> # [EMAIL PROTECTED] / 2003-01-03 20:48:18 -0500: > > > > we're having a problem with some cracker using addresses > > harvested from whois and the "abuse/www/webmaster" with > > domains they get from the database. The mail appears to > > come from us but it cannot as the addresses are oneway incoming > > only. > > > > the subject is always > > > > "XXX templates" > > filtering on subject might help in short term, but it's not the > right answer IMO. > > > It claims its advertising for www.liquid2d.com, > > their website says: > > > > " > > Liquid 2D is being attacked by a group calling itself the 'asian WAREZ > > crackers' who are trying to disrupt our business. They are sending out > > massive amounts of spam mail to anger people and are using open mail > > servers to send it out. > > your email mentions at least three hooks that are better suited for > weeding out spam, and will help you generally, not just against > these losers. > > Also, I don't use Sendmail, so you'll have to transform this into > the m4 configuration; Postfix configuration is very readable. > > 1. it's not clear whether "The mail appears to come from us" means > that the envelope sender address has your domain or it's just the > From: header. If it's the latter you can employ some header check, > which means you'll have to accept the message first, but envelope > sender check are easy: > > smtpd_sender_restrictions = > permit_mynetworks > ... > check_sender_access hash:/usr/local/etc/postfix/spammers > permit > > /usr/local/etc/postfix/spammers contains (among others): > > bellavista.cz 554 Stick it up your nostril, liar > > 2. the statement you cited says the spammers abuse open relays. > you probably don't want to accept any mail from such MTAs anyway: > > maps_rbl_domains = > bl.spamcop.net > relays.osirusoft.com > relays.ordb.org > list.dsbl.org > sbl.spamhaus.org > > smtpd_client_restrictions = > ... > reject_maps_rbl > ... > > 3. while you might not want to use this for your regular (business > related) user accounts, addresses like hostmaster@ can be quite > easily protected from spam by TMDA or qsecretary.
The simple solution if you're running sendmail is to install mail/p5-Mail-SpamAssassin and mail/procmail. It checks for known hooks, verifies headers and checks for mail servers that are in the various RBLs. I've been using it for 2 weeks and only had one false positive. -- Matt Emmerton To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message