Date: Sat, 4 Jan 2003 17:11:42 +0100 From: Roman Neuhauser <neuhauser@bellavista.cz> To: Fuzzy <fuzzy@pooh.ASARian.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: how can I filter on subject with sendmail 8.12.6? Message-ID: <20030104161142.GA1013@freepuppy.bellavista.cz> In-Reply-To: <Pine.BSF.4.44.0301032030410.56330-100000@pooh.ASARian.org> References: <Pine.BSF.4.44.0301032030410.56330-100000@pooh.ASARian.org>
next in thread | previous in thread | raw e-mail | index | archive | help
# fuzzy@pooh.ASARian.org / 2003-01-03 20:48:18 -0500: > > we're having a problem with some cracker using addresses > harvested from whois and the "abuse/www/webmaster" with > domains they get from the database. The mail appears to > come from us but it cannot as the addresses are oneway incoming > only. > > the subject is always > > "XXX templates" filtering on subject might help in short term, but it's not the right answer IMO. > It claims its advertising for www.liquid2d.com, > their website says: > > " > Liquid 2D is being attacked by a group calling itself the 'asian WAREZ > crackers' who are trying to disrupt our business. They are sending out > massive amounts of spam mail to anger people and are using open mail > servers to send it out. your email mentions at least three hooks that are better suited for weeding out spam, and will help you generally, not just against these losers. Also, I don't use Sendmail, so you'll have to transform this into the m4 configuration; Postfix configuration is very readable. 1. it's not clear whether "The mail appears to come from us" means that the envelope sender address has your domain or it's just the From: header. If it's the latter you can employ some header check, which means you'll have to accept the message first, but envelope sender check are easy: smtpd_sender_restrictions = permit_mynetworks ... check_sender_access hash:/usr/local/etc/postfix/spammers permit /usr/local/etc/postfix/spammers contains (among others): bellavista.cz 554 Stick it up your nostril, liar 2. the statement you cited says the spammers abuse open relays. you probably don't want to accept any mail from such MTAs anyway: maps_rbl_domains = bl.spamcop.net relays.osirusoft.com relays.ordb.org list.dsbl.org sbl.spamhaus.org smtpd_client_restrictions = ... reject_maps_rbl ... 3. while you might not want to use this for your regular (business related) user accounts, addresses like hostmaster@ can be quite easily protected from spam by TMDA or qsecretary. -- If you cc me or remove the list(s) completely I'll most likely ignore your message. see http://www.eyrie.org./~eagle/faqs/questions.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030104161142.GA1013>