rejecting botnets with sendmail
Rick Cooper
rcooper at dwford.com
Thu Nov 2 01:04:25 GMT 2006
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Res
> Sent: Wednesday, November 01, 2006 5:39 PM
> To: MailScanner discussion
> Subject: RE: rejecting botnets with sendmail
>
> On Wed, 1 Nov 2006, Rick Cooper wrote:
>
[...]
> > FEATURE(`enhdnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected "
> > $&{client_addr} " found in safe.dnsbl.sorbs.net"',
> > ,`127.0.0.2.',`127.0.0.3.', `127.0.0.4.', , `127.0.0.5.', ,
> `127.0.0.6.',
> > `127.0.0.7.', `127.0.0.8.', `127.0.0.9.')
> >
> > Which would reject on all the lists except dul. Or you
> could have multiple
> > FEATURE(`dnsbl', entries, one for each of the lists you
> wanted to use (there
> > are more too). Of course the single call and choose your
> reject addresses,
> > would be more economical I would think.
>
>
> Sendmail works the identical way, its an "enhanced dnsbl" feature
That which I listed above (hopefully correct syntax) was from sendmail. In
my exim configuration it looks like
deny message = rejected because $sender_host_address is in a black list \
at $dnslist_domain $dnslist_text
hosts = !/somedir/Mail_local_net:!/somedir/mail_relay_from_hosts
senders = !/somedir/Mail_sender_white_list.conf
dnslists = ${readfile{/somedir/mail_rbl_lists}{:}}
Which says, basically, if the host is *not* in my local network list, and
it's not a host I relay for and the sender is not in a special whitelist,
then submit to the rbls listed in /somedir/mail_rbl_lists. If the host is
already excluded the call is never made (wasted). The lists can be changed
without having to do anything with exim, if the file changes exim reads it
again, otherwise it's cached.
/somedir/mail_rbl_lists contains entries like (several more than listed):
safe.dnsbl.sorbs.net
combined-HIB.dnsiplists.completewhois.com=127.0.0.2,127.0.0.3
Which says deny any thing returned from safe.dnsbl.sorbs.net, but only deny
127.0.0.2 or 127.0.0.3 from combined-HIB.dnsiplists.completewhois.com
This would basically accomplish what Denis wanted but I have no clue as to
how to do it with SendMail
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list