Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmail

Chuck Swiger cswiger at mac.com
Fri Apr 6 14:43:52 UTC 2007


Christopher Martin wrote:
> Spam with randomly generated recipient addresses is draining our mail
> system's life away, and it seems the easiest way would be to verify the
> receiving party's/parties' address against Active Directory and then
> TEMPFAIL any mails that don't have any valid internal mails (rejects would
> allow directory harvesting to work).
> 
> Our network has a frontline mail filter system running FreeBSD 6.2,
> Sendmail, milter-regex, Spam Assassin 3.1.8 and Clam AV, which delivers to
> our internal Exchange server via a smarthost entry.

You don't seem to mention using greylisting-- that will return a 4xx temp 
failure for all initial connections (except from sites which have been 
whitelisted).  Only if the sender retries will the mail go through-- this 
works great against dictionary-style attacks.

-- 
-Chuck


More information about the freebsd-questions mailing list