OT: implementing RBL in sendmail

Terran Wright wright at CYBERVALE.COM
Thu Jun 23 00:36:53 IST 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

----- Original Message -----
From: "Alex Neuman van der Hans" <alex at nkpanama.com>
To: <MAILSCANNER at jiscmail.ac.uk>
Sent: Wednesday, June 22, 2005 8:21 PM
Subject: Re: OT: implementing RBL in sendmail


> Terran Wright wrote:
>
> >Good day all,
> >
> >Our setup is such that the Mailscanner box is the MX and it relays mails
to
> >the actual email server, outgoing mails are sent directly from the mail
> >server. Based on what I've seen alot of mails bypass the MailScanner box
and
> >the vast majority of them are Spam and contain infected files.
> >
> >I added the following two lines to the sendmail.mc recently and did a
> >make -C /etc/mail
> >
> >FEATURE(`dnsbl',`dnsbl.njabl.org',`"550 Mail from " $&{client_addr} "
> >rejected - see http://njabl.org/"')dnl
> >FEATURE(`dnsbl',`cbl.abuseat.org',`"550 Mail from " $&{client_addr} "
> >rejected - see http://cbl.abuseat.org/"')dnl
> >
> >as recently as today I got a complaint about a mail that got through even
> >though the IP address was listed at cbl.abuseat.org any ideas guys?
> >
> Is the actual email server available on the internet? If it is, people
> might be trying to connect straight to its SMTP port and gathering the
> info from the SMTP greeting message. If your actual server answers "220
> BLABLAH.COM SMTP SERVER VERSION BLAH" then spammers will try to write to
> "whatever at BLABLAH.COM" in order to fish for valid addresses.
>
> You need to put your actual server behind a firewall or have it admit
> connections only from your mailscanner box.

Yes the server is available on the internet.

What impact will only accepting connections from the MailScanner box have on
legitimate mails being delivered to the box. Isn't it the case that
undelivered mails and the like are returned to the box that they come from
and not to the MX of the domain they come from?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list