Craig White wrote:
On Mon, 2006-03-13 at 09:48 -0500, Sam Drinkard wrote:
Craig White wrote:
On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
Will McDonald wrote:
On 12/03/06, Sam Drinkard sam@wa4phy.net wrote:
A while back, I posted a note asking if anyone had any ideas why the /etc/mail/access file was not being parsed or utilized in the efforts to stop spam and junk mail. I just looked over things again, and have still not found any reason why it still permits the TLD's I have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
I don't know the ins-and-outs of Sendmail access well but does it base its decision purely on the "From" address, which as we all know isn't necessarily where a message originates. Or could it be basing the access decision on the initial Received: from address, and/or that addresses reverse lookup, in the header?
In which case, a spam could originate from mail.blah.com and access would accept it but the message itself would appear to come from spammers@domain.ru. You'd accept the message inspite of having .ru denied in your access.
Just a thought.
Will. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
As far as I know Will, sendmail looks at the access database, and will not allow a connection from the sending host if that particular IP or hostname happens to be in there. The access list *used* to work, but as I mentioned, I'm wondering if perhaps I've hit an upper limit or exceeded a limit where nothing in there is being parsed now. I don't go by hostname when blocking. I look at the sending host IP and block that. Headers from sendmail tell who or what connected to the port or tried to connect.
it does if you use REJECT
it also does things like ALLOW
and things like RELAY
I have never had a sendmail 'access' file with more than a few lines and I don't think that it was actually intended to be a spam filter. There are other very good methodologies for managing spam and sendmail is quite capable of using them.
Craig
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I am using REJECT in all cases where it applies, and RELAY for my own little part of the world. I've been using access for about 10 years with no problems till now. I suppose the only way to tell if there is a limit would be to remove some, or create a new file and test it. I am fully aware of the process of how it works, and a make must be done after any changes. Sendmail does not need to be restarted to read the new file either.
I agree that you should probably remove most of your 'REJECT' lines and rehash the db and see if that helps. It wasn't I who asked if you had restarted sendmail.
My thinking is that putting specific entries into access file to block spam is an electronic form of the whack-a-mole game that isn't likely to be very effective and there are other much more effective methods of spam blocking.
Craig
I dunno Craig, blocking the /8's to me is a pretty good method. That way, you get ALL the ip's, and from my experience, 99% of all those that I have blocked, like 221, 222, etc, are coming from across the pond, and are the major source of junk mail and spam. It's just always worked before.
Sam