OT: implementing RBL in sendmail
Alex Neuman van der Hans
alex at nkpanama.com
Thu Jun 23 01:21:24 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Terran Wright wrote:
>Good day all,
>
>Our setup is such that the Mailscanner box is the MX and it relays mails to
>the actual email server, outgoing mails are sent directly from the mail
>server. Based on what I've seen alot of mails bypass the MailScanner box and
>the vast majority of them are Spam and contain infected files.
>
>I added the following two lines to the sendmail.mc recently and did a
>make -C /etc/mail
>
>FEATURE(`dnsbl',`dnsbl.njabl.org',`"550 Mail from " $&{client_addr} "
>rejected - see http://njabl.org/"')dnl
>FEATURE(`dnsbl',`cbl.abuseat.org',`"550 Mail from " $&{client_addr} "
>rejected - see http://cbl.abuseat.org/"')dnl
>
>as recently as today I got a complaint about a mail that got through even
>though the IP address was listed at cbl.abuseat.org any ideas guys?
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
Is the actual email server available on the internet? If it is, people
might be trying to connect straight to its SMTP port and gathering the
info from the SMTP greeting message. If your actual server answers "220
BLABLAH.COM SMTP SERVER VERSION BLAH" then spammers will try to write to
"whatever at BLABLAH.COM" in order to fish for valid addresses.
You need to put your actual server behind a firewall or have it admit
connections only from your mailscanner box.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list