[Mimedefang] Blocking spam senders using IPTables?
Aleksandar Milivojevic
amilivojevic at pbl.ca
Wed Nov 3 09:59:31 EST 2004
James Ebright wrote:
> I am not sure you understand how an SMTP conversaation takes place... it is
> my understanding that the client cannot "ignore" a 5xx response and continue
> blasting data... since the server will not talk to a client after sending a
> 5xx response and closes the connection. Thus after recieving a 5xx return
> code a client would have to start over, generating another 5xx... etc.
Client can ignore 5xx response from Sendmail. For example, if you have
"1.2.3.4 REJECT" in access file, and client ignores 5xx, conversation
would look something like:
220 foobar.com ESMTP Unauthorized access prohibited
ehlo barfoo.com
250-foobar.com Hello barfoo.com [1.2.3.4], pleased to meet you
250 ENHANCEDSTATUSCODES
MAIL FROM:<spammer at somewhere.net>
550 5.7.1 Access denied
RCPT TO:<victim at foobar.com>
550 5.7.1 Access denied
DATA
550 5.7.1 Access denied
From: spammer at somewhere.net
550 5.7.1 Access denied
To: victim at foobar.com
550 5.7.1 Access denied
Subject: buy something
550 5.7.1 Access denied
and so on, until spammer disconnects... Try it out. Sendmail will
close network socket only when other side disconnects, sends QUIT, or in
case of timeout.
This is because we have only "error" built-in mailer in Sendmail. If we
had "disconnect" built-in mailer, things would probably be a bit different.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the MIMEDefang
mailing list