[Mimedefang] VERY Newbie Question

Paul Pries paul at unixguru.kicks-ass.org
Fri Oct 29 09:33:32 EDT 2004


Ian Mitchell wrote:

>>Ok, for something like this, a sample function on the FAQ site that
>>filters HELO line
>>
>>How do I integrate this into the filter file ?
>>    
>>
>
>I'm not sure that I would. Sendmail has the capability to limit
>connections based on where the IP's come from (outside of the HELO which
>can be spoofed). You can limit based on relaying (access_db) or you can
>actually limit based on connections (tcp_wrappers). There is actually many
>different ways that this can be accomplished without the need for using
>expensive resources by having mimedefang catch it. Think of it this way,
>if you have your mimedefang process scanning for it, then the child
>processes for your mimedefang/spamassassin/virus scanner could potentially
>all be called for a connection your just going to drop anyways (depend on
>how you put together your filter) when sendmail could easily make a call
>to tcpd and determine it's not legitimate and kill right away. Not a
>problem with only a few connections, but what happens if you get hit by a
>spam bot that is attempting hundreds or thousands or more connections
>close together from all different ip's?
>  
>
That is correct, but I don't think that is what the meaning of the code 
snippet is....
This piece of code is to reject mail that comes from someone 
impersonating your domain,
that is an external source saying it is internal.

I use almost the same setup here...

-- 

Paul Pries







More information about the MIMEDefang mailing list