RE: how can I filter on subject with sendmail 8.12.6?
The problem with this solution is that it doesn't prevent potential queuing a lot of bounced emails, back to domains that are bad. The best place to stop spam, is to deny it right at the on set, so as to not load up your system trying to deliver bad mail. -Daniel The simple solution if you're running sendmail is to install mail/p5-Mail-SpamAssassin and mail/procmail. It checks for known hooks, verifies headers and checks for mail servers that are in the various RBLs. I've been using it for 2 weeks and only had one false positive. -- Matt Emmerton To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: how can I filter on subject with sendmail 8.12.6?
> # [EMAIL PROTECTED] / 2003-01-03 20:48:18 -0500: > > > > we're having a problem with some cracker using addresses > > harvested from whois and the "abuse/www/webmaster" with > > domains they get from the database. The mail appears to > > come from us but it cannot as the addresses are oneway incoming > > only. > > > > the subject is always > > > > "XXX templates" > > filtering on subject might help in short term, but it's not the > right answer IMO. > > > It claims its advertising for www.liquid2d.com, > > their website says: > > > > " > > Liquid 2D is being attacked by a group calling itself the 'asian WAREZ > > crackers' who are trying to disrupt our business. They are sending out > > massive amounts of spam mail to anger people and are using open mail > > servers to send it out. > > your email mentions at least three hooks that are better suited for > weeding out spam, and will help you generally, not just against > these losers. > > Also, I don't use Sendmail, so you'll have to transform this into > the m4 configuration; Postfix configuration is very readable. > > 1. it's not clear whether "The mail appears to come from us" means > that the envelope sender address has your domain or it's just the > From: header. If it's the latter you can employ some header check, > which means you'll have to accept the message first, but envelope > sender check are easy: > > smtpd_sender_restrictions = > permit_mynetworks > ... > check_sender_access hash:/usr/local/etc/postfix/spammers > permit > > /usr/local/etc/postfix/spammers contains (among others): > > bellavista.cz 554 Stick it up your nostril, liar > > 2. the statement you cited says the spammers abuse open relays. > you probably don't want to accept any mail from such MTAs anyway: > > maps_rbl_domains = > bl.spamcop.net > relays.osirusoft.com > relays.ordb.org > list.dsbl.org > sbl.spamhaus.org > > smtpd_client_restrictions = > ... > reject_maps_rbl > ... > > 3. while you might not want to use this for your regular (business > related) user accounts, addresses like hostmaster@ can be quite > easily protected from spam by TMDA or qsecretary. The simple solution if you're running sendmail is to install mail/p5-Mail-SpamAssassin and mail/procmail. It checks for known hooks, verifies headers and checks for mail servers that are in the various RBLs. I've been using it for 2 weeks and only had one false positive. -- Matt Emmerton To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: how can I filter on subject with sendmail 8.12.6?
# [EMAIL PROTECTED] / 2003-01-03 20:48:18 -0500: > > we're having a problem with some cracker using addresses > harvested from whois and the "abuse/www/webmaster" with > domains they get from the database. The mail appears to > come from us but it cannot as the addresses are oneway incoming > only. > > the subject is always > > "XXX templates" filtering on subject might help in short term, but it's not the right answer IMO. > It claims its advertising for www.liquid2d.com, > their website says: > > " > Liquid 2D is being attacked by a group calling itself the 'asian WAREZ > crackers' who are trying to disrupt our business. They are sending out > massive amounts of spam mail to anger people and are using open mail > servers to send it out. your email mentions at least three hooks that are better suited for weeding out spam, and will help you generally, not just against these losers. Also, I don't use Sendmail, so you'll have to transform this into the m4 configuration; Postfix configuration is very readable. 1. it's not clear whether "The mail appears to come from us" means that the envelope sender address has your domain or it's just the From: header. If it's the latter you can employ some header check, which means you'll have to accept the message first, but envelope sender check are easy: smtpd_sender_restrictions = permit_mynetworks ... check_sender_access hash:/usr/local/etc/postfix/spammers permit /usr/local/etc/postfix/spammers contains (among others): bellavista.cz 554 Stick it up your nostril, liar 2. the statement you cited says the spammers abuse open relays. you probably don't want to accept any mail from such MTAs anyway: maps_rbl_domains = bl.spamcop.net relays.osirusoft.com relays.ordb.org list.dsbl.org sbl.spamhaus.org smtpd_client_restrictions = ... reject_maps_rbl ... 3. while you might not want to use this for your regular (business related) user accounts, addresses like hostmaster@ can be quite easily protected from spam by TMDA or qsecretary. -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: how can I filter on subject with sendmail 8.12.6?
- Original Message -
From: "Fuzzy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, January 04, 2003 2:48 AM
Subject: how can I filter on subject with sendmail 8.12.6?
> we're having a problem with some cracker using addresses
> harvested from whois and the "abuse/www/webmaster" with
> domains they get from the database. The mail appears to
> come from us but it cannot as the addresses are oneway
> incoming only.
>
> the subject is always
>
> "XXX templates"
>
> It claims its advertising for www.liquid2d.com,
Hi Fuzzy, :)
Since you are running sendmail 8.12.6, I strongly recommend using milter. Of
course, you could also do a quick-and-dirty hack with a macro:
HSubject: $>Check_Subject
D{MPat}XXX templates
D{MMsg}Go away, please.
SCheck_Subject
R${MPat} $* $#error $: 553 ${MMsg}
Something like that. :)
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: how can I filter on subject with sendmail 8.12.6?
On Jan 3 Fuzzy wrote:
>
> we're having a problem with some cracker using addresses
> harvested from whois and the "abuse/www/webmaster" with
> domains they get from the database. The mail appears to
> come from us but it cannot as the addresses are oneway incoming
> only.
>
> the subject is always
>
> "XXX templates"
[...]
Try with this at the end of your sendmail.mc
(don't forget to rebuild the sendmail.cf file and restart sendmail)
LOCAL_CONFIG
C{RejectSubject}XXX templates
LOCAL_RULESETS
HSubject: $>CheckSubject
SCheckSubject
R$={RejectSubject} $#error $@ 5.1.3 $: "554 Header error"
R$* $@ OK
-andrew
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
