OT: RNDS or whatever it was yesterday
Rob Poe
rpoe at plattesheriff.org
Tue Jan 24 16:45:00 GMT 2006
http://www.wanlink.com/spamilter/
Looks like the same thing the Snert Soft people are doing, without the license per server...
Not discounting Snert Soft or their product! But to test something I can't see outlaying $$ first.
>>> alex at nkpanama.com 1/24/2006 10:41:41 am >>>
Steve Campbell wrote:
> Thanks for the responses.
>
> These lost channel emails are coming at an incredible rate, with a
> different IP for each message. They are indeed from spammers, and to
> mostly unknown users, so they get dropped, but after sendmail has
> accepted them. A little bit of a load problem. iptables rules would not
> be a likely solution since they are from the varying IPs.
>
> Thanks all, for the help
>
> Steve
>
>
> ----- Original Message ----- From: "Alex Neuman van der Hans"
> <alex at nkpanama.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Tuesday, January 24, 2006 11:14 AM
> Subject: Re: OT: RNDS or whatever it was yesterday
>
>
>> shuttlebox wrote:
>>> On 1/24/06, *Steve Campbell* <campbell at cnpapers.com
>>> <mailto:campbell at cnpapers.com>> wrote:
>>>
>>> What should I see in my maillogs when sendmail rejects an
>>> unresolvable
>>> domain message? I don't see anything yet.
>>>
>>> What is the best way to block the "lost input channel" type
>>> messages? (Is
>>> there a way?)
>>>
>>>
>>> Here's an example:
>>>
>>> Jan 24 15:39:10 viola sendmail[15806]: [ID 801593 mail.notice]
>>> k0OEaoQZ015806: ruleset=check_mail, arg1=<4m244yof3h at neaccess.com
>>> <mailto:4m244yof3h at neaccess.com>>, relay=wasamail.wasadata.com
>>> <http://wasamail.wasadata.com> [193.15.177.100
>>> <http://193.15.177.100>], reject=451 4.1.8 Domain of sender address
>>> 4m244yof3h at neaccess.com <mailto:4m244yof3h at neaccess.com> does not
>>> resolve
>>>
>>> About the "lost input channel" - aren't those often from spammers?
>>> They usually don't behave correctly and you can't do much about it on
>>> your end.
>>>
>>> --
>>> /peter
>>>
>>
>> Unless there's a milter somewhere that somebody here on the list knows
>> about that can trigger an iptables command to block port 25 from
>> anywhere that does this, say, three times in one minute or some other
>> configurable setting...
>>
>> --
>>
>> Alex Neuman van der Hans
>> N&K Technology Consultants
>> Tel. +507 214-9002 - http://nkpanama.com/
>> --
>> MailScanner mailing list
>> MailScanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
>
Rules in iptables would be good if it were dynamic - that is, usually
you'll find more than a few repeated requests from the same IP. Some
form of throttling would be good if it could be set on a temporary
basis. The other remedy would be to implement greylisting.
In any case, these "lost input channel" messages happen before sendmail
actually accepts the message, not after (AFAIK).
--
Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/
--
MailScanner mailing list
MailScanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
----------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
This e-mail message and all documents that accompany it are intended only
for the use of the individual or entity to which addressed, and may contain
information that is privileged, confidential or exempt from disclosure under
applicable law. If the reader is not the intended recipient, any disclosure,
distribution or other use of this e-mail message is prohibited. If you have
received this e-mail message in error, please notify the sender immediately.
Thank you.
More information about the MailScanner
mailing list