[Mimedefang] Blocking DSK & Cable modem users.
Dave Shepherd
Dave.Shepherd at Vixel.com
Tue May 20 16:56:01 EDT 2003
Mimedefang - got to love it !!
OK - I read an article today in the Seattle newspaper about AOL tracking
down spammers only to learn
that the spammer are hijacking users home computer to send mass spam
unknown to the home users.
And that this is getting to be the new preferred method for spammers
overseas.
I looked at my reject log from last night and it has a bunch of rejects
(ID'ed by Razor) coming from hostnames like:
LL-218-32-160-40.LL.sparqnet.net
pD95873F8.dip.t-dialin.net
lns-th2-7-82-64-106-21.adsl.proxad.net
212.199.255.72.forward.012.net.il
modemcable175.162-130-66.que.mc.videotron.ca
cl179-246.dsl.invision.com
cust-19-100.vype.manet.de
svcr-216-37-167-124.ppp.svcr.epix.net
evrtwa1-ar17-4-35-149-159.evrtwa1.dsl-verizon.net
These are all actual hosts (dhcp assigned I imagine) just in from last
night.
My email system is design in a way that I force all my home users to a
dedicated host where
AUTH with STARTLS (that's smtp-ssl) are required.
My inbound messages should only be from ISP mailservers and company
mailservers.
I wish that DNS had a record type like MX for outbound mailservers that
I could check against - but it doesn't yet!
So is what I was thinking is that I would block all hostnames that had
some identifying string that would lend me
think that it's a home computer.
A regular expression like
if( ($RelayHostname =~ /\d{1,3})(-)(\d{1,3})(-) ) ||
($RelayHostname =~ /cablemodem/) ) {
return ('REJECT', "Please use your ISP's mailserver to send your
messages")
}
Also - I would really like to just have a external mimedefang file that
is read by mimedefang-filter instead
of having to add expressions like this one to the filter_relay.
I havn't tried this yet - I would like feedback from the Mimedefang
Wizards first.
Any other thoughts out there?
DS
More information about the MIMEDefang
mailing list