There are far to many real businesses that don't spam using DSL for there connection.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Len Conrad Sent: Saturday, January 04, 2003 9:37 PM To: [EMAIL PROTECTED] Subject: [IMGate] comments, please cable + dsl + dialups are a big source of abuse, duh! I'm thinking about this: smtpd_client_restrictions= . . . check_client_accsess regexp:/etc/postfix/mta_clients_dul.regexp ... where that file would contain lines like: /(docsis|dsl|client|dhcp|pool|cpe|host|cust|dial|access|in\-addr|arpa|ca ble|nombres|upc\-[a-z]|user|bri\-).*\..*\./ 554 ACL mta_clients_dul + any other strings we can find, which I "think" :)) would reject stuff like this: blahstring.domain.tld or stringblah.blah.blah.domain.tld as in dsl.attbi.net or nombres.telesp.es or host-218-122.tele2.pl or host217-37-198-45.in-addr.btopenworld.com or bri-ts7-2600-205.tpgi.com.au or docsis226-242.menta.net or dC8545783.dslam-08-29-2-04-01-02.sal.dsl.cantv.net Meaning, any of the (|strings|) followed by at least two ".", ie, a string would be in 3rd or loswer level label below root, ie, 4thlevel.3rdlevel.domain.tld yeah, I know there are some tiny numbers legit MTA's on those subscriber ip's who just might want to connect to your IMGate, but I reckon 99+% are spammers bypassing thier access providers SMTP gateway and sending from home directly to MX's, ie, what mail-abuse.org calls DUL, dial-up-lines. So, as with any filter, there will be some whitelisting. yawn Intiallly, we could also change the 554 to 450 and then monitor the mta_clients_dul rejects for false positives. The more timid BOFH-ers could precede the restriction with warn_if_reject. If you want to look at PTR's connecting to your IMGate, run this: awk '/smtpd.*: connect from/ {print $8 }' /var/log/maillog |\ egrep -iv "unknown\[" | sort -f | uniq -i | sort -f | less If enough want to try it, I could come up with a script that would extract all your PTR's for the last 10 days to a file PTR.txt and then see how many would be caught by the regexp file: something like #!/bin/sh for $p in `cat PTR.txt`; do /usr/sbin/postmap -q "$p" regexp:/etc/postfix/mta_clients_dul.regexp done exit 0 the output would be a list of all your actual PTR's that would have been blocked by the .regexp. comments? Len --------------------:NOTICE:----------------------- This Email was scanned for all known viruses by Network Associates WebShield SMTP V 4.5 We STRONGLY SUGGEST you re-check all Email and any filesattached with your own Antivirus software. -----------:http://www.irvingnet.com:--------------
