Regex question

Tue Jun 28 16:14:37 IST 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Jun 28, 2005, at 7:38 AM, Rick Cooper wrote:
<--snipped for cleanliness sake-->
>> messages is not a problem. I have been feeding all of these to the
>> Baysian database to bring their scores up to an acceptable level, and 
>> I
>> will certainly add a rule as well for SpamAssassin. I would prefer to
>> stop these at the MTA level entirely and save to CPU power this would
>> otherwise generate, but this is a start.
>>
>> Thank you everyone for your help and input.
>>
>
> MTA is where all of my RBL checking takes place. You don't say what 
> the MTA
> is but I would think about any can accommodate RBL checks these days. I
> personally believe in doing as many checks at SMTP time is best. Basic
> checks I do are:
>
>
> Helo checks : helo with my hostname, ip literal or a host name from my
> domain - drop and firewall
> 		  helo with bare IP - drop
> 		  helo without a FQDN - drop
>
> Rcpt to checks: Invalid user drop (of course)
>                 non-authenticated local user outside the network - drop
>                 fails sender callout verification - drop
> 		    in one of several RBLs (although I don't check DUL) - drop
>
> Data checks:   basic bad mime type (.com|.exe|.pif|.bat) - drop
>                Virus - drop and firewall (exim/exiscan BD, ClamAV, 
> f-prot)
>                Spam score above 15 - drop
>                SPF fails - drop
>
> There are, of course, more dealing with relaying and so forth but for 
> the
> most part I have relatively few things that we definatly do not want, 
> pass
> through to MS to deal with, and I haven't generated a bounce in so 
> long I
> couldn't tell you the last time. Drop the stuff you *know* shouldn't 
> arrive
> and let MS handle filename, type, archives, bad content, the marginal 
> spam,
> etc.

I am using Sendmail 8.13.1-2 (RHEL RPM) for my MTA. I like what you are 
saying here. I don't know how difficult these will be to implement. I 
have enabled Sendmail's option to not accept mail from non-FQDN 
sources, And I have blacklisted a couple of countries that have sent us 
spam in the past that I know we would never receive legitimate email 
from, but that is all.

- ---
Craig Daters (craig at westpress.com)
Systems Administrator

West Press
1663 West Grant Road
Tucson, Arizona 85745

(520) 624-4939 x208
(520) 624-2715 fax
www.westpress.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQsFpYRBVT8XLuTbnEQIGtwCcCySgjKI+w4DsgN4IiqRyfv+iQxgAnR0c
8YWCppGYryT9wNMgIkCeINbI
=6jyy
-----END PGP SIGNATURE-----

--
Please note: It is the policy of West Press that all e-mail
sent to and from any @westpress.com address may be recorded
and monitored. Unless it is West Press related business,
please do not send any material of a private, personal,
or confidential nature to this or any @westpress.com
e-mail address.

This message has been scanned for UCE (spam), viruses,
and dangerous content, and is believed to be clean 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!