valid, but this means that you have to accept the message and then call SA for EVERY one of these emails. The best way is to use your MTA. Set up a method for your users to create these email addresses as real email aliases in your MTA. Then you can set your MTA to only accept valid email addresses and the problem goes away. -- Bowie
