Date: Thu, 5 Dec 2002 12:23:02 -0800 From: Ulf Zimmermann <ulf@Alameda.net> To: Eric Anderson <anderson@centtech.com> Cc: Matthew Seaman <m.seaman@infracaninophile.co.uk>, freebsd-chat@freebsd.org Subject: Re: Mail Insanity Message-ID: <20021205122301.P87634@seven.alameda.net> In-Reply-To: <3DEFAE5D.8080908@centtech.com>; from anderson@centtech.com on Thu, Dec 05, 2002 at 01:51:57PM -0600 References: <3DEF75D7.9040401@centtech.com> <20021205173228.GA93795@happy-idiot-talk.infracaninophi> <02bb01c29c85$c0c5ff20$fa00a8c0@DaleCoportable> <20021205194108.GA94487@happy-idiot-talk.infracaninophi> <3DEFAE5D.8080908@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 05, 2002 at 01:51:57PM -0600, Eric Anderson wrote: > Matthew Seaman wrote: > > On Thu, Dec 05, 2002 at 11:42:57AM -0600, Kevin D. Kinsey, DaleCo, S.P. wrote: > > > > > >>Matt, it appears that RFC 931 is not gonna catch these....check out > >>'envelope from' > > > > Well, that's all well and good - but I have a mail spooler that grabs > mail sent to my domain, spools and sends it to an "internal" mail > server. The "outside" spooler doesn't have any clue about my users, or > anything, it just uses the "smarthost" feature to forward all the > incoming mail to my inside server, which then rejects it, etc, etc. > > Basically, I just need a function that says "if the email destination > doesn't exist, trash it and move on" for my inside mail server. > > Eric I am in a simular position. To block most spam based on dictonary of names (over 85%) I use authd (www.authd.org). I have automatic generated from my user files a rules file to only allow the users which actual exists. And then there is one rule to block the rest. Also in use is spamassasin, to mark emails and then filter/delete on that. Here is my current stats since the last authd start: 250- |0xx: 23 2xx: 25897 4xx: 3216 5xx: 213815 9xx: 0 As you can see, I rejected over 200,000 mails, over 3,000 had DNS timeouts or simular things and I only accepted less then 26,000. So thats a reject rate close to 90%, just based on connecting IP, Mail From and Rcpt To headers. Like I don't allow to pass me email which comes from a non-yahoo mail server, but uses a Mail From @yahoo.com. And I have that list of actual email accounts, so I am blocking the dictonary attacks that way. -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021205122301.P87634>