OT: RNDS or whatever it was yesterday
Alex Neuman van der Hans
alex at nkpanama.com
Tue Jan 24 16:59:18 GMT 2006
Rob Poe wrote:
> And, to reply to my own email, if you're running CentOS 3.x (my test machine, ATM) you'll need the latest.tar.gz .. otherwise it won't compile correctly (that's my experience). If you want my howto for an RPM (read Centos/RHEL 3.x / 4.x) let me know .. It needs the sendmail source installed, and if you have an RPM based system the -devel package doesn't give you what you need..
>
> The short, short version is you need to download the SRPM, install it (rpm -i sendmail.x.x.x), go to /usr/src/redhat/SPECS .. rpmbuild -bc (which just compiles) the spec file and then build the spamilter against that (it's so it'll link against libmilter).
>
> Whew!
>
>
>
>>>> rpoe at plattesheriff.org 1/24/2006 10:45:00 am >>>
> http://www.wanlink.com/spamilter/
>
> Looks like the same thing the Snert Soft people are doing, without the license per server...
>
> Not discounting Snert Soft or their product! But to test something I can't see outlaying $$ first.
>
>
>
>>>> alex at nkpanama.com 1/24/2006 10:41:41 am >>>
> Steve Campbell wrote:
>> Thanks for the responses.
>>
>> These lost channel emails are coming at an incredible rate, with a
>> different IP for each message. They are indeed from spammers, and to
>> mostly unknown users, so they get dropped, but after sendmail has
>> accepted them. A little bit of a load problem. iptables rules would not
>> be a likely solution since they are from the varying IPs.
>>
>> Thanks all, for the help
>>
>> Steve
>>
>>
>> ----- Original Message ----- From: "Alex Neuman van der Hans"
>> <alex at nkpanama.com>
>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>> Sent: Tuesday, January 24, 2006 11:14 AM
>> Subject: Re: OT: RNDS or whatever it was yesterday
>>
>>
>>> shuttlebox wrote:
>>>> On 1/24/06, *Steve Campbell* <campbell at cnpapers.com
>>>> <mailto:campbell at cnpapers.com>> wrote:
>>>>
>>>> What should I see in my maillogs when sendmail rejects an
>>>> unresolvable
>>>> domain message? I don't see anything yet.
>>>>
>>>> What is the best way to block the "lost input channel" type
>>>> messages? (Is
>>>> there a way?)
>>>>
>>>>
>>>> Here's an example:
>>>>
>>>> Jan 24 15:39:10 viola sendmail[15806]: [ID 801593 mail.notice]
>>>> k0OEaoQZ015806: ruleset=check_mail, arg1=<4m244yof3h at neaccess.com
>>>> <mailto:4m244yof3h at neaccess.com>>, relay=wasamail.wasadata.com
>>>> <http://wasamail.wasadata.com> [193.15.177.100
>>>> <http://193.15.177.100>], reject=451 4.1.8 Domain of sender address
>>>> 4m244yof3h at neaccess.com <mailto:4m244yof3h at neaccess.com> does not
>>>> resolve
>>>>
>>>> About the "lost input channel" - aren't those often from spammers?
>>>> They usually don't behave correctly and you can't do much about it on
>>>> your end.
>>>>
>>>> --
>>>> /peter
>>>>
>>> Unless there's a milter somewhere that somebody here on the list knows
>>> about that can trigger an iptables command to block port 25 from
>>> anywhere that does this, say, three times in one minute or some other
>>> configurable setting...
>>>
>>> --
>>>
>>> Alex Neuman van der Hans
>>> N&K Technology Consultants
>>> Tel. +507 214-9002 - http://nkpanama.com/
>>> --
>>> MailScanner mailing list
>>> MailScanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
> Rules in iptables would be good if it were dynamic - that is, usually
> you'll find more than a few repeated requests from the same IP. Some
> form of throttling would be good if it could be set on a temporary
> basis. The other remedy would be to implement greylisting.
>
> In any case, these "lost input channel" messages happen before sendmail
> actually accepts the message, not after (AFAIK).
>
I see it actually uses freebsd-specific ipfwadm commands instead of
sendmail. Anybody want to tackle making a CentOS4 RPM or howto on this
one? I could probably try doing it over the weekend, but if anybody's
already worked on it...
--
Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/
More information about the MailScanner
mailing list