On Fri, 29 Oct 2004 15:33:32 +0200, Paul Pries <[EMAIL PROTECTED]> wrote: > Ian Mitchell wrote: > > >>Ok, for something like this, a sample function on the FAQ site that > >>filters HELO line > >> > >>How do I integrate this into the filter file ? > >> > >> > > > >I'm not sure that I would. Sendmail has the capability to limit > >connections based on where the IP's come from (outside of the HELO which > >can be spoofed). You can limit based on relaying (access_db) or you can > >actually limit based on connections (tcp_wrappers). There is actually many > >different ways that this can be accomplished without the need for using > >expensive resources by having mimedefang catch it. Think of it this way, > >if you have your mimedefang process scanning for it, then the child > >processes for your mimedefang/spamassassin/virus scanner could potentially > >all be called for a connection your just going to drop anyways (depend on > >how you put together your filter) when sendmail could easily make a call > >to tcpd and determine it's not legitimate and kill right away. Not a > >problem with only a few connections, but what happens if you get hit by a > >spam bot that is attempting hundreds or thousands or more connections > >close together from all different ip's? > > > > > That is correct, but I don't think that is what the meaning of the code > snippet is.... > This piece of code is to reject mail that comes from someone > impersonating your domain, > that is an external source saying it is internal. > > I use almost the same setup here... > > -- > > Paul Pries >
Hi, I found out that the filter_sender() function will be enabled if I turn the MX_SENDER_CHECK option on. I was just wondering where should I put it and how to use it. I got to read the man pages more carefully. As for the usefullness of the code sample, I think it at least get rid of half of the problem, and spammers can still forge the MAIL FROM header if he uses a legit HELO. So the problem is, how do you check the MAIL FROM header then? Many Thanks, Yang _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
