At 8:20 AM -0700 10/12/01, Jason Shewchuk imposed structure on a stream of electrons, yielding: >Hi all, > >I wish I did not have to write this email but I just have not been about >to find a solution myself. I am running SIMS, and have been for over a >year now with no problems. Within the last month I have been spammed >numerous times I would say on average three times a week. This is really >annoying as it brings down my entire server. I have tried using a RBL >which I type in "blackholes.mail-abuse.org" in the "RBL Server List" >setting within my SMTP module. This still hasn't helped.
Note that the MAPS lists (like the RBL, which is the 'blacholes' zone) have switched to requiring a signup. MAPS may not yet be enforcing that, but it is quite possible that you are not even getting answers to the RBL queries. Besides that, the RBL itself is relatively limited in what it lists and using it won't knock out much. The other MAPS lists have a far larger impact. (see http://mail-abuse.org for all the details) > I also >currently have "Verify Return Paths" turned on. Somewhat useful. It stops the spam from the stupidest spammers, those who don't even bother to forge a valid sender address. > I would tell SIMS what >IP addresses my email accounts will be accessed from however I cannot >predict that as everyone using my server has different ISP and travels >the globe. So, are you saying that you do not have "Relay for Clients Only" on? That's a very bad idea. Your server will be abused and nothing you can do without that feature will stop it. Nothing. Ever. Note that the current (1.8b8) version of SIMS allows for very good per-session authentication tricks so that you do not need to know client IP's in advance. It supports POP-before-SMTP by default and SMTP AUTH. The former means that an IP address is allowed to relay mail for a short period after having been used to check mail successfully. The latter is a more solid technology where the user authenticates in the SMTP session before being allowed to send mail. Any client software can work with POP-before-SMTP (although some clients make it clunky) and most current versions of major mail apps (including Eudora, Agent and the MS products) can do SMTP AUTH. It is a waste of your time to try to find ways to avoid turning on relay control. Nothing will be satisfactory and you will eventually find yourself quite properly blacklisted. >My question is what can I do to help prevent this from happening so >often? I wish it could be stopped totally but I know that that can't >happen. > >I notice in the Message Queue list (which stretch on for miles it seems) >that the majority of From column is "NULL@NULL" is there anyway I can use >this to my advantage? Can I tells SIMS if FROM == @NULL ignore? SIMS already does that. However, NULL@NULL is special:it's the address (actually an empty address) used by mail servers to send bounces. With VRP on, SIMS won't accept mail whose sender has a null domain, but it will (unless badly misconfigured) accept mail with a null sender and will (properly) generate bounces with a null sender. I suspect that what you see in he queue are bounces from someone relaying mail through your server. Generally those bounces will be undeliverable or aimed at innocent people. >If anyone has any ideas on how to help me teach SIMS to ignore @NULL >people, or any other techniques I can use to stop having my server over >run with SPAM would be really appreciated. Turn on relay control and educate your users to either use modern (i.e. AUTH-capable) clients or to check their mail right before trying to send. Not doing so will leave your server swamped by spammers and will likely result in it ending up on multiple blacklists. -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
