rejecting botnets with sendmail

John Rudd jrudd at ucsc.edu
Wed Nov 1 17:32:05 GMT 2006 

Andoni Auzmendi wrote:
> Currently we are using relays.orbs.org, sbl.spamhaus.org and dnsbl.njabl.org. I will also add safe.dnsbl.sorbs.net and see how it goes.
> 
> Using the lists I rely on the lists maintainers to add those affected pcs. Is there a way I can use regular expressions to block hostnames containing ip addresses allowing at the same time a whitelist for small companies?
> 
> I think mimedefang can do it, but I would rather install a sendmail milter to keep the set up simpler if possible.
> 


Mimedefang _is_ a sendmail milter.


> Thanks
> 
> Andoni
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of DAve
> Sent: 01 November 2006 16:41
> To: MailScanner discussion
> Subject: Re: rejecting botnets with sendmail
> 
> Denis Beauchemin wrote:
>> Andoni Auzmendi a écrit :
>>> Experiencing the recent increase in spam from botnets, is there a way to
>>> reject (or discard) connections coming from servers containing their ip
>>> address within the hostname? I can see lots of connections from
>>> broadband or dialup addresses. Some of them even bypass greylilst as
>>> they resend the messages several times. We use Sendmail here and I guess
>>> there must be a milter which is capable of doing that.
>>>
>>> Andoni Auzmendi
>>>   
>> Andoni,
>>
>> This saved us:
>> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} > " found in safe.dnsbl.sorbs.net"')dnl
> 
> What list is this? I don't see it on the sorbs.net website.
> 
> I just lost my battle with the PHB over dul.dnsbl.sorbs.net and I had to 
> remove it. Our VOIP provider (we are a reseller) has their VM server on 
> the dul list. All VM wave files have been blocked since I started using 
> dul last week to thwart a dictionary attack. I hate spammers, really, I 
> wish them all constant pain and eternal agony.
> 
> DAve
> 
>> Put it in your sendmail.mc and then make your sendmail.cf from it. Last > step is to restart sendmail using MailScanner's script.
>>
>> I guess you can use other RBLs but I don't know which ones to recommend.
>>
>> Denis
>>
> 
>

More information about the MailScanner mailing list