[Mimedefang] Failed looping spam
Barry Byrne
barry.byrne at wbtsystems.com
Mon Oct 14 09:23:01 EDT 2002
In case it's of use to any of you, I run the following script as a cronjob
on an hourly basis to do what Les suggests below. Works very well.
Cheers,
Barry
---------------------------------------------
#!/bin/sh
MAILLOG=/var/log/maillog
FAILUSERS=/etc/mail/nosuchusers
AUTOACCESS=/etc/mail/access.auto
ACCESS=/etc/mail/access
# Add entries to failed used list
grep "stat=User unknown" $MAILLOG \
| grep "relay=pop.dublin.wbtsystems.com" \
| tr "[:upper:]" "[:lower:]" \
| perl -e 'while(<>) { if (/: to=<(.*)>, /) {print("$1\n"); }}' \
| sort -u \
>> $FAILUSERS
# sort uniquely ignoring leading white space
sort -b -u -o $FAILUSERS $FAILUSERS
# add entries to 'normal access list'
cat $ACCESS > $AUTOACCESS
while read ADDRESS
do
echo "To:$ADDRESS ERROR:550 User Unknown" >> $AUTOACCESS
done < $FAILUSERS
# rebuild database
/usr/sbin/makemap hash $ACCESS < $AUTOACCESS
-----------------------------------------------
--
Barry Byrne, IT Manager,
WBT Systems, Block 2, Harcourt Centre
Harcourt Street, Dublin 2, Ireland
> -----Original Message-----
> From: mimedefang-admin at lists.roaringpenguin.com
> [mailto:mimedefang-admin at lists.roaringpenguin.com]On Behalf Of Les
> Mikesell
> Sent: 11 October 2002 18:55
> To: mimedefang at lists.roaringpenguin.com
> Subject: RE: [Mimedefang] Failed looping spam
>
>
> > From: Tom Horan
> >
> > Yes, getting a list of valid smtp address from Exchange onto my sendmail
> > boxes wouldnt be a problem.
> >
> > So if spam=true, and user=notexist then drop, else relay.
>
> You can do this with the sendmail 'access' facility as well and
> reject them immediately. I've used an 'outside/inside' pair
> of servers long before adding filtering and have had enough
> turnover in the company to get a lot of undeliverable mail
> that the outside relay accepts, then tries to return and of
> course all the spam is from unreachable addresses. I reduced
> this a lot by periodically grepping the outside relay logs
> for the 'no such user' error generated by the inside server's
> rejection and turning these addresses into access rules like
> user at domain ERROR:550 user unknown
> and rebuilding the database. You do have to pay attention
> when someone who has been removed comes back, though.
>
> Les Mikesell
> les at futuresource.com
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
More information about the MIMEDefang
mailing list