Print Page | Close Window

Generating an AuthorizedTo List

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5529
Printed Date: 05 February 2025 at 10:58am


Topic: Generating an AuthorizedTo List
Posted By: sgeorge
Subject: Generating an AuthorizedTo List
Date Posted: 01 March 2006 at 12:24am
Hello, I would much appeciate some assistance/advice on how to generate an up-to-to date AuthorizedTo list for my domain - which uses Active Directory.  Ideally, I'd like the capacity to:
  • Get a list of primary and alias email addresses in Active Directory, as well as email addresses associated with Global Distribution Lists
  • Write the result to SpamFilter's AuthorizedTo whitelist file
  • Have this query or script run automatically, and frequently
Thanks for any advice you can provide!

Cheers,
Stephen


Replies:
Posted By: caratking
Date Posted: 13 March 2006 at 10:58pm

I can probably provide you with some code for this.

We had the same problem.  I put together some code that will run as a windows script file, connect to active directory and extract all email addresses.

It dumps that information to a text file, and then connects to each of our mail servers (we have a cluster) and updates the list of email users.

This way the majority of bogus email addresses that spammers try and use never hit our exchange server - saving TONS of processing power.  Without this, we could not handle the volumes of spam we get every day.

Drop me an email if you would like me to send you the code, unfortunatly it was not done for redistribution purposes so there is no documentation... but if you can program in VB you can probably figure it out.

Posted By: sgeorge
Date Posted: 14 March 2006 at 8:47am
That would be fantastic, thanks very much.  I can definitely see that taking advantage of the AuthorizedTo list would save our servers a lot of cycles.  I've sent you a pm with my email address.  Thanks again,

Stephen

Posted By: kspare
Date Posted: 15 March 2006 at 12:59pm

can you fire me a copy to kevin_pare_ca

Thanks!

Posted By: caratking
Date Posted: 22 March 2006 at 11:18pm
Originally posted by kspare kspare wrote:

can you fire me a copy to kevin_pare_ca

Thanks!

Send me a PM with your email address and I will send you a copy of the script.

Posted By: sgeorge
Date Posted: 23 March 2006 at 9:14am
...Just wanted to mention that caratking sent me his script and it's working out great for me!

Thanks!
Stephen

Posted By: Alan
Date Posted: 26 July 2006 at 2:09pm
Caratking, for those who are not using AD, will your script still work?  If not, what changes need to be made to make it work?

Posted By: caratking
Date Posted: 26 July 2006 at 10:40pm
The script is designed to pull the addresses out of Active Directory, if you are not using active directory I don't think it would work.

What type of email server are you running?

Posted By: Alan
Date Posted: 27 July 2006 at 12:30pm
Using Exchange 5.5 on NT4 SP6.
I actually found code specifically to work with Exch 5.5 but am still getting an error "ADODB.Connection: Provider cannot be found"
Checked for current MDAC (on 2.8) but still having same problem.

Posted By: caratking
Date Posted: 29 July 2006 at 10:07pm
Hi Alan,

If you can send me the link to that, I would like to take a look at that script
as well. I don't have a use for it right now, but I would like to see it work.

Posted By: Alan
Date Posted: 31 July 2006 at 2:01pm
It's not a public link but I can send you the code via private msg if you like...

FYI, I did finally get it working.  Yeah!

Posted By: jerbo128
Date Posted: 31 July 2006 at 10:32pm

Alan,

Would you mind sharing that code with me in a PM?

Thanks

jerbo128

Posted By: Marco
Date Posted: 01 August 2006 at 8:32am

hey Alan, i have the same setup as you, i also might have a use for this code, can you please send it over pm?

thanks

Marco



-------------
Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams

Posted By: Guests
Date Posted: 02 August 2006 at 6:53am

FYI

we stopped using the AuthorizedTo because if someone sends a legit email to multiple users but misspells one of the email addresses nobody receives the email

Posted By: sgeorge
Date Posted: 02 August 2006 at 11:09am
AJ, that is true... but luckily, when a misspell occurs in an email sent to multiple recipients to your domain(s), the sender receives the following type of message, by default:

Delivery to the following recipient failed permanently:



    robbberto@mydomain.com



Technical details of permanent failure:

PERM_FAILURE: SMTP Error (state 12): 557 You are not allowed to send mail to robbberto@mydomain.com


It's my experience that people are able to identify that they've misspelled by this error.  However - your point brings a thought to mind - the sender doesn't know that other recipients at the domain didn't receive the message either.  I think I'm going to change customize my error message (for "Response if relaying is restricted") to:

557 You are not allowed to send mail to %EMailTo%.  Please check
to see that you spelled the email address %EmailTo% correctly.  If your
message was sent to additional receipients at %EmailTo%'s domain, you
will need to re-send your message to them.


Stephen

Posted By: -AJ-
Date Posted: 09 August 2006 at 11:18am
Originally posted by sgeorge sgeorge wrote:

Hello, I would much appeciate some assistance/advice on how to generate an up-to-to date AuthorizedTo list for my domain - which uses Active Directory.  Ideally, I'd like the capacity to:
  • Get a list of primary and alias email addresses in Active Directory, as well as email addresses associated with Global Distribution Lists
  • Write the result to SpamFilter's AuthorizedTo whitelist file
  • Have this query or script run automatically, and frequently

Thanks for any advice you can provide!

Cheers,
Stephen

try this program to extract the email addresses... it's easy and free

http://www.winzero.ca/DOE.htm - http://www.winzero.ca/DOE.htm


Posted By: -AJ-
Date Posted: 09 August 2006 at 11:20am

Originally posted by sgeorge sgeorge wrote:

AJ, that is true... but luckily, when a misspell occurs in an email sent to multiple recipients to your domain(s), the sender receives the following type of message, by default:

Delivery to the following recipient failed permanently:

    robbberto@mydomain.com

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 12): 557 You are not allowed to send mail to robbberto@mydomain.com


It's my experience that people are able to identify that they've misspelled by this error.  However - your point brings a thought to mind - the sender doesn't know that other recipients at the domain didn't receive the message either.  I think I'm going to change customize my error message (for "Response if relaying is restricted") to:

557 You are not allowed to send mail to %EMailTo%.  Please check to see that you spelled the email address %EmailTo% correctly.  If your message was sent to additional receipients at %EmailTo%'s domain, you will need to re-send your message to them.


Stephen

I'll try changing the error message and see how it goes

 


Print Page | Close Window