[Mimedefang] Failed looping spam
Steve Robb
steve_robb at cnt.com
Mon Oct 14 13:24:00 EDT 2002
Thanks. After doing some more investigating I found that I needed to enable
FEATURE(`blacklist_recipients') in my sendmail.mc file to get it to work.
Working great now!
Steve Robb
-----Original Message-----
From: Barry Byrne [mailto:barry.byrne at wbtsystems.com]
Sent: Monday, October 14, 2002 11:32 AM
To: mimedefang at lists.roaringpenguin.com
Subject: RE: [Mimedefang] Failed looping spam
> My understanding is that the access database will verify the 'mail from:'
> portion of the dialog but not the 'rcpt to:' portion. Am I
> missing something
> here? Is there a sendmail feature that needs to be turned on?
Rob:
The access input file can be made to use the rcpt to: addresses
by prefixing the lines with To: as I have done in my script.
For mail from: addresses you would use the From: prefix
e.g.
To:nosuchuser at mydomain.com REJECT
From:baduser at baddomain.com REJECT
From:gooduser at baddomain.com OK
etc.
Cheers,
Barry
--
Barry Byrne, IT Manager,
WBT Systems, Block 2, Harcourt Centre
Harcourt Street, Dublin 2, Ireland
> -----Original Message-----
> From: mimedefang-admin at lists.roaringpenguin.com
> [mailto:mimedefang-admin at lists.roaringpenguin.com]On Behalf Of Steve
> Robb
> Sent: 14 October 2002 17:00
> To: 'mimedefang at lists.roaringpenguin.com'
> Subject: RE: [Mimedefang] Failed looping spam
>
>
> I've got a similar setup (and issue) so I tried the shell script
> that Barry
> suggested. It works well (with a little tweaking) for my environment
> (sendmail 8.12.5) and updates the access db file just fine. The problem is
> that it doesn't seem to reject mail based on the bogus addresses it finds.
> My understanding is that the access database will verify the 'mail from:'
> portion of the dialog but not the 'rcpt to:' portion. Am I
> missing something
> here? Is there a sendmail feature that needs to be turned on?
>
> Steve Robb
>
>
> -----Original Message-----
> From: Barry Byrne [mailto:barry.byrne at wbtsystems.com]
> Sent: Monday, October 14, 2002 8:22 AM
> To: mimedefang at lists.roaringpenguin.com
> Subject: RE: [Mimedefang] Failed looping spam
>
>
> In case it's of use to any of you, I run the following script as a cronjob
> on an hourly basis to do what Les suggests below. Works very well.
>
> Cheers,
>
> Barry
>
> ---------------------------------------------
>
> #!/bin/sh
>
> MAILLOG=/var/log/maillog
> FAILUSERS=/etc/mail/nosuchusers
> AUTOACCESS=/etc/mail/access.auto
> ACCESS=/etc/mail/access
>
> # Add entries to failed used list
>
> grep "stat=User unknown" $MAILLOG \
> | grep "relay=pop.dublin.wbtsystems.com" \
> | tr "[:upper:]" "[:lower:]" \
> | perl -e 'while(<>) { if (/: to=<(.*)>, /) {print("$1\n"); }}' \
> | sort -u \
> >> $FAILUSERS
>
> # sort uniquely ignoring leading white space
>
> sort -b -u -o $FAILUSERS $FAILUSERS
>
> # add entries to 'normal access list'
>
> cat $ACCESS > $AUTOACCESS
>
> while read ADDRESS
> do
> echo "To:$ADDRESS ERROR:550 User Unknown" >> $AUTOACCESS
> done < $FAILUSERS
>
> # rebuild database
>
> /usr/sbin/makemap hash $ACCESS < $AUTOACCESS
>
> -----------------------------------------------
>
> --
> Barry Byrne, IT Manager,
> WBT Systems, Block 2, Harcourt Centre
> Harcourt Street, Dublin 2, Ireland
>
> > -----Original Message-----
> > From: mimedefang-admin at lists.roaringpenguin.com
> > [mailto:mimedefang-admin at lists.roaringpenguin.com]On Behalf Of Les
> > Mikesell
> > Sent: 11 October 2002 18:55
> > To: mimedefang at lists.roaringpenguin.com
> > Subject: RE: [Mimedefang] Failed looping spam
> >
> >
> > > From: Tom Horan
> > >
> > > Yes, getting a list of valid smtp address from Exchange onto
> my sendmail
> > > boxes wouldnt be a problem.
> > >
> > > So if spam=true, and user=notexist then drop, else relay.
> >
> > You can do this with the sendmail 'access' facility as well and
> > reject them immediately. I've used an 'outside/inside' pair
> > of servers long before adding filtering and have had enough
> > turnover in the company to get a lot of undeliverable mail
> > that the outside relay accepts, then tries to return and of
> > course all the spam is from unreachable addresses. I reduced
> > this a lot by periodically grepping the outside relay logs
> > for the 'no such user' error generated by the inside server's
> > rejection and turning these addresses into access rules like
> > user at domain ERROR:550 user unknown
> > and rebuilding the database. You do have to pay attention
> > when someone who has been removed comes back, though.
> >
> > Les Mikesell
> > les at futuresource.com
> >
> > _______________________________________________
> > MIMEDefang mailing list
> > MIMEDefang at lists.roaringpenguin.com
> > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
> >
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list