[Mimedefang] Blocking spam senders using IPTables?

Paul Murphy pmurphy at ionixpharma.com
Thu Nov 4 04:53:44 EST 2004


> Looking at my log files I do NOT see the issue which you describe where a 
> client continues to send data regardless of the commands returned. Of course 
> I am not sure how much, if any, of that would be logged. I suspect only the 
> initial connect and the quit would generate a log antry 

You are correct - Sendmail doesn't log them by default. If you get a null
connection, that gets logged.  If the sender is refused by check_rcpt, that gets
logged.  But invalid commands, including those generated after a sender ignores
a 5xx error and carries on through the DATA phase, aren't logged at all.

In theory, you would set the log level to 12 to get these, but that doesn't
appear to work as described in the documentation, unless of course only valid
commands are logged.  In any case, at this level every milter action is
included, so its pointless.  I could trawl through the source to find out what
level if any will log invalid commands, but it is so deep that the other logged
stuff will swamp the logs very quickly.

Instead, pick a persistent spammer who already gets kicked off by check_rcpt and
dump the raw packets whenever they connect on port 25.

If you still don't believe this happens, see any of the following:


Best Wishes,

Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA

Tel. 01223 433741
Fax. 01223 433788

This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they
are addressed.  If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741

More information about the MIMEDefang mailing list