blocking mail for unknown users for certain domains only

Lars Kristiansen lars+lister.mailscanner at ADVENTURAS.NO
Sat Mar 12 16:37:41 GMT 2005


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

--On Saturday, March 12, 2005 10:00:56 AM +0000 skk <s.kelly at AYRCOLL.AC.UK> 
wrote:

> Hi Jeremy,
>
> Martin, Jeremy wrote:
>> Hi fellow MailScannians,
>>
>> My goal:
>>
>> To reject mail at the MTA level (sendmail) if it is being sent to an
>> unknown recipient (belonging to certain domains only), based on a list
>> of known â^À^Øgoodâ^À^Ù email addresses for those certain domains. Sort of
>> like using sendmailâ^À^Ùs blacklist_recipients to blacklist entire
>> domains, yet having some sort of whitelist_recipients so we can let mail
>> for known users override the blacklist.
>
>         Try the following:
>         in the /etc/mail dir of your mailscanner gateway make/edit a file
> called relay-domains. Add to it all domains you wish to relay for, in
> the format:
> staff.gsi-kc.com
> sales.gsi-kc.com
> other.staff.gsi-kc.com
>
> etc, etc
>
>         Make up a text file called access.txt that contains the following
> type
> of entries:
> staff.gsi-kc.com                          ERROR: "5.1.1 Unknown User"
> sales.gsi-kc.com                          ERROR: "5.1.1 Unknown User"
> other.staff.gsi-kc.com                    ERROR: "5.1.1 Unknown User"
>
># internal email exchangers i.e your exchange boxen
>
> CONNECT:exchangebox1.gsi-kc.com                         RELAY
> CONNECT:exchangebox2.gsi-kc.com                         RELAY
>
># email-addresses you want to recieve mail
>
> gaffer at staff.gsi-kc.com                 OK
> gaffer at sales.gsi-kc.com                 OK
> drone at other.staff.gsi-kc.com            OK
>
> etc, etc,
>
> then do something like makemap hash access < access.txt
>
> This system blocks mail for all unknown users, dictionary spammers etc
> for each domain that I have - currently three, with around 16000 mail
> accounts total.I do not think it will scale to hundreds of thousands of
> accounts, but it works well enough here, and is not that difficult to
> keep up to date. (See other posts on the list for automatc ADS
> pull-throughs)
>
> If my explanation of all this is not making sense, then check out the
> following:  http://www.sendmail.org/m4/anti_spam.html#access_db
>
> or if there are any others on the list who can point out what is wrong
> with this method I would be grateful .....

To my knowledge nothing wrong her, but just a comment if setting this up 
from scratch anyway.
As far as I have read, virtusertable is read early and is the first 
opportunity to stop false adresses with sendmail.
Then the least amount of resources is used at this connection.

And yes, how it works at the moment to do this kind of setup. Some quick 
editing and 60-80% of the traffic was gone here.


A digression maybe: I guess it would be an effective thing to do to sort 
out the ip-adresses of repeatedly rejected relays and block them at the 
firewall.
Maybe even play them a tarpit to keep them occupied. Just for the good of 
the the community of course. :-)))


--
Hilsen Lars


>
> Hope this helps,
>
>
> Shane Kelly
> Network Manager
> Ayr College
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list