rejecting botnets with sendmail
jrudd at ucsc.edu
Wed Nov 1 17:11:22 GMT 2006
Andoni Auzmendi wrote:
> Experiencing the recent increase in spam from botnets, is there a way to
> reject (or discard) connections coming from servers containing their ip
> address within the hostname? I can see lots of connections from
> broadband or dialup addresses. Some of them even bypass greylilst as
> they resend the messages several times. We use Sendmail here and I guess
> there must be a milter which is capable of doing that.
By the way, if you wanted to just look at scoring them in spam assassin,
instead of hard rejecting them, I'm actually moving my code from (a
milter) to a Spam Assassin plugin.
I've been discussing it over on the SA list. The thread subject is:
Relay Checker Plugin (code review please?)
By doing this in spam assassin, you can quarantine these messages
instead of outright rejecting them. This helps you avoid rejecting any
(difficult to detect) false positives. Though, honestly, I haven't been
aware of any false positives from doing it at the milter level during
the last 15 months.
More information about the MailScanner