rejecting botnets with sendmail

[Rick Cooper]

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Res
> Sent: Thursday, November 02, 2006 12:02 AM
> To: MailScanner discussion
> Subject: RE: rejecting botnets with sendmail
> 
> On Wed, 1 Nov 2006, Rick Cooper wrote:
> 
> >> Sendmail works the identical way, its an "enhanced dnsbl" feature
> >
> > That which I listed above (hopefully correct syntax) was 
> from sendmail. In
> > my exim configuration it looks like
> >
> > deny  message  = rejected because $sender_host_address is 
> in a black list \
> > 				 at $dnslist_domain $dnslist_text
> > hosts = !/somedir/Mail_local_net:!/somedir/mail_relay_from_hosts
> > senders = !/somedir/Mail_sender_white_list.conf
> > dnslists   = ${readfile{/somedir/mail_rbl_lists}{:}}
> >
> > Which says, basically, if the host is *not* in my local 
> network list, and
> > it's not a host I relay for and the sender is not in a 
> special whitelist,
> > then submit to the rbls listed in /somedir/mail_rbl_lists. 
> If the host is
> > already excluded the call is never made (wasted). The lists 
> can be changed
> > without having to do anything with exim, if the file 
> changes exim reads it
> > again, otherwise it's cached.
> >
> 
> 4 lines for what sendmail does by default compilation, whoa
> 

That is inaccurate, I believe. If I just wanted to run the rbl it would be
dnslists   = ${readfile{/somedir/mail_rbl_lists}{:}}. And the rbl processing
in sendmail is not default, anymore than it is in exim. The default config
for exim doesn't assume you want rbl processing or what rbl you would like
to use, niether does sendmail.

And I don't have to use a separate file for the actual rbls and returned
items either, it could be a list on one line with the same info. I choose to
use the file because if I want to add, or change something I can do so
without having to hup exim, or interrupt the mail for even a second. The
additional lines are prefaces to the actual RBL. If mail is from a
whitelisted host or sender why waste the resources to run the rbls when
those hosts/senders are going to pass anyway? I do not believe, but I could
be wrong, that sendmail by default makes assumptions as to what hosts, or
senders have what action applied to them. And of course the deny/message
line could be one line instead of wrapped for legibility in say, vi.

It's not a knock against sendmail or people who use it but one reason I use
exim is because there is (probably) nothing 3d party required to do
anything. Virus scanning, SpamAssassin processing, virtually any method of
storage for anything, any kind of verification. And I *never* have to so
much as hup the daemon if I change something that would be internal to most
mailers (I have tried sendmail, postfix, qmail, courier). You can , of
course, use a monolithic config file, or break out any part of the config.
You can specify lists within the config(s), which require a hup if you
change them, or via external files which do not. Exim is virtually a smtp
programming language and I have yet to find something I wanted it to do that
could not be done. Heck you can even embed perl functions within the exim
objects and extremely complex processing on what ever distinct item you
wish, within any portion of the smtp process you wish from connection to
delivery. In any event, if I wanted static rbls, which just run against
every message from everyone on every host one short line would accomplish
that. However by requirements are more flexible thus the additional lines. I
used to actually use a configuration for one location that ran a different
set of rbls based on the network from whence the host originated.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.