rejecting botnets with sendmail
Denis Beauchemin
Denis.Beauchemin at USherbrooke.ca
Wed Nov 1 18:21:11 GMT 2006
DAve a écrit :
> Denis Beauchemin wrote:
>> Andoni Auzmendi a écrit :
>>> Experiencing the recent increase in spam from botnets, is there a
>>> way to
>>> reject (or discard) connections coming from servers containing their ip
>>> address within the hostname? I can see lots of connections from
>>> broadband or dialup addresses. Some of them even bypass greylilst as
>>> they resend the messages several times. We use Sendmail here and I
>>> guess
>>> there must be a milter which is capable of doing that.
>>>
>>> Andoni Auzmendi
>>>
>> Andoni,
>>
>> This saved us:
>> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected "
>> $&{client_addr} " found in safe.dnsbl.sorbs.net"')dnl
>
> What list is this? I don't see it on the sorbs.net website.
Dave,
It's an aggregate of:
http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
new.spam.dnsbl.sorbs.net
web.dnsbl.sorbs.net
block.dnsbl.sorbs.net
zombie.dnsbl.sorbs.net
dul.dnsbl.sorbs.net
I really needed to block them at the MTA level because our hw wasn't
able to cope with the big increase of spam we saw in the last weeks.
Even though I had 3 equal priority MX servers, one was receiving twice
as much as the other 2 combined.
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x62252 F: 819.821.8045
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061101/e3ee6194/smime.bin
More information about the MailScanner
mailing list