Re: [mailop] [External] seeking a spamtrap milter
Dnia 24.01.2024 o godz. 11:57:13 Randolf Richardson, Postmaster via mailop pisze: > > But, in reality not really worth the trouble.. domains are easy to > > forge, and innocent companies maybe trying to verify the address, > > because a bad guy used it in a contact form.. > > Not when SPF/DKIM/DMARC are configured properly. Unfortunately, you > are generally correct because many domains that are actively used for > legitimate eMail don't employ SPF/DKIM/DMARC to prevent forgeries. :( As far as I understand, this staement was referring to *receiving* domain, and not the *sending* domain - especially that "contact form" is mentioned. The OP wants to process messages *received* by domains that *should not be mailed to* and use these messages to feed a spamtrap. The "domains are easy to forge" statement referred - in my opinion - to the fact that some malicious actor can put an address in this "not-to-be-mailed" domain for example in a newsletter subscription form on a completely legitimate website. That website will send a confirmation message (which will be properly SPF/DKIM/DMARC autenticated) to a "spamtrap" address, thus ending up blocked. -- Pozdrowienia, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [External] seeking a spamtrap milter
> On 2024-01-23 12:35, Randolf Richardson, Postmaster via mailop wrote:
> >>> Hi folks,
> >>>
> >>> I suspect this exists, but can't come up with the right search.
> >>>
> >>> I have domains that should never receive mail. I'd like a milter that
> >>> looks for mail to those domains and feeds the IP of the sender to an
> >>> outside program.
> >>>
> >>> Surely someone wrote this spamtrap software? Or does everyone just
> >>> parse the log?
> >>
> >> Ever looked at MIMEDefang? You can write your milter code in Perl.
> >
> > MIMEDefang is an excellent suggestion.
> >
> >> Only thing is I think you'll have to let the domains that should never
> >> receive email get email for your MTA so the milter "sees" the email.
> >
> > Setting up MX records will certainly make it easier for the spammers
> > to spew their crap to your systems, but in my experience their
> > spamware seems to fall back to the "A" and "" records in the
> > absence of an MX records (and sometimes in addition to the presence
> > of an MX record when any or all of the defined MXes rejects their
> > attempts with 4yz {temporary} or 5yz {permanent} SMTP error codes).
>
> But, in reality not really worth the trouble.. domains are easy to
> forge, and innocent companies maybe trying to verify the address,
> because a bad guy used it in a contact form..
Not when SPF/DKIM/DMARC are configured properly. Unfortunately, you
are generally correct because many domains that are actively used for
legitimate eMail don't employ SPF/DKIM/DMARC to prevent forgeries. :(
(I'm holding off until February 2024 to re-consider rejecting or
tagging eMail from domains without SPF/DKIM/DMARC configured. At
this point we're still seeing plenty of legitimate eMail coming from
such systems to the point that even system-wide tagging with
SpamAssassin will be problematic for many of our users.)
> Not to mention, how does that stop Gmail or o365 spammers from targeting
> your traps.. we auto blockling gmail now? (oh, yeah it might be time
> soon, but not yet)
I'm seeing significantly more spam emanating from Microsoft's
netblocks than from Google's (although Google's GMail users certainly
don't have clean hands either). At least Google seems to be more
willing to terminate spammer accounts than Microsoft does. YMMV.
--
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] [External] seeking a spamtrap milter
Dňa 23. januára 2024 21:25:14 UTC používateľ Michael Peddemors via mailop napísal: >But, in reality not really worth the trouble.. domains are easy to forge, and >innocent companies maybe trying to verify the address, because a bad guy used >it in a contact form.. >Not to mention, how does that stop Gmail or o365 spammers from targeting your >traps.. we auto blockling gmail now? (oh, yeah it might be time soon, but not >yet) You are right, analyzing, whitelisting, etc for preventing of damage is not task for small company, nor personal/familly servers. But spamtraps are not only about that. I am happy with filling bayes (fuzzy/neural) filter with message contents, calculating DKIM reputation, etc. Any of spamtrap received message is contributing to overall SPAM filtering with fresh content. And that is great, and wanted result, without false positives (yet) and with minimal cost. And it doesn't matter who is sender... regards -- Slavko https://www.slavino.sk/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [External] seeking a spamtrap milter
On 2024-01-23 12:35, Randolf Richardson, Postmaster via mailop wrote:
Hi folks,
I suspect this exists, but can't come up with the right search.
I have domains that should never receive mail. I'd like a milter that
looks for mail to those domains and feeds the IP of the sender to an
outside program.
Surely someone wrote this spamtrap software? Or does everyone just
parse the log?
Ever looked at MIMEDefang? You can write your milter code in Perl.
MIMEDefang is an excellent suggestion.
Only thing is I think you'll have to let the domains that should never
receive email get email for your MTA so the milter "sees" the email.
Setting up MX records will certainly make it easier for the spammers
to spew their crap to your systems, but in my experience their
spamware seems to fall back to the "A" and "" records in the
absence of an MX records (and sometimes in addition to the presence
of an MX record when any or all of the defined MXes rejects their
attempts with 4yz {temporary} or 5yz {permanent} SMTP error codes).
But, in reality not really worth the trouble.. domains are easy to
forge, and innocent companies maybe trying to verify the address,
because a bad guy used it in a contact form..
Not to mention, how does that stop Gmail or o365 spammers from targeting
your traps.. we auto blockling gmail now? (oh, yeah it might be time
soon, but not yet)
--
"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
604-682-0300 Beautiful British Columbia, Canada
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] [External] seeking a spamtrap milter
On 2024-01-23 at 15:35:45 UTC-0500 (Tue, 23 Jan 2024 12:35:45 -0800)
Randolf Richardson, Postmaster via mailop
is rumored to have said:
> spamware seems to fall back to the "A" and "" records in the
> absence of an MX records
Also known as "doing the right thing."
> (and sometimes in addition to the presence
> of an MX record when any or all of the defined MXes rejects their
> attempts with 4yz {temporary} or 5yz {permanent} SMTP error codes).
Very much NOT the right thing.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] [External] seeking a spamtrap milter
On 2024-01-23 at 15:00:01 UTC-0500 (Tue, 23 Jan 2024 15:00:01 -0500) Kevin A. McGrail via mailop is rumored to have said: Hi folks, I suspect this exists, but can't come up with the right search. I have domains that should never receive mail. I'd like a milter that looks for mail to those domains and feeds the IP of the sender to an outside program. Surely someone wrote this spamtrap software? Or does everyone just parse the log? Ever looked at MIMEDefang? You can write your milter code in Perl. Only thing is I think you'll have to let the domains that should never receive email get email for your MTA so the milter "sees" the email. I don't believe that is true, since you can reject based on recipient addresses in the filter_recipient() subroutine, where you have both a current recipient and the client IP each time that it is called. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [External] seeking a spamtrap milter
> > Hi folks,
> >
> > I suspect this exists, but can't come up with the right search.
> >
> > I have domains that should never receive mail. I'd like a milter that
> > looks for mail to those domains and feeds the IP of the sender to an
> > outside program.
> >
> > Surely someone wrote this spamtrap software? Or does everyone just
> > parse the log?
>
> Ever looked at MIMEDefang? You can write your milter code in Perl.
MIMEDefang is an excellent suggestion.
> Only thing is I think you'll have to let the domains that should never
> receive email get email for your MTA so the milter "sees" the email.
Setting up MX records will certainly make it easier for the spammers
to spew their crap to your systems, but in my experience their
spamware seems to fall back to the "A" and "" records in the
absence of an MX records (and sometimes in addition to the presence
of an MX record when any or all of the defined MXes rejects their
attempts with 4yz {temporary} or 5yz {permanent} SMTP error codes).
--
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] [External] seeking a spamtrap milter
Hi folks, I suspect this exists, but can't come up with the right search. I have domains that should never receive mail. I'd like a milter that looks for mail to those domains and feeds the IP of the sender to an outside program. Surely someone wrote this spamtrap software? Or does everyone just parse the log? Ever looked at MIMEDefang? You can write your milter code in Perl. Only thing is I think you'll have to let the domains that should never receive email get email for your MTA so the milter "sees" the email. Regards, KAM ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
