Christopher X. Candreva writes: > > On Tue, 26 Oct 2004, Dave Duffner - NWCWEB.com wrote: > > > The Con is we see tons of sludge when a dictionary > > attack comes forth, if we had a method to simply reject that > > with a 550 or other response that'd leave just the important > > sludge so we can continue to write the SA rules and keep up > > the pace. > > OK -- remember in your original question you wanted to 'reject' any mail to > a non-valid account, not "add a bunch of points to". :-) > > Sounds like this would have to be custom, in terms of getting SA a > list of your valid users. > > Also, if you do 'reject', make sure you do so in the original SMTP dialog, > or silently throw it away. Since these will almost all have bogus return > addresses to you do not want to accept then bounce. (Sorry if this is > obvious, I'm going on your original question). > I agree. And to me that makes it clear to use some kind of sendmail/milter approach.
I know of people using Mimedefang who use an LDAP (of course it doesn't have to be LDAP) check before SA is invoked. Seems to me that using some kind of Milter (I'd do it in Mimedefang, but that's because I'm already using it) you could do something like: Does user exist? Process normally Did user ever exist? Bounce. User never existed? Do something like the old spamshield (deny access to the sending system. Choose your method) Heavy lifting left to others. (Won't be hard to dig up code for an LDAP check)
