[CentOS] mail/access revisited

Sam Drinkard sam at wa4phy.net
Mon Mar 13 19:52:25 UTC 2006 

Craig White wrote:
> On Mon, 2006-03-13 at 09:48 -0500, Sam Drinkard wrote:
>   
>> Craig White wrote:
>>     
>>> On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
>>>   
>>>       
>>>> Will McDonald wrote:
>>>>     
>>>>         
>>>>> On 12/03/06, Sam Drinkard <sam at wa4phy.net> wrote:
>>>>>   
>>>>>       
>>>>>           
>>>>>>  A while back, I posted a note asking if anyone had any ideas why the
>>>>>> /etc/mail/access file was not being parsed or utilized in the efforts to
>>>>>> stop spam and junk mail.  I just looked over things again, and have still
>>>>>> not found any reason why it still permits the TLD's I have listed to pass
>>>>>> thru.  I also thought perhaps there might be some "upper limit" to the
>>>>>> number of entries sendmail could handle.  What do the sendmail guru's think
>>>>>> about that idea?  I may reduce the number of entries from the current 275
>>>>>> +/- down to just the most offensive TLD's and see what happens.  Short of
>>>>>> that, are there any other thoughts ya'll might have as to why it still
>>>>>> passes the stuff I want blocked?
>>>>>>     
>>>>>>         
>>>>>>             
>>>>> I don't know the ins-and-outs of Sendmail access well but does it base
>>>>> its decision purely on the "From" address, which as we all know isn't
>>>>> necessarily where a message originates. Or could it be basing the
>>>>> access decision on the initial Received: from address, and/or that
>>>>> addresses reverse lookup, in the header?
>>>>>
>>>>> In which case, a spam could originate from mail.blah.com and access
>>>>> would accept it but the message itself would appear to come from
>>>>> spammers at domain.ru. You'd accept the message inspite of having .ru
>>>>> denied in your access.
>>>>>
>>>>> Just a thought.
>>>>>
>>>>> Will.
>>>>> _______________________________________________
>>>>> CentOS mailing list
>>>>> CentOS at centos.org
>>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>>
>>>>>
>>>>>   
>>>>>       
>>>>>           
>>>> As far as I know Will, sendmail looks at the access database, and will 
>>>> not allow a connection from the sending host if that particular IP or 
>>>> hostname happens to be in there.  The access list *used* to work, but as 
>>>> I mentioned, I'm wondering if perhaps I've hit an upper limit or 
>>>> exceeded a limit where nothing in there is being parsed now.  I don't go 
>>>> by hostname when blocking.   I look at the sending host IP and block 
>>>> that.  Headers from sendmail tell who or what connected to the port or 
>>>> tried to connect.
>>>>     
>>>>         
>>> ----
>>> it does if you use REJECT 
>>>
>>> it also does things like ALLOW
>>>
>>> and things like RELAY
>>>
>>> I have never had a sendmail 'access' file with more than a few lines and
>>> I don't think that it was actually intended to be a spam filter. There
>>> are other very good methodologies for managing spam and sendmail is
>>> quite capable of using them.
>>>
>>> Craig
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>>
>>>   
>>>       
>> I am using REJECT in all cases where it applies, and RELAY for my own 
>> little part of the world.  I've been using access for about 10 years 
>> with no problems till now.  I suppose the only way to tell if there is a 
>> limit would be to remove some, or create a new file and test it.  I am 
>> fully aware of the process of how it works, and a make must be done 
>> after any changes.  Sendmail does not need to be restarted to read the 
>> new file either.
>>     
> ----
> I agree that you should probably remove most of your 'REJECT' lines and
> rehash the db and see if that helps. It wasn't I who asked if you had
> restarted sendmail.
>
> My thinking is that putting specific entries into access file to block
> spam is an electronic form of the whack-a-mole game that isn't likely to
> be very effective and there are other much more effective methods of
> spam blocking.
>
> Craig
>
>   
I dunno Craig,  blocking the /8's to me is a pretty good method.  That 
way, you get ALL the ip's, and from my experience, 99% of all those that 
I have blocked, like 221, 222, etc, are coming from across the pond, and 
are the major source of junk mail and spam.  It's just always worked 
before. 

Sam

More information about the CentOS mailing list