watermarking and spam mail loops?

[Scott Silva]

Jeff A. Earickson spake the following on 8/30/2007 12:30 PM:
> On Thu, 30 Aug 2007, Scott Silva wrote:
> 
>> Date: Thu, 30 Aug 2007 12:23:02 -0700
>> From: Scott Silva <ssilva at sgvwater.com>
>> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> To: mailscanner at lists.mailscanner.info
>> Subject: Re: watermarking and spam mail loops?
>>
>> Jeff A. Earickson spake the following on 8/30/2007 10:38 AM:
>>> Gang,
>>>
>>> I'm trying to understand watermarking from the list archives
>>> (I took a month off the list), and I don't get it.  It looks
>>> like it might be useful for killing spam-caused mail loops
>>> between my front-end sendmail/MailScanner mail-relay and my
>>> backend local-delivery box.  The scene is:
>>>
>>> 1) spammer with bogus return sends to a nonexistent Colby
>>>    email address.
>>> 2) if MailScanner doesn't kill it as spam, it gets relayed
>>>    onto the backend system, who doesn't know the recipient.
>>> 3)  the backend system is configured to send all non-local
>>>    email to the front-end box, who sees that it is supposed
>>>    to go to nonexistent Colby address, sent to the back-end,
>>>    return to step 2 until 26 hops have been hit.  Then drop
>>>    in postmaster's lap.
>>>
>>> The summary of mail headers is below.  I notice that the 
>>> X-Colby-MailScanner-Watermark is different on every iteration.
>>> Can watermarking be used to kill this mail loop early on?
>> Snip...
>> There is a big minus to using the watermark. If you have users using 
>> Outlook or have an exchange server, the read receipts get marked as spam.
> 
> We don't run Exchange on the backend and we don't support Outlook as an
> email client, so this sounds like a plus to me. :)
> 
>>
>> Shouldn't you have your frontend box do a recipient verify to the 
>> internal box and drop the mail to non-existent users? That way you 
>> drop the connection and don't have to worry about bounces.
>>
> I've installed smf-sav recently, but I really need milter-ahead or
> some (free) alternative.  What I would really like the sendmail
> front-end to do is simply see if the user is in /etc/passwd, if not
> then drop.  My front-end has a complete list of my users there.
> 
> Jeff Earickson
> Colby College
Smf-sav is the free alternative to milter-ahead. You can also do it with 
mimedefang, but it is like hanging a picture with a sledge hammer. That is how 
I have been doing it, but started it before I knew about smf.sav. I will 
probably try it on the replacement servers next month.

I thought sendmail should check the /etc/passwd file, but the system must know 
it isn't the final destination.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!