Validating Email addresses
Paul Lemmons
paul.lemmons at tmcaz.com
Mon May 11 22:12:00 IST 2009
-------- Original Message --------
Subject: Validating Email addresses
From: Julian Field <MailScanner at ecs.soton.ac.uk>
To: MailScanner discussion <mailscanner at lists.mailscanner.info>
Date: 05/11/2009 01:14 PM
> On 11/05/2009 21:03, Paul Lemmons wrote:
>
>> -------- Original Message --------
>> Subject: Validating Email addresses
>> From: Julian Field <MailScanner at ecs.soton.ac.uk>
>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> Date: 05/06/2009 01:57 AM
>>
>>> On 05/05/2009 18:55, Paul Lemmons wrote:
>>>
>>>> We are getting a great deal of Spam bypassing both Postini and Mail
>>>> Scanner due to a discrepancy between how these two products define
>>>> an email address and the way Exchange does. The two scanning
>>>> products recognize emails with a pipe character "|" at the beginning
>>>> of the address as both valid and part of the email address. I
>>>> believe this is in line with the email standards. Exchange, othe the
>>>> other hand simply ignores the character. So a message sent to
>>>> me at mydom.com and |me at mydom.com are seen as two different addresses
>>>> by the scanning systems and as a single address by Exchange.
>>>>
>>> Set "Reject Messages" to point to a ruleset, and have a ruleset that
>>> looks roughly like this:
>>> FromOrTo: /^\|/ yes
>>> FromOrTo: default no
>>> and MailScanner will reject messages coming from or going to an
>>> address starting with a pipe character.
>>> Simple as that.
>>> Remember to "service MailScanner reload" after changing the ruleset
>>> and MailScanner.conf file.
>>>
>>>
>>> Jules
>>>
>>>
>> I have tried this and now I am getting a new message in my log....
>>
>> MailScanner[5583]: Cannot match against destination IP address when
>> resolving configuration option "rejectmessage"
>>
>>
>> # cat reject-messages.conf
>> FromOrTo: /^\|/ yes
>> FromOrTo: default no
>>
>> Any thoughts?
>>
> As your regexp doesn't contain any alphabetic characters, its heuristic
> code for deducing the pattern type is going wrong. If you change it to
> something like "/^\|[a-z0-9]/" then it is more likely to work.
>
> Jules
>
>
The good news is that I have eliminated the error message. The bad news
is that it does not filter the "pipe mail".
# cat reject-messages.conf
FromOrTo: /^\|[a-z0-9]/ yes
FromOrTo: default no
Here is what I see in the syslog:
May 11 13:52:54 remus sendmail[812]: NOQUEUE: connect from
exprod6mx247.postini.com [64.18.1.147]
May 11 13:52:54 remus sendmail[812]: AUTH: available mech=PLAIN
ANONYMOUS LOGIN, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5
CRAM-MD5
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: Milter: no active
filter
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 220
remus.tmcaz.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 11 May 2009 13:52:54
-0700
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- HELO psmtp.com
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250
remus.myisp.com Hello exprod6mx247.postini.com [64.18.1.147], pleased to
meet you
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- MAIL
FROM:<test.user at gmail.com>
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.1.0
<test.user at gmail.com>... Sender ok
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- RCPT TO:<
test.user at myisp.com>
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.1.5 <
test.user at myisp.com>... Recipient ok
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- DATA
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 354 Enter mail,
end with "." on a line by itself
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812:
from=<test.user at gmail.com>, size=1774, class=0, nrcpts=1,
msgid=<5caea7060905111352r2fedeb42m84c767f19
e191f68 at mail.gmail.com>, proto=SMTP, daemon=MTA,
relay=exprod6mx247.postini.com [64.18.1.147]
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 050 <
test.user at myisp.com>... queued
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: to=<
test.user at myisp.com>, delay=00:00:00, mailer=relay, pri=31774, stat=queued
May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.0.0
n4BKqsbn000812 Message accepted for delivery
May 11 13:52:54 remus sendmail[812]: n4BKqsbo000812: <-- QUIT
May 11 13:52:54 remus sendmail[812]: n4BKqsbo000812: --- 221 2.0.0
remus.myisp.com closing connection
I don't know if this is important but I find it interesting that the
pipe (|) appears to have been replaced with a space above. The message
was sent to |test.user at myisp.com (email address and domain altered for
public discussion)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3316 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/4c43325f/smime.bin
More information about the MailScanner
mailing list