Print Page | Close Window

**Huge Feature Request** ..what do you think?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=2072
Printed Date: 26 December 2024 at 6:39pm


Topic: **Huge Feature Request** ..what do you think?
Posted By: Guests
Subject: **Huge Feature Request** ..what do you think?
Date Posted: 26 September 2003 at 1:33pm

Huge SpamFilter Request

 

The idea is a result of a discussion that you can find here. ( http://www.logsat.com/spamfilter/forums/showmessage.asp?messageID=1934%20" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.logsat.com/spamfilter/forums/showmessage.asp?messageID=1934" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.logsat.com/spamfilter/forums/showmessage.asp?messageID=1934 ) and

Information I read about here http://www.rfc-ignorant.org/" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.rfc-ignorant.org/" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.rfc-ignorant.org/

 

 

Basically I was wondering if SpamFilter could be changed to include the following.

 

After SpamFilter receives an email request and checks it against keywords and blacklist could it also check for the sending emails mail server to accept a return email.

 

I have (as most of you probably do) a post master account that I have all NDR’s send to. All the emails that I get in this account are definitely spam, there is no question about that. And I get them because they come from a bogus account. On an average day we get between 20 and 30 thousand emails sent to us, spamfilter blocks 50-70% of these everyday. On top of that I get about 200 NDR to my postmaster account that are unreturnable spam emails. They are un-returnable either because there is no such user in my domain or our second content/spamfilter flags it as spam and tries to return it.

 

When spamfilter gets an email from say  mailto:user@spamdomain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - user@spamdomain.com and the email is accepted because it passed all blacklist and content filter tests, could spamfilter then lookup the mx record for spamdomain.com and attempt to telnet to it and see if it will accept an email for mailto:user@spamdomain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - user@spamdomain.com that is coming from and address we specify (ie mailto:postmaster@mydomain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - postmaster@mydomain.com or mailto:spamtest@mydomain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - spamtest@mydomain.com ) where mydomain is what your domain name is.

 

I think that if this would be possible is would clear up a LOT of additional spam emails from elusive spammers.

It would go something like this

 

220 mailserver.spamdomain.com Welcome to the SpamDomains email server bla bla bla
helo mailserver.mydomain.com          (this would be the FQDN of SpamFilter on your network)
250 mailserver.mydomain.com
mail from:postmaster@mydomain.com             (or whatever you want @mydomain.com)
250  Address Okay
rcpt to:< mailto:pdunn@XX" CLASS="ASPForums" TITLE="WARNING: URL created by poster. -             (this is the email address of the user attempting to send to you're domain)
250 mailto:pdunn@XX" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - this would be a successful attempt and then the email would go through.
If the last line was something else, like “no such user” or if the mx record for that domain can’t be found or there is no mx record for that domain then the email would be rejected with a message that we specify similar to the other spamfilter rejection messages.

 

This makes sense in my head but I don’t know if I am relaying it correctly.

Please let me know what you think.

Regardless, I think spamfilter is an Awsome product and has saved me tons of headaches.

 

Thanks,

Peter


Replies:
Posted By: LogSat
Date Posted: 30 September 2003 at 10:20pm

Peter,

We gave some thought about this. We understood all you said, but proceeding as you suggest would create problems. Many emails (especially for ex. bank notifications, mailer errors, automated emails in general) will contain a non-existant mail from address. Attempting to send mail to that address will often result in an error. Performing an MX record check, verify the existance of an SMTP server there, and attempting to send an email to the "from" will often fail for legitimate emails.

However the first two steps, looking for a valid MX record and ensuring there is a mail server there are very good ideas. We're adding these to the wish list and will try to implement them in the near future.

Roberto F.
LogSat Software

Posted By: Guests
Date Posted: 02 October 2003 at 1:55am

dns rbl + querytype=mx would be great,

however the *law*.hotmail do not work then,

 

however extending :

rbl+querytpe=mx+A=PTR=MX would be the gretaest thing around.

i currently host a server who does just that, and it is great,

no spam comes trough at all, and the default response is :

have your sysadmin read some rfc`s 1912 section 2.1 to start with.

Posted By: Guests
Date Posted: 06 October 2003 at 9:26am

Hi Eric,
I'm unclear on why the .hotmail would not work. Could you explain.
And how did you setup a server to do what you described.

Thanks,
Peter

I understand this:
dns rbl + querytype=mx

but not this:
rbl+querytpe=mx+A=PTR=MX



Print Page | Close Window