Newbie Question

[Matt Kettler]

First, 10.*.*.* is a reserved set of IP addresses which are non-routable on
the public internet.

If you really are getting spam directly delivered to your mailserver from a
machine with those IP addresses it is a part of your local network, or a
VPN tunnel to it.

If those IP's appear in headers way back in the message Received trail,
realize that lots of people use 10.* subnets, me included (my workstation
here has the non-routable IP 10.0.4.21, but I could assign it anything I
wanted in the 10.*.*.* range).

I would strongly advise against using any such rule which looks for
10.10.10.* in the message headers as a critera for spam, as those IP
addresses are non-routable and can be used by anyone inside their network
borders. Instead I'd look at the IP's of the machines delivering the mail
to your mailserver... that IP has to be real and routeable.

As for denying inbound messages, that is really best done at the sendmail
level using /etc/mail/access or virtusertable's. But I'm not sure offhand
the best way of doing it for a rcpt to:.


At 05:13 PM 2/21/2003 -0600, Marco Obaid wrote:
>Hello all,
>
>I am just new to the Ruleset concept and just need a little push.
>How do I write a ruleset to mark messages from a subnet 10.10.10.0/24 as spam?
>How do I write a ruleset to deny message coming to a generic account, for
>example rpc at mysite.com?
>
>I am receiving a low-score spam to rpc at mysite.com. Also, for some reason, some
>spam is making it through. The pattern is the originating servers. For
>example,
>they all are 10.10.10.2,10.10.10.223, ... etc. The spam score for those
>messages is ssss, which I am assuming low to be denied.
>
>Thank you for any hints you may offer
>
>I love MailScanner
>Marco
>
>_________________________________________________________________
>This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail
>For the latest MUW Events, visit  http://www.MUW.Edu/calendar