Date: Sat, 4 Jan 2003 11:14:46 -0500 From: "Matthew Emmerton" <matt@gsicomp.on.ca> To: "Roman Neuhauser" <neuhauser@bellavista.cz>, "Fuzzy" <fuzzy@pooh.ASARian.org> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: how can I filter on subject with sendmail 8.12.6? Message-ID: <00d201c2b40c$66566360$1200a8c0@gsicomp.on.ca> References: <Pine.BSF.4.44.0301032030410.56330-100000@pooh.ASARian.org> <20030104161142.GA1013@freepuppy.bellavista.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
> # fuzzy@pooh.ASARian.org / 2003-01-03 20:48:18 -0500: > > > > we're having a problem with some cracker using addresses > > harvested from whois and the "abuse/www/webmaster" with > > domains they get from the database. The mail appears to > > come from us but it cannot as the addresses are oneway incoming > > only. > > > > the subject is always > > > > "XXX templates" > > filtering on subject might help in short term, but it's not the > right answer IMO. > > > It claims its advertising for www.liquid2d.com, > > their website says: > > > > " > > Liquid 2D is being attacked by a group calling itself the 'asian WAREZ > > crackers' who are trying to disrupt our business. They are sending out > > massive amounts of spam mail to anger people and are using open mail > > servers to send it out. > > your email mentions at least three hooks that are better suited for > weeding out spam, and will help you generally, not just against > these losers. > > Also, I don't use Sendmail, so you'll have to transform this into > the m4 configuration; Postfix configuration is very readable. > > 1. it's not clear whether "The mail appears to come from us" means > that the envelope sender address has your domain or it's just the > From: header. If it's the latter you can employ some header check, > which means you'll have to accept the message first, but envelope > sender check are easy: > > smtpd_sender_restrictions = > permit_mynetworks > ... > check_sender_access hash:/usr/local/etc/postfix/spammers > permit > > /usr/local/etc/postfix/spammers contains (among others): > > bellavista.cz 554 Stick it up your nostril, liar > > 2. the statement you cited says the spammers abuse open relays. > you probably don't want to accept any mail from such MTAs anyway: > > maps_rbl_domains = > bl.spamcop.net > relays.osirusoft.com > relays.ordb.org > list.dsbl.org > sbl.spamhaus.org > > smtpd_client_restrictions = > ... > reject_maps_rbl > ... > > 3. while you might not want to use this for your regular (business > related) user accounts, addresses like hostmaster@ can be quite > easily protected from spam by TMDA or qsecretary. The simple solution if you're running sendmail is to install mail/p5-Mail-SpamAssassin and mail/procmail. It checks for known hooks, verifies headers and checks for mail servers that are in the various RBLs. I've been using it for 2 weeks and only had one false positive. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00d201c2b40c$66566360$1200a8c0>