I should have been more clear, I use gateways in from of Imail peer groups neither can use the nobody alias becuase they do not know where the mail is going to be delivered. Currently I have two gateways in front of a 7 server peering group
Rick Davidson National Systems Manager North American Title Company 440-953-9346 - Office 440-953-0925 - Fax 440-487-7344 - Mobile [EMAIL PROTECTED] - ----- Original Message ----- From: "Matt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 12, 2004 5:25 PM Subject: Re: [Declude.Virus] Accepting SPAM pads spammer's success stats > Remove the "nobody" alias and IMail will reject all invalid addresses > during the SMTP envelope. > > Matt > > > > Rick Davidson wrote: > > >As a long time anti-spam combatant and Declude user I am seeing something I > >am interpreting as another way spammers are exploiting us. The problem with > >this scenario is that it is a catch22 because we cant bounce spam back to > >the senders. I used to own an ISP but sold it a few months ago due to the > >stiff competition and had been using Imail and Declude as spam and anti > >virus gateways, which I am now doing for the large company I work for now. I > >see guys asking about server specs and high spam loads so this prompted me > >to share what I have seen and am now seeing in my new workplace. > > > >It seems that the more successful we are at stopping spam the more then send > >to us, not just to valid addresses and dictionary type deliveries but large > >volumes of spam that have no chance of being sent to a valid user for > >example [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] and so on on and > >on and on and on. I have seen this in the millions of messages and I believe > >its because we accept the mail and delete it because its obvious spam. The > >spammers then can say to their customers that they delivered some huge > >amount of their advertisements when in fact they just sent invalid recipient > >email to our mail vaporizers because they know we will accept it. > > > >The company that bought my ISP is Unix based and was able to write a program > >that looked at a list of valid email addresses and only accepted the > >connection if it found a valid recipient. And then after x amount of invalid > >user attempts they blacklisted the IPs. We found over 30,000 spam zombies > >were responsible for the invalid user email flood, I felt better knowing I > >didn't stand a chance of manually adding IPs to the Imail access control > >lists but still made me very angry. > > > >So is there a way to deal with this? How can we check for valid users before > >we accept the SMTP connection itself when using a gateway or peering > >configuration? Would it be possible to use the DNS blacklist concept but > >have our users on there so it becomes a DNS whitelist? > > > >Bottom line is that ALOT of our spam and virus processing overhead and could > >be stopped at the SMTP connection level. Short of hiring hit men to thin the > >Rokso list what can we do? > > > >Scott, > >Could you at least write a run first test to check a text file for valid > >users and if it doesn't find one fail the message and stop all further > >testing? If we can do this now can you provide and explanation of how? > > > >Comments? Ideas? > > > >Thanks for listening, > >Rick Davidson > >National Systems Manager > >North American Title Company > > > >--- > >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.Virus mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.Virus". The archives can be found > >at http://www.mail-archive.com. > > > > > > > > > > -- > ===================================================== > MailPure custom filters for Declude JunkMail Pro. > http://www.mailpure.com/software/ > ===================================================== > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
