OT: RNDS or whatever it was yesterday

Rob Poe rpoe at plattesheriff.org
Tue Jan 24 16:49:27 GMT 2006


And, to reply to my own email, if you're running CentOS 3.x (my test machine, ATM) you'll need the latest.tar.gz .. otherwise it won't compile correctly (that's my experience).  If you want my howto for an RPM (read Centos/RHEL 3.x / 4.x) let me know .. It needs the sendmail source installed, and if you have an RPM based system the -devel package doesn't give you what you need..

The short, short version is you need to download the SRPM, install it (rpm -i sendmail.x.x.x), go to /usr/src/redhat/SPECS .. rpmbuild -bc (which just compiles) the spec file and then build the spamilter against that (it's so it'll link against libmilter).

Whew!



>>> rpoe at plattesheriff.org 1/24/2006 10:45:00 am >>>
http://www.wanlink.com/spamilter/ 

Looks like the same thing the Snert Soft people are doing, without the license per server...

Not discounting Snert Soft or their product!  But to test something I can't see outlaying $$ first.  



>>> alex at nkpanama.com 1/24/2006 10:41:41 am >>>
Steve Campbell wrote:
> Thanks for the responses.
> 
> These lost channel emails are coming at an incredible rate, with a 
> different IP for each message. They are indeed from spammers, and to 
> mostly unknown users, so they get dropped, but after sendmail has 
> accepted them. A little bit of a load problem. iptables rules would not 
> be a likely solution since they are from the varying IPs.
> 
> Thanks all, for the help
> 
> Steve
> 
> 
> ----- Original Message ----- From: "Alex Neuman van der Hans" 
> <alex at nkpanama.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Tuesday, January 24, 2006 11:14 AM
> Subject: Re: OT: RNDS or whatever it was yesterday
> 
> 
>> shuttlebox wrote:
>>> On 1/24/06, *Steve Campbell* <campbell at cnpapers.com 
>>> <mailto:campbell at cnpapers.com>> wrote:
>>>
>>>     What should I see in my maillogs when sendmail rejects an 
>>> unresolvable
>>>     domain message? I don't see anything yet.
>>>
>>>     What is the best way to block the "lost input channel" type
>>>     messages? (Is
>>>     there a way?)
>>>
>>>
>>> Here's an example:
>>>
>>> Jan 24 15:39:10 viola sendmail[15806]: [ID 801593 mail.notice] 
>>> k0OEaoQZ015806: ruleset=check_mail, arg1=<4m244yof3h at neaccess.com 
>>> <mailto:4m244yof3h at neaccess.com>>, relay=wasamail.wasadata.com 
>>> <http://wasamail.wasadata.com> [193.15.177.100 
>>> <http://193.15.177.100>], reject=451 4.1.8 Domain of sender address 
>>> 4m244yof3h at neaccess.com <mailto:4m244yof3h at neaccess.com> does not 
>>> resolve
>>>
>>> About the "lost input channel" - aren't those often from spammers? 
>>> They usually don't behave correctly and you can't do much about it on 
>>> your end.
>>>
>>> -- 
>>> /peter
>>>
>>
>> Unless there's a milter somewhere that somebody here on the list knows 
>> about that can trigger an iptables command to block port 25 from 
>> anywhere that does this, say, three times in one minute or some other 
>> configurable setting...
>>
>> -- 
>>
>> Alex Neuman van der Hans
>> N&K Technology Consultants
>> Tel. +507 214-9002 - http://nkpanama.com/ 
>> -- 
>> MailScanner mailing list
>> MailScanner at lists.mailscanner.info 
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner 
>>
>> Before posting, read http://wiki.mailscanner.info/posting 
>>
>> Support MailScanner development - buy the book off the website! 
> 
> 
Rules in iptables would be good if it were dynamic - that is, usually 
you'll find more than a few repeated requests from the same IP. Some 
form of throttling would be good if it could be set on a temporary 
basis. The other remedy would be to implement greylisting.

In any case, these "lost input channel" messages happen before sendmail 
actually accepts the message, not after (AFAIK).

-- 

Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/ 
-- 
MailScanner mailing list
MailScanner at lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website! 



----------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
This e-mail message and all documents that accompany it are intended only
for the use of the individual or entity to which addressed, and may contain
information that is privileged, confidential or exempt from disclosure under
applicable law. If the reader is not the intended recipient, any disclosure,
distribution or other use of this e-mail message is prohibited. If you have
received this e-mail message in error, please notify the sender immediately.
Thank you.


--
MailScanner mailing list
MailScanner at lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website!


----------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
This e-mail message and all documents that accompany it are intended only
for the use of the individual or entity to which addressed, and may contain
information that is privileged, confidential or exempt from disclosure under
applicable law. If the reader is not the intended recipient, any disclosure,
distribution or other use of this e-mail message is prohibited. If you have
received this e-mail message in error, please notify the sender immediately.
Thank you.




More information about the MailScanner mailing list