[Mimedefang] VERY Newbie Question
Yang Xiao
yxiao2004 at gmail.com
Fri Oct 29 09:54:38 EDT 2004
On Fri, 29 Oct 2004 15:33:32 +0200, Paul Pries
<paul at unixguru.kicks-ass.org> wrote:
> Ian Mitchell wrote:
>
> >>Ok, for something like this, a sample function on the FAQ site that
> >>filters HELO line
> >>
> >>How do I integrate this into the filter file ?
> >>
> >>
> >
> >I'm not sure that I would. Sendmail has the capability to limit
> >connections based on where the IP's come from (outside of the HELO which
> >can be spoofed). You can limit based on relaying (access_db) or you can
> >actually limit based on connections (tcp_wrappers). There is actually many
> >different ways that this can be accomplished without the need for using
> >expensive resources by having mimedefang catch it. Think of it this way,
> >if you have your mimedefang process scanning for it, then the child
> >processes for your mimedefang/spamassassin/virus scanner could potentially
> >all be called for a connection your just going to drop anyways (depend on
> >how you put together your filter) when sendmail could easily make a call
> >to tcpd and determine it's not legitimate and kill right away. Not a
> >problem with only a few connections, but what happens if you get hit by a
> >spam bot that is attempting hundreds or thousands or more connections
> >close together from all different ip's?
> >
> >
> That is correct, but I don't think that is what the meaning of the code
> snippet is....
> This piece of code is to reject mail that comes from someone
> impersonating your domain,
> that is an external source saying it is internal.
>
> I use almost the same setup here...
>
> --
>
> Paul Pries
>
Hi,
I found out that the filter_sender() function will be enabled if I
turn the MX_SENDER_CHECK option on. I was just wondering where should
I put it and how to use it.
I got to read the man pages more carefully.
As for the usefullness of the code sample, I think it at least get rid
of half of the problem, and spammers can still forge the MAIL FROM
header if he uses a legit HELO. So the problem is, how do you check
the MAIL FROM header then?
Many Thanks,
Yang
More information about the MIMEDefang
mailing list