Date: Sat, 4 Jan 2003 17:11:42 +0100 From: Roman Neuhauser <neuhauser@bellavista.cz> To: Fuzzy <fuzzy@pooh.ASARian.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: how can I filter on subject with sendmail 8.12.6? Message-ID: <20030104161142.GA1013@freepuppy.bellavista.cz> In-Reply-To: <Pine.BSF.4.44.0301032030410.56330-100000@pooh.ASARian.org> References: <Pine.BSF.4.44.0301032030410.56330-100000@pooh.ASARian.org>
next in thread | previous in thread | raw e-mail | index | archive | help
# fuzzy@pooh.ASARian.org / 2003-01-03 20:48:18 -0500:
>
> we're having a problem with some cracker using addresses
> harvested from whois and the "abuse/www/webmaster" with
> domains they get from the database. The mail appears to
> come from us but it cannot as the addresses are oneway incoming
> only.
>
> the subject is always
>
> "XXX templates"
filtering on subject might help in short term, but it's not the
right answer IMO.
> It claims its advertising for www.liquid2d.com,
> their website says:
>
> "
> Liquid 2D is being attacked by a group calling itself the 'asian WAREZ
> crackers' who are trying to disrupt our business. They are sending out
> massive amounts of spam mail to anger people and are using open mail
> servers to send it out.
your email mentions at least three hooks that are better suited for
weeding out spam, and will help you generally, not just against
these losers.
Also, I don't use Sendmail, so you'll have to transform this into
the m4 configuration; Postfix configuration is very readable.
1. it's not clear whether "The mail appears to come from us" means
that the envelope sender address has your domain or it's just the
From: header. If it's the latter you can employ some header check,
which means you'll have to accept the message first, but envelope
sender check are easy:
smtpd_sender_restrictions =
permit_mynetworks
...
check_sender_access hash:/usr/local/etc/postfix/spammers
permit
/usr/local/etc/postfix/spammers contains (among others):
bellavista.cz 554 Stick it up your nostril, liar
2. the statement you cited says the spammers abuse open relays.
you probably don't want to accept any mail from such MTAs anyway:
maps_rbl_domains =
bl.spamcop.net
relays.osirusoft.com
relays.ordb.org
list.dsbl.org
sbl.spamhaus.org
smtpd_client_restrictions =
...
reject_maps_rbl
...
3. while you might not want to use this for your regular (business
related) user accounts, addresses like hostmaster@ can be quite
easily protected from spam by TMDA or qsecretary.
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message. see http://www.eyrie.org./~eagle/faqs/questions.html
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030104161142.GA1013>