A while back, I posted a note asking if anyone had any ideas why the /etc/mail/access file was not being parsed or utilized in the efforts to stop spam and junk mail. I just looked over things again, and have still not found any reason why it still permits the TLD's I have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
Thanks..
Sam
On 12/03/06, Sam Drinkard sam@wa4phy.net wrote:
A while back, I posted a note asking if anyone had any ideas why the /etc/mail/access file was not being parsed or utilized in the efforts to stop spam and junk mail. I just looked over things again, and have still not found any reason why it still permits the TLD's I have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
I don't know the ins-and-outs of Sendmail access well but does it base its decision purely on the "From" address, which as we all know isn't necessarily where a message originates. Or could it be basing the access decision on the initial Received: from address, and/or that addresses reverse lookup, in the header?
In which case, a spam could originate from mail.blah.com and access would accept it but the message itself would appear to come from spammers@domain.ru. You'd accept the message inspite of having .ru denied in your access.
Just a thought.
Will.
Will McDonald wrote:
On 12/03/06, Sam Drinkard sam@wa4phy.net wrote:
A while back, I posted a note asking if anyone had any ideas why the /etc/mail/access file was not being parsed or utilized in the efforts to stop spam and junk mail. I just looked over things again, and have still not found any reason why it still permits the TLD's I have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
I don't know the ins-and-outs of Sendmail access well but does it base its decision purely on the "From" address, which as we all know isn't necessarily where a message originates. Or could it be basing the access decision on the initial Received: from address, and/or that addresses reverse lookup, in the header?
In which case, a spam could originate from mail.blah.com and access would accept it but the message itself would appear to come from spammers@domain.ru. You'd accept the message inspite of having .ru denied in your access.
Just a thought.
Will. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
As far as I know Will, sendmail looks at the access database, and will not allow a connection from the sending host if that particular IP or hostname happens to be in there. The access list *used* to work, but as I mentioned, I'm wondering if perhaps I've hit an upper limit or exceeded a limit where nothing in there is being parsed now. I don't go by hostname when blocking. I look at the sending host IP and block that. Headers from sendmail tell who or what connected to the port or tried to connect.
Sam
On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
Will McDonald wrote:
On 12/03/06, Sam Drinkard sam@wa4phy.net wrote:
A while back, I posted a note asking if anyone had any ideas why the /etc/mail/access file was not being parsed or utilized in the efforts to stop spam and junk mail. I just looked over things again, and have still not found any reason why it still permits the TLD's I have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
I don't know the ins-and-outs of Sendmail access well but does it base its decision purely on the "From" address, which as we all know isn't necessarily where a message originates. Or could it be basing the access decision on the initial Received: from address, and/or that addresses reverse lookup, in the header?
In which case, a spam could originate from mail.blah.com and access would accept it but the message itself would appear to come from spammers@domain.ru. You'd accept the message inspite of having .ru denied in your access.
Just a thought.
Will. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
As far as I know Will, sendmail looks at the access database, and will not allow a connection from the sending host if that particular IP or hostname happens to be in there. The access list *used* to work, but as I mentioned, I'm wondering if perhaps I've hit an upper limit or exceeded a limit where nothing in there is being parsed now. I don't go by hostname when blocking. I look at the sending host IP and block that. Headers from sendmail tell who or what connected to the port or tried to connect.
---- it does if you use REJECT
it also does things like ALLOW
and things like RELAY
I have never had a sendmail 'access' file with more than a few lines and I don't think that it was actually intended to be a spam filter. There are other very good methodologies for managing spam and sendmail is quite capable of using them.
Craig
On Sun, 2006-03-12 at 16:33, Craig White wrote:
As far as I know Will, sendmail looks at the access database, and will not allow a connection from the sending host if that particular IP or hostname happens to be in there. The access list *used* to work, but as I mentioned, I'm wondering if perhaps I've hit an upper limit or exceeded a limit where nothing in there is being parsed now. I don't go by hostname when blocking. I look at the sending host IP and block that. Headers from sendmail tell who or what connected to the port or tried to connect.
it does if you use REJECT
it also does things like ALLOW
and things like RELAY
I have never had a sendmail 'access' file with more than a few lines and I don't think that it was actually intended to be a spam filter. There are other very good methodologies for managing spam and sendmail is quite capable of using them.
I don't think there is a size limit - it is just a normal dbm file. There are some sendmail configuration options that must be set to activate it, and it might be particular about ownership/permissions on the file: http://www.sendmail.org/~ca/email/chk-89f.html#ACCESS_DB There are some recent additions to functionality in the access file with tagged entries: http://www.sendmail.org/~ca/email/chk-810.html#810TagLHS but if the tag is omitted it works as before.
Craig White wrote:
On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
Will McDonald wrote:
On 12/03/06, Sam Drinkard sam@wa4phy.net wrote:
A while back, I posted a note asking if anyone had any ideas why the /etc/mail/access file was not being parsed or utilized in the efforts to stop spam and junk mail. I just looked over things again, and have still not found any reason why it still permits the TLD's I have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
I don't know the ins-and-outs of Sendmail access well but does it base its decision purely on the "From" address, which as we all know isn't necessarily where a message originates. Or could it be basing the access decision on the initial Received: from address, and/or that addresses reverse lookup, in the header?
In which case, a spam could originate from mail.blah.com and access would accept it but the message itself would appear to come from spammers@domain.ru. You'd accept the message inspite of having .ru denied in your access.
Just a thought.
Will. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
As far as I know Will, sendmail looks at the access database, and will not allow a connection from the sending host if that particular IP or hostname happens to be in there. The access list *used* to work, but as I mentioned, I'm wondering if perhaps I've hit an upper limit or exceeded a limit where nothing in there is being parsed now. I don't go by hostname when blocking. I look at the sending host IP and block that. Headers from sendmail tell who or what connected to the port or tried to connect.
it does if you use REJECT
it also does things like ALLOW
and things like RELAY
I have never had a sendmail 'access' file with more than a few lines and I don't think that it was actually intended to be a spam filter. There are other very good methodologies for managing spam and sendmail is quite capable of using them.
Craig
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I am using REJECT in all cases where it applies, and RELAY for my own little part of the world. I've been using access for about 10 years with no problems till now. I suppose the only way to tell if there is a limit would be to remove some, or create a new file and test it. I am fully aware of the process of how it works, and a make must be done after any changes. Sendmail does not need to be restarted to read the new file either.
On Mon, 2006-03-13 at 09:48 -0500, Sam Drinkard wrote:
Craig White wrote:
On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
Will McDonald wrote:
On 12/03/06, Sam Drinkard sam@wa4phy.net wrote:
A while back, I posted a note asking if anyone had any ideas why the /etc/mail/access file was not being parsed or utilized in the efforts to stop spam and junk mail. I just looked over things again, and have still not found any reason why it still permits the TLD's I have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
I don't know the ins-and-outs of Sendmail access well but does it base its decision purely on the "From" address, which as we all know isn't necessarily where a message originates. Or could it be basing the access decision on the initial Received: from address, and/or that addresses reverse lookup, in the header?
In which case, a spam could originate from mail.blah.com and access would accept it but the message itself would appear to come from spammers@domain.ru. You'd accept the message inspite of having .ru denied in your access.
Just a thought.
Will. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
As far as I know Will, sendmail looks at the access database, and will not allow a connection from the sending host if that particular IP or hostname happens to be in there. The access list *used* to work, but as I mentioned, I'm wondering if perhaps I've hit an upper limit or exceeded a limit where nothing in there is being parsed now. I don't go by hostname when blocking. I look at the sending host IP and block that. Headers from sendmail tell who or what connected to the port or tried to connect.
it does if you use REJECT
it also does things like ALLOW
and things like RELAY
I have never had a sendmail 'access' file with more than a few lines and I don't think that it was actually intended to be a spam filter. There are other very good methodologies for managing spam and sendmail is quite capable of using them.
Craig
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I am using REJECT in all cases where it applies, and RELAY for my own little part of the world. I've been using access for about 10 years with no problems till now. I suppose the only way to tell if there is a limit would be to remove some, or create a new file and test it. I am fully aware of the process of how it works, and a make must be done after any changes. Sendmail does not need to be restarted to read the new file either.
---- I agree that you should probably remove most of your 'REJECT' lines and rehash the db and see if that helps. It wasn't I who asked if you had restarted sendmail.
My thinking is that putting specific entries into access file to block spam is an electronic form of the whack-a-mole game that isn't likely to be very effective and there are other much more effective methods of spam blocking.
Craig
Craig White wrote:
On Mon, 2006-03-13 at 09:48 -0500, Sam Drinkard wrote:
Craig White wrote:
On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
Will McDonald wrote:
On 12/03/06, Sam Drinkard sam@wa4phy.net wrote:
A while back, I posted a note asking if anyone had any ideas why the /etc/mail/access file was not being parsed or utilized in the efforts to stop spam and junk mail. I just looked over things again, and have still not found any reason why it still permits the TLD's I have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
I don't know the ins-and-outs of Sendmail access well but does it base its decision purely on the "From" address, which as we all know isn't necessarily where a message originates. Or could it be basing the access decision on the initial Received: from address, and/or that addresses reverse lookup, in the header?
In which case, a spam could originate from mail.blah.com and access would accept it but the message itself would appear to come from spammers@domain.ru. You'd accept the message inspite of having .ru denied in your access.
Just a thought.
Will. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
As far as I know Will, sendmail looks at the access database, and will not allow a connection from the sending host if that particular IP or hostname happens to be in there. The access list *used* to work, but as I mentioned, I'm wondering if perhaps I've hit an upper limit or exceeded a limit where nothing in there is being parsed now. I don't go by hostname when blocking. I look at the sending host IP and block that. Headers from sendmail tell who or what connected to the port or tried to connect.
it does if you use REJECT
it also does things like ALLOW
and things like RELAY
I have never had a sendmail 'access' file with more than a few lines and I don't think that it was actually intended to be a spam filter. There are other very good methodologies for managing spam and sendmail is quite capable of using them.
Craig
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I am using REJECT in all cases where it applies, and RELAY for my own little part of the world. I've been using access for about 10 years with no problems till now. I suppose the only way to tell if there is a limit would be to remove some, or create a new file and test it. I am fully aware of the process of how it works, and a make must be done after any changes. Sendmail does not need to be restarted to read the new file either.
I agree that you should probably remove most of your 'REJECT' lines and rehash the db and see if that helps. It wasn't I who asked if you had restarted sendmail.
My thinking is that putting specific entries into access file to block spam is an electronic form of the whack-a-mole game that isn't likely to be very effective and there are other much more effective methods of spam blocking.
Craig
I dunno Craig, blocking the /8's to me is a pretty good method. That way, you get ALL the ip's, and from my experience, 99% of all those that I have blocked, like 221, 222, etc, are coming from across the pond, and are the major source of junk mail and spam. It's just always worked before.
Sam
On 13/03/06, Sam Drinkard sam@wa4phy.net wrote:
A while back, I posted a note asking if anyone had any ideas why the /etc/mail/access file was not being parsed or utilized in the efforts to stop spam and junk mail. I just looked over things again, and have still not found any reason why it still permits the TLD's I have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
After adding to access list you have restarted send mail service right? -- Sudev Barar Learning Linux
On Sun, 2006-03-12 at 18:52, Sudev Barar wrote:
A while back, I posted a note asking if anyone had any ideas why the /etc/mail/access file was not being parsed or utilized in the efforts to stop spam and junk mail. I just looked over things again, and have still not found any reason why it still permits the TLD's I have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
After adding to access list you have restarted send mail service right?
You shouldn't have to restart sendmail for a change in the access list - you just have to rebuild the dbm which in the Centos setup should happen if you run 'make' in the /etc/mail directory.
On Saturday 11 March 2006 23:31, Sam Drinkard wrote:
have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
On the upper limit issue, here's some output from a machine I help with (I am not the mail admin on this machine, though, and I don't necessarily agree with doing anti-spam with REJECT lines in access....): [root@www mail]# ls -l access -rw-r--r-- 1 root root 1120618 Feb 22 06:36 access [root@www mail]# pwd /etc/mail [root@www mail]# wc -l access 38628 access [root@www mail]# grep DISCARD access|wc -l 3121 [root@www mail]# grep REJECT access|wc -l 35480 [root@www mail]# grep RELAY access|wc -l 4 [root@www mail]# cat /etc/redhat-release CentOS release 4.2 (Final) [root@www mail]# rpm -q sendmail sendmail-8.13.1-2 [root@www mail]# Yes, thirty-eight thousand six hundred twenty-eight lines. Works fine. I don't think 275 entries hits any upper limit.
Lamar Owen wrote:
On Saturday 11 March 2006 23:31, Sam Drinkard wrote:
have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
On the upper limit issue, here's some output from a machine I help with (I am not the mail admin on this machine, though, and I don't necessarily agree with doing anti-spam with REJECT lines in access....): [root@www mail]# ls -l access -rw-r--r-- 1 root root 1120618 Feb 22 06:36 access [root@www mail]# pwd /etc/mail [root@www mail]# wc -l access 38628 access [root@www mail]# grep DISCARD access|wc -l 3121 [root@www mail]# grep REJECT access|wc -l 35480 [root@www mail]# grep RELAY access|wc -l 4 [root@www mail]# cat /etc/redhat-release CentOS release 4.2 (Final) [root@www mail]# rpm -q sendmail sendmail-8.13.1-2 [root@www mail]# Yes, thirty-eight thousand six hundred twenty-eight lines. Works fine. I don't think 275 entries hits any upper limit.
Hmmmm...
Lamar, I am really puzzled now. If it works with that many lines in the access file, there has to be something else causing it to not read the 221/222 and others, but I'm at a loss to know what. I know perms and ownership is not the problem, nor is the makefile, as I've already double checked all that. Guess it's time to do a bit more googling, or delve into the sendmail docs a bit further.
Thanks for the info..
Sam
Lamar Owen wrote:
On Saturday 11 March 2006 23:31, Sam Drinkard wrote:
have listed to pass thru. I also thought perhaps there might be some "upper limit" to the number of entries sendmail could handle. What do the sendmail guru's think about that idea? I may reduce the number of entries from the current 275 +/- down to just the most offensive TLD's and see what happens. Short of that, are there any other thoughts ya'll might have as to why it still passes the stuff I want blocked?
On the upper limit issue, here's some output from a machine I help with (I am not the mail admin on this machine, though, and I don't necessarily agree with doing anti-spam with REJECT lines in access....): [root@www mail]# ls -l access -rw-r--r-- 1 root root 1120618 Feb 22 06:36 access [root@www mail]# pwd /etc/mail [root@www mail]# wc -l access 38628 access [root@www mail]# grep DISCARD access|wc -l 3121 [root@www mail]# grep REJECT access|wc -l 35480 [root@www mail]# grep RELAY access|wc -l 4 [root@www mail]# cat /etc/redhat-release CentOS release 4.2 (Final) [root@www mail]# rpm -q sendmail sendmail-8.13.1-2 [root@www mail]# Yes, thirty-eight thousand six hundred twenty-eight lines. Works fine. I don't think 275 entries hits any upper limit.
Just out of curiosity, does the access file have a combination of hostnames and IP's or is it strictly one or the other? I've got both. I was mistaken about the linecount too.. there are 625 lines instead of 275, but that apparently is not an issue.
Sam
On Monday 13 March 2006 15:08, Sam Drinkard wrote:
Just out of curiosity, does the access file have a combination of hostnames and IP's or is it strictly one or the other?
It is a combination, but mostly it's full e-mail addresses or portions of e-mail addresses with FQDN's afterward. There is a handful of IP addresses at the very end, and they are working.
I've got both. I was mistaken about the linecount too.. there are 625 lines instead of 275, but that apparently is not an issue.
If 625 lines were an issue, this box would be in real trouble.
-
Craig White -
Lamar Owen -
Les Mikesell -
Sam Drinkard -
Sudev Barar -
Will McDonald