rejecting botnets with sendmail

John Rudd jrudd at ucsc.edu
Wed Nov 1 17:11:22 GMT 2006


Andoni Auzmendi wrote:
> Experiencing the recent increase in spam from botnets, is there a way to
> reject (or discard) connections coming from servers containing their ip
> address within the hostname? I can see lots of connections from
> broadband or dialup addresses. Some of them even bypass greylilst as
> they resend the messages several times. We use Sendmail here and I guess
> there must be a milter which is capable of doing that.
> 

By the way, if you wanted to just look at scoring them in spam assassin, 
instead of hard rejecting them, I'm actually moving my code from (a 
milter) to a Spam Assassin plugin.

I've been discussing it over on the SA list. The thread subject is:

Relay Checker Plugin (code review please?)


By doing this in spam assassin, you can quarantine these messages 
instead of outright rejecting them.  This helps you avoid rejecting any 
(difficult to detect) false positives.  Though, honestly, I haven't been 
aware of any false positives from doing it at the milter level during 
the last 15 months.


More information about the MailScanner mailing list