Block null "from" in logs
Matt Hampton
matt at CODERS.CO.UK
Fri Sep 30 15:37:07 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
>Anyone can help me to make a rule to block e-mails that comes with null from
>in header (from=<> in mail.log).
>
>
If you are running sendmail and don't mind running milters you can use
milter-regex
http://www.benzedrine.cx/milter-regex.html
Takes some playing around to get it to compile under Linux but it works
nicely. I have a client that was getting thousands of DSNs to his
domain which were being sent to different users. His domain only has
about 20 valid senders so this was all the result of spams.
We have temporarily block all Null sender messages to his domain only by
using the following:
reject "This domain does not accept DSN messages"
envrcpt /@domain.co.uk/ei and envfrom /^$/
envrcpt /@domain.co.uk/ei and envfrom /^<>$/
envrcpt /@domain.co.uk/ei and envfrom /mailer-daemon@/ei
I will re-iterate what everyone else has said about RFC's. From direct
experience we also have had to change the way in which mailfromd (a
version of milter-sender) verifies addresses as sites that block DSNs
were being blocked from sending to our clients. We use the address
"addressverifier" rather than "<>" now and this reduces the number of
failures.
matt
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list