From owner-freebsd-questions Sat Jan 4 8:11:47 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 60EC737B401 for ; Sat, 4 Jan 2003 08:11:45 -0800 (PST) Received: from mail.bellavista.cz (mail.bellavista.cz [62.168.44.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 04C4F43ED1 for ; Sat, 4 Jan 2003 08:11:44 -0800 (PST) (envelope-from neuhauser@bellavista.cz) Received: from freepuppy.bellavista.cz (freepuppy.bellavista.cz [10.0.0.10]) by mail.bellavista.cz (Postfix) with ESMTP id 248D5437; Sat, 4 Jan 2003 17:11:43 +0100 (CET) Received: by freepuppy.bellavista.cz (Postfix, from userid 1001) id 31FF22FDC71; Sat, 4 Jan 2003 17:11:42 +0100 (CET) Date: Sat, 4 Jan 2003 17:11:42 +0100 From: Roman Neuhauser To: Fuzzy Cc: freebsd-questions@FreeBSD.ORG Subject: Re: how can I filter on subject with sendmail 8.12.6? Message-ID: <20030104161142.GA1013@freepuppy.bellavista.cz> Mail-Followup-To: Fuzzy , freebsd-questions@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG # fuzzy@pooh.ASARian.org / 2003-01-03 20:48:18 -0500: > > we're having a problem with some cracker using addresses > harvested from whois and the "abuse/www/webmaster" with > domains they get from the database. The mail appears to > come from us but it cannot as the addresses are oneway incoming > only. > > the subject is always > > "XXX templates" filtering on subject might help in short term, but it's not the right answer IMO. > It claims its advertising for www.liquid2d.com, > their website says: > > " > Liquid 2D is being attacked by a group calling itself the 'asian WAREZ > crackers' who are trying to disrupt our business. They are sending out > massive amounts of spam mail to anger people and are using open mail > servers to send it out. your email mentions at least three hooks that are better suited for weeding out spam, and will help you generally, not just against these losers. Also, I don't use Sendmail, so you'll have to transform this into the m4 configuration; Postfix configuration is very readable. 1. it's not clear whether "The mail appears to come from us" means that the envelope sender address has your domain or it's just the From: header. If it's the latter you can employ some header check, which means you'll have to accept the message first, but envelope sender check are easy: smtpd_sender_restrictions = permit_mynetworks ... check_sender_access hash:/usr/local/etc/postfix/spammers permit /usr/local/etc/postfix/spammers contains (among others): bellavista.cz 554 Stick it up your nostril, liar 2. the statement you cited says the spammers abuse open relays. you probably don't want to accept any mail from such MTAs anyway: maps_rbl_domains = bl.spamcop.net relays.osirusoft.com relays.ordb.org list.dsbl.org sbl.spamhaus.org smtpd_client_restrictions = ... reject_maps_rbl ... 3. while you might not want to use this for your regular (business related) user accounts, addresses like hostmaster@ can be quite easily protected from spam by TMDA or qsecretary. -- If you cc me or remove the list(s) completely I'll most likely ignore your message. see http://www.eyrie.org./~eagle/faqs/questions.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message