[clue-tech] Question for sendmail folks regarding
bitbucketing email to certain accounts
Charles Oriez
coriez at oriez.org
Sun Feb 27 09:21:44 MST 2005
At 08:02 AM 2/27/2005, Chris Schock wrote:
>I get a lot of spam sent to info at xxx.xxx domains for which I host. There
>is no corresponding user for that address, so my mailer tries to send out
>a failure notification. And of course the sender address has been faked so
>these messages just sit in the queue getting retried for a week before
>finally dying.
>
>Reading the alias manpage says I can redirect accounts to a filename, so
>I'm going to try /dev/null. Is there a better way? How is everyone else
>doing this?
>
>Thanks
>
1) DNSBLs augmented by access.db to get any local ones that aren't on the
global radar yet
2) procmail, but instead of rerouting dead addresses to dev/null, reroute
to spam at uce.gov
3) refuse traffic from invalid domains. blocking forged helos probably
accounts for the overwhelming majority of spam
4) IPTABLES for persistent spam points of origin, because that's also the
places that are spidering for valid addresses.
to block most spam, block all of Taiwan, Brazil, China and Korea, MCI,
SBC. Then use SPamcop, SORBS, Spamhaus, AHBL as your most reliable
DNSBLs. Country and company block tables for sendmail can be found at
blackholes.us. I block over 1000 spams per week and get a bare
handful. Looks like I upgraded my dnsbls on Jan 5. Through this morning
I've let 90 spams thru since then according to the logs. That's 99%
blocked. For company or country based blocks, I refuse to accept the
connection, rather than accepting and bouncing later, and my feature
statement reads something like:
FEATURE(`enhdnsbl', `mci.blackholes.us', `MCI hosts more spammers than any
other ISP - see http://www.spamhaus.org/sbl/listings.lasso?isp=mci.com call
1-800-264-1000 to get the spammers cancelled')dnl
That 800 number is MCI tech support. The spamhaus link contains a list
of their current spammers. Since they claim to terminate spammers once
they hear about them, let their customers listen to them weasel rather than
me having to listen to them weasel when I send a spam report that they do
nothing about.
This is in keeping with the LINX.NET proposal to de-peer pro-spam ISPs.
--
coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
"In /dev/null no one can hear you scream..."
More information about the clue-tech
mailing list