rejecting botnets with sendmail

[Rick Cooper]

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of DAve
> Sent: Wednesday, November 01, 2006 1:31 PM
> To: MailScanner discussion
> Subject: Re: rejecting botnets with sendmail
> 
[...]
> >>> This saved us:
> >>> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " 
> >>> $&{client_addr} " found in safe.dnsbl.sorbs.net"')dnl
> >>
> >> What list is this? I don't see it on the sorbs.net website.
> > 
> > Dave,
> > 
> > It's an aggregate of:
> > 
> > http.dnsbl.sorbs.net
> > socks.dnsbl.sorbs.net
> > misc.dnsbl.sorbs.net
> > smtp.dnsbl.sorbs.net
> > new.spam.dnsbl.sorbs.net
> > web.dnsbl.sorbs.net
> > block.dnsbl.sorbs.net
> > zombie.dnsbl.sorbs.net
> > dul.dnsbl.sorbs.net
> > 
> > 

[...]

> 
> Ouch, I wouldn't call anything using dul safe ;^) I guess 
> I'll just hold 
> on and keep my pager batteries fresh.
> 
> DAve
> 
> 

I use exim and it allows you to reject based on specific returns (such as
127.0.0.10) or anything but a specific return for rbls that return more than
one possible address. I figured this is such a good idea perhaps sendmail
had something similar so I hit google and found enhdnsbl, did a quick google
on FEATURE(enhdnsbl, and found you could use something like

FEATURE(`enhdnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " 
 $&{client_addr} " found in safe.dnsbl.sorbs.net"',
,`127.0.0.2.',`127.0.0.3.', `127.0.0.4.', , `127.0.0.5.', , `127.0.0.6.',
`127.0.0.7.', `127.0.0.8.', `127.0.0.9.')

Which would reject on all the lists except dul. Or you could have multiple
FEATURE(`dnsbl', entries, one for each of the lists you wanted to use (there
are more too). Of course the single call and choose your reject addresses,
would be more economical I would think.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.