OT: RNDS or whatever it was yesterday

Alex Neuman van der Hans alex at nkpanama.com
Tue Jan 24 16:41:41 GMT 2006 

Steve Campbell wrote:
> Thanks for the responses.
> 
> These lost channel emails are coming at an incredible rate, with a 
> different IP for each message. They are indeed from spammers, and to 
> mostly unknown users, so they get dropped, but after sendmail has 
> accepted them. A little bit of a load problem. iptables rules would not 
> be a likely solution since they are from the varying IPs.
> 
> Thanks all, for the help
> 
> Steve
> 
> 
> ----- Original Message ----- From: "Alex Neuman van der Hans" 
> <alex at nkpanama.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Tuesday, January 24, 2006 11:14 AM
> Subject: Re: OT: RNDS or whatever it was yesterday
> 
> 
>> shuttlebox wrote:
>>> On 1/24/06, *Steve Campbell* <campbell at cnpapers.com 
>>> <mailto:campbell at cnpapers.com>> wrote:
>>>
>>>     What should I see in my maillogs when sendmail rejects an 
>>> unresolvable
>>>     domain message? I don't see anything yet.
>>>
>>>     What is the best way to block the "lost input channel" type
>>>     messages? (Is
>>>     there a way?)
>>>
>>>
>>> Here's an example:
>>>
>>> Jan 24 15:39:10 viola sendmail[15806]: [ID 801593 mail.notice] 
>>> k0OEaoQZ015806: ruleset=check_mail, arg1=<4m244yof3h at neaccess.com 
>>> <mailto:4m244yof3h at neaccess.com>>, relay=wasamail.wasadata.com 
>>> <http://wasamail.wasadata.com> [193.15.177.100 
>>> <http://193.15.177.100>], reject=451 4.1.8 Domain of sender address 
>>> 4m244yof3h at neaccess.com <mailto:4m244yof3h at neaccess.com> does not 
>>> resolve
>>>
>>> About the "lost input channel" - aren't those often from spammers? 
>>> They usually don't behave correctly and you can't do much about it on 
>>> your end.
>>>
>>> -- 
>>> /peter
>>>
>>
>> Unless there's a milter somewhere that somebody here on the list knows 
>> about that can trigger an iptables command to block port 25 from 
>> anywhere that does this, say, three times in one minute or some other 
>> configurable setting...
>>
>> -- 
>>
>> Alex Neuman van der Hans
>> N&K Technology Consultants
>> Tel. +507 214-9002 - http://nkpanama.com/
>> -- 
>> MailScanner mailing list
>> MailScanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website! 
> 
> 
Rules in iptables would be good if it were dynamic - that is, usually 
you'll find more than a few repeated requests from the same IP. Some 
form of throttling would be good if it could be set on a temporary 
basis. The other remedy would be to implement greylisting.

In any case, these "lost input channel" messages happen before sendmail 
actually accepts the message, not after (AFAIK).

-- 

Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/

More information about the MailScanner mailing list