rejecting botnets with sendmail
DAve
dave.list at pixelhammer.com
Wed Nov 1 18:31:25 GMT 2006
Denis Beauchemin wrote:
> DAve a écrit :
>> Denis Beauchemin wrote:
>>> Andoni Auzmendi a écrit :
>>>> Experiencing the recent increase in spam from botnets, is there a
>>>> way to
>>>> reject (or discard) connections coming from servers containing their ip
>>>> address within the hostname? I can see lots of connections from
>>>> broadband or dialup addresses. Some of them even bypass greylilst as
>>>> they resend the messages several times. We use Sendmail here and I
>>>> guess
>>>> there must be a milter which is capable of doing that.
>>>>
>>>> Andoni Auzmendi
>>>>
>>> Andoni,
>>>
>>> This saved us:
>>> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected "
>>> $&{client_addr} " found in safe.dnsbl.sorbs.net"')dnl
>>
>> What list is this? I don't see it on the sorbs.net website.
>
> Dave,
>
> It's an aggregate of:
>
> http.dnsbl.sorbs.net
> socks.dnsbl.sorbs.net
> misc.dnsbl.sorbs.net
> smtp.dnsbl.sorbs.net
> new.spam.dnsbl.sorbs.net
> web.dnsbl.sorbs.net
> block.dnsbl.sorbs.net
> zombie.dnsbl.sorbs.net
> dul.dnsbl.sorbs.net
>
>
> I really needed to block them at the MTA level because our hw wasn't
> able to cope with the big increase of spam we saw in the last weeks.
> Even though I had 3 equal priority MX servers, one was receiving twice
> as much as the other 2 combined.
>
> Denis
>
Ouch, I wouldn't call anything using dul safe ;^) I guess I'll just hold
on and keep my pager batteries fresh.
DAve
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?
Maybe they forgot who made that choice possible.
More information about the MailScanner
mailing list