[clue-tech] Question for sendmail folks regarding bitbucketing email to certain accounts

Charles Oriez coriez at oriez.org
Sun Feb 27 09:21:44 MST 2005 

At 08:02 AM 2/27/2005, Chris Schock wrote:
>I get a lot of spam sent to info at xxx.xxx domains for which I host. There
>is no corresponding user for that address, so my mailer tries to send out
>a failure notification. And of course the sender address has been faked so
>these messages just sit in the queue getting retried for a week before
>finally dying.
>
>Reading the alias manpage says I can redirect accounts to a filename, so
>I'm going to try /dev/null. Is there a better way? How is everyone else
>doing this?
>
>Thanks
>


1) DNSBLs augmented by access.db to get any local ones that aren't on the 
global radar yet
2) procmail, but instead of rerouting dead addresses to dev/null, reroute 
to spam at uce.gov
3) refuse traffic from invalid domains. blocking forged helos probably 
accounts for the overwhelming majority of spam
4) IPTABLES for persistent spam points of origin, because that's also the 
places that are spidering for valid addresses.

to block most spam, block all of Taiwan, Brazil, China and Korea, MCI, 
SBC.  Then use SPamcop, SORBS, Spamhaus, AHBL as your most reliable 
DNSBLs.  Country and company block tables for sendmail can be found at 
blackholes.us. I block over 1000 spams per week and get a bare 
handful.  Looks like I upgraded my dnsbls on Jan 5. Through this morning 
I've let 90 spams thru since then according to the logs.  That's 99% 
blocked.  For company or country based blocks, I refuse to accept the 
connection, rather than accepting and bouncing later, and my feature 
statement reads something like:

FEATURE(`enhdnsbl', `mci.blackholes.us', `MCI hosts more spammers than any 
other ISP - see http://www.spamhaus.org/sbl/listings.lasso?isp=mci.com call 
1-800-264-1000 to get the spammers cancelled')dnl

That 800 number is MCI tech support.    The spamhaus link contains a list 
of their current spammers.  Since they claim to terminate spammers once 
they hear about them, let their customers listen to them weasel rather than 
me having to listen to them weasel when I send a spam report that they do 
nothing about.

This is in keeping with the LINX.NET proposal to de-peer pro-spam ISPs.






-- 
coriez at oriez.org 39  34' 34.4"N / 105 00' 06.3"W
"In /dev/null no one can hear you scream..."

More information about the clue-tech mailing list