Quick Sendmail access question
Peter Russell
pete at ENITECH.COM.AU
Thu Feb 24 21:18:01 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
We do build everything into maps too, but have simpler method that
yours. We use perl. Cron the perl script. I have been thinking about
Julian's idea below, but i am going to continue to do it our way mainly
so i dont ahve to rely on Exchange to recieve mail. As i look after
external mail and the Exchange guys look after exchange.
With yours you will need to retrieve the file (after you have relied on
your windows machine to create it)
Its in the maq if you wanna have a look. I have modified it further to
ensure that it if it get no info back from ldap query for whatever
reason it wont over write your existing map with a blank one and it now
emails all error messages.
Pete
Vlad Mazek wrote:
> I guess I'll drop my 2 cents in here since protecting Exchange users (or
> protecting users from Exchange) is my business.
>
> First of all, Exchange is designed by default to send non delivery
> reports back to the sender; This is something you should disable
> outright because it is used to bounce spam messages off addresses
> spammers know don't exist. You get a rather legitimate looking error and
> then the rest of your spam message inlined. Brilliant! To disable this
> behavior, open your Exchange System Manager, expand Global Settings,
> Internet Message Format, right click on the Default and select
> properties. Under the advanced tab, uncheck "Allow non-delivery reports".
>
> As far as milter-ahead, etc. Its a humangous waste of bandwidth, even in
> the largest of the enterprises. Get a listing of valid recipients from
> an Exchange admin and program it into your access file; Here is how we
> do it:
>
> ldifde -f C:\listing.ldf -s HOSTNAME -d "dc=DOMAIN,dc=TLD" -p subtree -r
> "(objectClass=user)" -l "cn,proxyaddresses"
>
> Substitute the hostname, domain, and tld for whatever the name of the
> actual Exchange box is. You'll get a listing of valid email addresses.
> Parse the file for valid SMTP users and program them into the file like
> this:
>
> To:vlad at mazek.com RELAY
> To:spam at mazek.com RELAY
> Tomazek.com 550 REJECT Give some random error here.
>
> If you would like a more evil way of dealing with Exchange and NDR
> flooding check out this.
>
>
> There is no reason why you can't use your mail system for more evil
> check this out http://www.exchangedefender.com/adaptiverbl.asp - Now
> you may argue that its wrong to be evil with a mail system... but if
> you're running Exchange already you don't have much of an argument.
>
> -Vlad
> ExchangeDefender.com
>
>
>
>> In our experience, it saves you in dictionary attacks. I believe it
>> watches for things like Exchange dying.
>> You can build a list of valid recipients, but it is much more work than
>> installing milter-ahead.
>>
>> But only Exchange 2k3 will reject addresses that don't exist, and even
>> then it isn't enabled by default (heaven only knows why not!)
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list