[Mimedefang] New spammer trick?
Kelson Vibber
kelson at speed.net
Tue Nov 25 18:02:03 EST 2003
At 12:44 PM 11/25/2003, David F. Skoll wrote:
>I only check for the specific case of a machine I know I don't own claiming
>to be a roaringpenguin.com machine.
This should work well for businesses or other local installations where you
know where all the clients are. But for an ISP's public mail server, you
may need to make the rule even *more* specific.
We tried something similar, with an added check against a list of local
relays. We found out during testing that some mail clients - notably
Eudora - construct a HELO based on the local hostname and the domain name
of the SMTP server. Since we have customers on shared dynamic IP ranges,
we couldn't make exceptions for all the possible places someone might be
connecting from with Eudora.
What we *have* been doing is checking for the names and IP addresses of our
mail servers, compared against the actual IP address of the sender. Even
with this limited check, we still catch about 1000 messages a day just with
this rule.
Mark suggested exempting hosts that appear in the DRAC database or that use
smtp-auth. Are the relevant sendmail macros available in filter_relay, or
would I have to move this to filter_begin?
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list