rejecting botnets with sendmail

Rick Cooper rcooper at dwford.com
Thu Nov 2 00:48:53 GMT 2006


 

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Denis Beauchemin
> Sent: Wednesday, November 01, 2006 3:07 PM
> To: MailScanner discussion
> Subject: Re: rejecting botnets with sendmail
[...]

> > I use exim and it allows you to reject based on specific 
> returns (such as
> > 127.0.0.10) or anything but a specific return for rbls that 
> return more than
> > one possible address. I figured this is such a good idea 
> perhaps sendmail
> > had something similar so I hit google and found enhdnsbl, 
> did a quick google
> > on FEATURE(enhdnsbl, and found you could use something like
> >
> > FEATURE(`enhdnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " 
> >  $&{client_addr} " found in safe.dnsbl.sorbs.net"',
> > ,`127.0.0.2.',`127.0.0.3.', `127.0.0.4.', , `127.0.0.5.', , 
> `127.0.0.6.',
> > `127.0.0.7.', `127.0.0.8.', `127.0.0.9.')
> >
[...]

> This is really interesting!  My stats for yesterday are:
> 127.0.0.2 : 929
> 127.0.0.3 : 608
> 127.0.0.4 : 46
> 127.0.0.5 : 5
> 127.0.0.6 : 539
> 127.0.0.7 : 12587
> 127.0.0.9 : 2
> 127.0.0.10 : 97940
> 
> So if I omit dul.dnsbl.sorbs.net I will not block much...
> 
> Any ideas on how I could whitelist some IP addresses or 
> domain names if 
> needed?
> 
> Thanks!
> 
> Denis

I have not a clue how to do it with sendmail. An exim acl is pretty easy, I
actually have whitelists that exclude some hosts from just about every part
of the smtp process (most are news papers, ad agencies, etc). But I am sure
a sendmail person on this list could certainly help you out.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the MailScanner mailing list