From owner-freebsd-questions Sat Jan 4 8:14:41 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39B8F37B401 for ; Sat, 4 Jan 2003 08:14:39 -0800 (PST) Received: from tomts22-srv.bellnexxia.net (tomts22.bellnexxia.net [209.226.175.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3049743E4A for ; Sat, 4 Jan 2003 08:14:33 -0800 (PST) (envelope-from matt@gsicomp.on.ca) Received: from gabby.gsicomp.on.ca ([65.95.187.110]) by tomts22-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20030104161432.PKQH7938.tomts22-srv.bellnexxia.net@gabby.gsicomp.on.ca>; Sat, 4 Jan 2003 11:14:32 -0500 Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by gabby.gsicomp.on.ca (8.12.6/8.12.6) with SMTP id h04GCmk5069107; Sat, 4 Jan 2003 11:12:48 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <00d201c2b40c$66566360$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Roman Neuhauser" , "Fuzzy" Cc: References: <20030104161142.GA1013@freepuppy.bellavista.cz> Subject: Re: how can I filter on subject with sendmail 8.12.6? Date: Sat, 4 Jan 2003 11:14:46 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > # fuzzy@pooh.ASARian.org / 2003-01-03 20:48:18 -0500: > > > > we're having a problem with some cracker using addresses > > harvested from whois and the "abuse/www/webmaster" with > > domains they get from the database. The mail appears to > > come from us but it cannot as the addresses are oneway incoming > > only. > > > > the subject is always > > > > "XXX templates" > > filtering on subject might help in short term, but it's not the > right answer IMO. > > > It claims its advertising for www.liquid2d.com, > > their website says: > > > > " > > Liquid 2D is being attacked by a group calling itself the 'asian WAREZ > > crackers' who are trying to disrupt our business. They are sending out > > massive amounts of spam mail to anger people and are using open mail > > servers to send it out. > > your email mentions at least three hooks that are better suited for > weeding out spam, and will help you generally, not just against > these losers. > > Also, I don't use Sendmail, so you'll have to transform this into > the m4 configuration; Postfix configuration is very readable. > > 1. it's not clear whether "The mail appears to come from us" means > that the envelope sender address has your domain or it's just the > From: header. If it's the latter you can employ some header check, > which means you'll have to accept the message first, but envelope > sender check are easy: > > smtpd_sender_restrictions = > permit_mynetworks > ... > check_sender_access hash:/usr/local/etc/postfix/spammers > permit > > /usr/local/etc/postfix/spammers contains (among others): > > bellavista.cz 554 Stick it up your nostril, liar > > 2. the statement you cited says the spammers abuse open relays. > you probably don't want to accept any mail from such MTAs anyway: > > maps_rbl_domains = > bl.spamcop.net > relays.osirusoft.com > relays.ordb.org > list.dsbl.org > sbl.spamhaus.org > > smtpd_client_restrictions = > ... > reject_maps_rbl > ... > > 3. while you might not want to use this for your regular (business > related) user accounts, addresses like hostmaster@ can be quite > easily protected from spam by TMDA or qsecretary. The simple solution if you're running sendmail is to install mail/p5-Mail-SpamAssassin and mail/procmail. It checks for known hooks, verifies headers and checks for mail servers that are in the various RBLs. I've been using it for 2 weeks and only had one false positive. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message