rejecting botnets with sendmail
Andoni Auzmendi
andoni.auzmendi at robertwalters.com
Wed Nov 1 17:25:00 GMT 2006
Currently we are using relays.orbs.org, sbl.spamhaus.org and dnsbl.njabl.org. I will also add safe.dnsbl.sorbs.net and see how it goes.
Using the lists I rely on the lists maintainers to add those affected pcs. Is there a way I can use regular expressions to block hostnames containing ip addresses allowing at the same time a whitelist for small companies?
I think mimedefang can do it, but I would rather install a sendmail milter to keep the set up simpler if possible.
Thanks
Andoni
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of DAve
Sent: 01 November 2006 16:41
To: MailScanner discussion
Subject: Re: rejecting botnets with sendmail
Denis Beauchemin wrote:
> Andoni Auzmendi a écrit :
>> Experiencing the recent increase in spam from botnets, is there a way to
>> reject (or discard) connections coming from servers containing their ip
>> address within the hostname? I can see lots of connections from
>> broadband or dialup addresses. Some of them even bypass greylilst as
>> they resend the messages several times. We use Sendmail here and I guess
>> there must be a milter which is capable of doing that.
>>
>> Andoni Auzmendi
>>
> Andoni,
>
> This saved us:
> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} > " found in safe.dnsbl.sorbs.net"')dnl
What list is this? I don't see it on the sorbs.net website.
I just lost my battle with the PHB over dul.dnsbl.sorbs.net and I had to
remove it. Our VOIP provider (we are a reseller) has their VM server on
the dul list. All VM wave files have been blocked since I started using
dul last week to thwart a dictionary attack. I hate spammers, really, I
wish them all constant pain and eternal agony.
DAve
>
> Put it in your sendmail.mc and then make your sendmail.cf from it. Last > step is to restart sendmail using MailScanner's script.
>
> I guess you can use other RBLs but I don't know which ones to recommend.
>
> Denis
>
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?
Maybe they forgot who made that choice possible.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
More information about the MailScanner
mailing list