Validating Email addresses

Paul Lemmons paul.lemmons at tmcaz.com
Mon May 11 22:12:00 IST 2009 


-------- Original Message  --------
Subject: Validating Email addresses
From: Julian Field <MailScanner at ecs.soton.ac.uk>
To: MailScanner discussion <mailscanner at lists.mailscanner.info>
Date: 05/11/2009 01:14 PM
> On 11/05/2009 21:03, Paul Lemmons wrote:
>   
>> -------- Original Message  --------
>> Subject: Validating Email addresses
>> From: Julian Field <MailScanner at ecs.soton.ac.uk>
>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> Date: 05/06/2009 01:57 AM
>>     
>>> On 05/05/2009 18:55, Paul Lemmons wrote:
>>>       
>>>> We are getting a great deal of Spam bypassing both Postini and Mail 
>>>> Scanner due to a discrepancy between how these two products define 
>>>> an email address and the way Exchange does. The two scanning 
>>>> products recognize emails with a pipe character "|" at the beginning 
>>>> of the address as both valid and part of the email address. I 
>>>> believe this is in line with the email standards. Exchange, othe the 
>>>> other hand simply ignores the character. So a message sent to 
>>>> me at mydom.com and |me at mydom.com are seen as two different addresses 
>>>> by the scanning systems and as a single address by Exchange.
>>>>         
>>> Set "Reject Messages" to point to a ruleset, and have a ruleset that 
>>> looks roughly like this:
>>> FromOrTo: /^\|/ yes
>>> FromOrTo: default no
>>> and MailScanner will reject messages coming from or going to an 
>>> address starting with a pipe character.
>>> Simple as that.
>>> Remember to "service MailScanner reload" after changing the ruleset 
>>> and MailScanner.conf file.
>>>
>>>
>>> Jules
>>>
>>>       
>> I have tried this and now I am getting a new message in my log....
>>
>> MailScanner[5583]: Cannot match against destination IP address when 
>> resolving configuration option "rejectmessage"
>>
>>
>> # cat reject-messages.conf
>> FromOrTo: /^\|/ yes
>> FromOrTo: default no
>>
>> Any thoughts?
>>     
> As your regexp doesn't contain any alphabetic characters, its heuristic 
> code for deducing the pattern type is going wrong. If you change it to 
> something like "/^\|[a-z0-9]/" then it is more likely to work.
>
> Jules
>
>   
The good news is  that I have eliminated the error message. The bad news 
is that it does not filter the "pipe mail".

# cat reject-messages.conf
FromOrTo: /^\|[a-z0-9]/ yes
FromOrTo: default no

Here is what I see in the syslog:

May 11 13:52:54 remus sendmail[812]: NOQUEUE: connect from 
exprod6mx247.postini.com [64.18.1.147]
May 11 13:52:54 remus sendmail[812]: AUTH: available mech=PLAIN 
ANONYMOUS LOGIN, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 
CRAM-MD5
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: Milter: no active 
filter
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 220 
remus.tmcaz.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 11 May 2009 13:52:54 
-0700
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- HELO psmtp.com
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 
remus.myisp.com Hello exprod6mx247.postini.com [64.18.1.147], pleased to 
meet you
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- MAIL 
FROM:<test.user at gmail.com>
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.1.0 
<test.user at gmail.com>... Sender ok
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- RCPT TO:< 
test.user at myisp.com>
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.1.5 < 
test.user at myisp.com>... Recipient ok
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- DATA
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 354 Enter mail, 
end with "." on a line by itself
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: 
from=<test.user at gmail.com>, size=1774, class=0, nrcpts=1, 
msgid=<5caea7060905111352r2fedeb42m84c767f19
e191f68 at mail.gmail.com>, proto=SMTP, daemon=MTA, 
relay=exprod6mx247.postini.com [64.18.1.147]
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 050 < 
test.user at myisp.com>... queued
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: to=< 
test.user at myisp.com>, delay=00:00:00, mailer=relay, pri=31774, stat=queued
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.0.0 
n4BKqsbn000812 Message accepted for delivery
May 11 13:52:54 remus sendmail[812]: n4BKqsbo000812: <-- QUIT
May 11 13:52:54 remus sendmail[812]: n4BKqsbo000812: --- 221 2.0.0 
remus.myisp.com closing connection

I don't know if this is important but I find it interesting that the 
pipe (|) appears to have been replaced with a space above. The message 
was sent to |test.user at myisp.com (email address and domain altered for 
public discussion)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3316 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/4c43325f/smime.bin

More information about the MailScanner mailing list