rejecting botnets with sendmail
Alex Neuman van der Hans
alex at nkpanama.com
Wed Nov 1 19:00:56 GMT 2006
Couldn't you just have whitelisted the VM server?
DAve wrote:
> Denis Beauchemin wrote:
>> Andoni Auzmendi a écrit :
>>> Experiencing the recent increase in spam from botnets, is there a way to
>>> reject (or discard) connections coming from servers containing their ip
>>> address within the hostname? I can see lots of connections from
>>> broadband or dialup addresses. Some of them even bypass greylilst as
>>> they resend the messages several times. We use Sendmail here and I guess
>>> there must be a milter which is capable of doing that.
>>>
>>> Andoni Auzmendi
>>>
>> Andoni,
>>
>> This saved us:
>> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected "
>> $&{client_addr} " found in safe.dnsbl.sorbs.net"')dnl
>
> What list is this? I don't see it on the sorbs.net website.
>
> I just lost my battle with the PHB over dul.dnsbl.sorbs.net and I had to
> remove it. Our VOIP provider (we are a reseller) has their VM server on
> the dul list. All VM wave files have been blocked since I started using
> dul last week to thwart a dictionary attack. I hate spammers, really, I
> wish them all constant pain and eternal agony.
>
> DAve
>
>>
>> Put it in your sendmail.mc and then make your sendmail.cf from it.
>> Last step is to restart sendmail using MailScanner's script.
>>
>> I guess you can use other RBLs but I don't know which ones to recommend.
>>
>> Denis
>>
>
>
More information about the MailScanner
mailing list