Validating Email addresses
MailScanner at ecs.soton.ac.uk
Wed May 6 11:41:43 IST 2009
On 06/05/2009 10:59, Eli Wapniarski wrote:
> On Tuesday 05 May 2009 23:10:41 Eli Wapniarski wrote:
>> On Tuesday 05 May 2009 20:55:43 Paul Lemmons wrote:
>>> We are getting a great deal of Spam bypassing both Postini and Mail
>>> Scanner due to a discrepancy between how these two products define an
>>> email address and the way Exchange does. The two scanning products
>>> recognize emails with a pipe character "|" at the beginning of the
>>> address as both valid and part of the email address. I believe this is
>>> in line with the email standards. Exchange, othe the other hand simply
>>> ignores the character. So a message sent to me at mydom.com and
>>> |me at mydom.com are seen as two different addresses by the scanning
>>> systems and as a single address by Exchange.
>>> I have tried with minimal success to check for the pipe using sendmail
>>> rules. I have it stopped but it is stopping more than it should. I would
>>> like to stop it with MailScanner. I have tried what appears to be
>>> obvious to me but so far I have not hit upon the magic combination of
>>> options to make this work. Has anyone else encountered this situation
>>> and come up with a solution?
>> Yes, I have. And my solution is to run milter-regex to filter legit and illegit email addresses.
>> If you install the milter, then feel free to use the following macro to filter out legit and illegit email addresses. Of course you will need to substitute email at address.one, etc for real email addresses. Hopefully your distro will have milter-regex available. However if not, then you can find it at:
>> It took me quite some time to get the regular expressions to work the way I wanted because I am by no means an expert with regular expressions. And its been so long since I needed to look up and understand the syntax. However, the following works and it works very well.
>> IllegitimateTo = header /^TO$/i /(\.email at address.one\>|\.email at address.two\>|\.email at address.etc\>|)/e
>> LegitimateTo = header /^TO$/i /(\<email at address.one\>|\<email at address.two\>|\<email at address.etc\>)/e
>> LegitimateFrom = header /^FROM$/i /(email at address.one|email at address.two|email at address.etc)/e
>> LegitimateMail = $LegitimateTo or $LegitimateFrom
>> discard not $LegitimateMail
>> discard $IllegitimateTo
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
> I just read your response to Paul. Am I able to implement what I wrote above in "Reject Messages" ?
Yes, just turn it into a ruleset.
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner