[CentOS] mail/access revisited
sam at wa4phy.net
Mon Mar 13 14:48:26 UTC 2006
Craig White wrote:
> On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
>> Will McDonald wrote:
>>> On 12/03/06, Sam Drinkard <sam at wa4phy.net> wrote:
>>>> A while back, I posted a note asking if anyone had any ideas why the
>>>> /etc/mail/access file was not being parsed or utilized in the efforts to
>>>> stop spam and junk mail. I just looked over things again, and have still
>>>> not found any reason why it still permits the TLD's I have listed to pass
>>>> thru. I also thought perhaps there might be some "upper limit" to the
>>>> number of entries sendmail could handle. What do the sendmail guru's think
>>>> about that idea? I may reduce the number of entries from the current 275
>>>> +/- down to just the most offensive TLD's and see what happens. Short of
>>>> that, are there any other thoughts ya'll might have as to why it still
>>>> passes the stuff I want blocked?
>>> I don't know the ins-and-outs of Sendmail access well but does it base
>>> its decision purely on the "From" address, which as we all know isn't
>>> necessarily where a message originates. Or could it be basing the
>>> access decision on the initial Received: from address, and/or that
>>> addresses reverse lookup, in the header?
>>> In which case, a spam could originate from mail.blah.com and access
>>> would accept it but the message itself would appear to come from
>>> spammers at domain.ru. You'd accept the message inspite of having .ru
>>> denied in your access.
>>> Just a thought.
>>> CentOS mailing list
>>> CentOS at centos.org
>> As far as I know Will, sendmail looks at the access database, and will
>> not allow a connection from the sending host if that particular IP or
>> hostname happens to be in there. The access list *used* to work, but as
>> I mentioned, I'm wondering if perhaps I've hit an upper limit or
>> exceeded a limit where nothing in there is being parsed now. I don't go
>> by hostname when blocking. I look at the sending host IP and block
>> that. Headers from sendmail tell who or what connected to the port or
>> tried to connect.
> it does if you use REJECT
> it also does things like ALLOW
> and things like RELAY
> I have never had a sendmail 'access' file with more than a few lines and
> I don't think that it was actually intended to be a spam filter. There
> are other very good methodologies for managing spam and sendmail is
> quite capable of using them.
> CentOS mailing list
> CentOS at centos.org
I am using REJECT in all cases where it applies, and RELAY for my own
little part of the world. I've been using access for about 10 years
with no problems till now. I suppose the only way to tell if there is a
limit would be to remove some, or create a new file and test it. I am
fully aware of the process of how it works, and a make must be done
after any changes. Sendmail does not need to be restarted to read the
new file either.
More information about the CentOS