[Mimedefang] Failed looping spam
Steve Robb
steve_robb at cnt.com
Mon Oct 14 12:02:36 EDT 2002
I've got a similar setup (and issue) so I tried the shell script that Barry
suggested. It works well (with a little tweaking) for my environment
(sendmail 8.12.5) and updates the access db file just fine. The problem is
that it doesn't seem to reject mail based on the bogus addresses it finds.
My understanding is that the access database will verify the 'mail from:'
portion of the dialog but not the 'rcpt to:' portion. Am I missing something
here? Is there a sendmail feature that needs to be turned on?
Steve Robb
-----Original Message-----
From: Barry Byrne [mailto:barry.byrne at wbtsystems.com]
Sent: Monday, October 14, 2002 8:22 AM
To: mimedefang at lists.roaringpenguin.com
Subject: RE: [Mimedefang] Failed looping spam
In case it's of use to any of you, I run the following script as a cronjob
on an hourly basis to do what Les suggests below. Works very well.
Cheers,
Barry
---------------------------------------------
#!/bin/sh
MAILLOG=/var/log/maillog
FAILUSERS=/etc/mail/nosuchusers
AUTOACCESS=/etc/mail/access.auto
ACCESS=/etc/mail/access
# Add entries to failed used list
grep "stat=User unknown" $MAILLOG \
| grep "relay=pop.dublin.wbtsystems.com" \
| tr "[:upper:]" "[:lower:]" \
| perl -e 'while(<>) { if (/: to=<(.*)>, /) {print("$1\n"); }}' \
| sort -u \
>> $FAILUSERS
# sort uniquely ignoring leading white space
sort -b -u -o $FAILUSERS $FAILUSERS
# add entries to 'normal access list'
cat $ACCESS > $AUTOACCESS
while read ADDRESS
do
echo "To:$ADDRESS ERROR:550 User Unknown" >> $AUTOACCESS
done < $FAILUSERS
# rebuild database
/usr/sbin/makemap hash $ACCESS < $AUTOACCESS
-----------------------------------------------
--
Barry Byrne, IT Manager,
WBT Systems, Block 2, Harcourt Centre
Harcourt Street, Dublin 2, Ireland
> -----Original Message-----
> From: mimedefang-admin at lists.roaringpenguin.com
> [mailto:mimedefang-admin at lists.roaringpenguin.com]On Behalf Of Les
> Mikesell
> Sent: 11 October 2002 18:55
> To: mimedefang at lists.roaringpenguin.com
> Subject: RE: [Mimedefang] Failed looping spam
>
>
> > From: Tom Horan
> >
> > Yes, getting a list of valid smtp address from Exchange onto my sendmail
> > boxes wouldnt be a problem.
> >
> > So if spam=true, and user=notexist then drop, else relay.
>
> You can do this with the sendmail 'access' facility as well and
> reject them immediately. I've used an 'outside/inside' pair
> of servers long before adding filtering and have had enough
> turnover in the company to get a lot of undeliverable mail
> that the outside relay accepts, then tries to return and of
> course all the spam is from unreachable addresses. I reduced
> this a lot by periodically grepping the outside relay logs
> for the 'no such user' error generated by the inside server's
> rejection and turning these addresses into access rules like
> user at domain ERROR:550 user unknown
> and rebuilding the database. You do have to pay attention
> when someone who has been removed comes back, though.
>
> Les Mikesell
> les at futuresource.com
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list