[Mimedefang] Blocking DSK & Cable modem users.

[Dave Shepherd]

Mimedefang - got to love it !!

OK - I read an article today in the Seattle newspaper about AOL tracking 
down spammers only to learn
that the spammer are hijacking users home computer to send mass spam 
unknown to the home users.
And that this is getting to be the new preferred method for spammers 
overseas.

I looked at my reject log from last night and it has a bunch of rejects 
(ID'ed by Razor) coming from hostnames like:

LL-218-32-160-40.LL.sparqnet.net
pD95873F8.dip.t-dialin.net
lns-th2-7-82-64-106-21.adsl.proxad.net
212.199.255.72.forward.012.net.il
modemcable175.162-130-66.que.mc.videotron.ca
cl179-246.dsl.invision.com
cust-19-100.vype.manet.de
svcr-216-37-167-124.ppp.svcr.epix.net
evrtwa1-ar17-4-35-149-159.evrtwa1.dsl-verizon.net

These are all actual hosts (dhcp assigned I imagine) just in from last 
night.

My email system is design in a way that I force all my home users to a 
dedicated host where
AUTH with STARTLS  (that's smtp-ssl) are required.

My inbound messages should only be from ISP mailservers and company 
mailservers.
I wish that DNS had a record type like MX for outbound mailservers that 
I could check against - but it doesn't yet!

So is what I was thinking is that I would block all hostnames that had 
some identifying string that would lend me
think that it's a home computer.
 
A regular expression like

if( ($RelayHostname =~ /\d{1,3})(-)(\d{1,3})(-) ) ||
     ($RelayHostname =~ /cablemodem/) ) {
        return ('REJECT', "Please use your ISP's mailserver to send your 
messages")
    }

Also - I would really like to just have a external mimedefang file that 
is read by mimedefang-filter instead
of having to add expressions like this one to the filter_relay.

I havn't tried this yet - I would like feedback from the Mimedefang 
Wizards first.
Any other thoughts out there?

DS