rejecting botnets with sendmail
Rick Cooper
rcooper at dwford.com
Thu Nov 2 00:48:53 GMT 2006
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> Of Denis Beauchemin
> Sent: Wednesday, November 01, 2006 3:07 PM
> To: MailScanner discussion
> Subject: Re: rejecting botnets with sendmail
[...]
> > I use exim and it allows you to reject based on specific
> returns (such as
> > 127.0.0.10) or anything but a specific return for rbls that
> return more than
> > one possible address. I figured this is such a good idea
> perhaps sendmail
> > had something similar so I hit google and found enhdnsbl,
> did a quick google
> > on FEATURE(enhdnsbl, and found you could use something like
> >
> > FEATURE(`enhdnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected "
> > $&{client_addr} " found in safe.dnsbl.sorbs.net"',
> > ,`127.0.0.2.',`127.0.0.3.', `127.0.0.4.', , `127.0.0.5.', ,
> `127.0.0.6.',
> > `127.0.0.7.', `127.0.0.8.', `127.0.0.9.')
> >
[...]
> This is really interesting! My stats for yesterday are:
> 127.0.0.2 : 929
> 127.0.0.3 : 608
> 127.0.0.4 : 46
> 127.0.0.5 : 5
> 127.0.0.6 : 539
> 127.0.0.7 : 12587
> 127.0.0.9 : 2
> 127.0.0.10 : 97940
>
> So if I omit dul.dnsbl.sorbs.net I will not block much...
>
> Any ideas on how I could whitelist some IP addresses or
> domain names if
> needed?
>
> Thanks!
>
> Denis
I have not a clue how to do it with sendmail. An exim acl is pretty easy, I
actually have whitelists that exclude some hosts from just about every part
of the smtp process (most are news papers, ad agencies, etc). But I am sure
a sendmail person on this list could certainly help you out.
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list