I've noticed from the sendmail logs, certain IP's are being blocked via the known spammers configuration in the sendmail.cf. What I also note is in my access file, I have several TLD's that are listed, yet are NOT being blocked. Yes, I do call a make after each edit of the access list, and going by the timestamp on access.db, it appears to being updated, yet again, in the sendmail portion of the daily logs, those TLD's which are in the access list are not listed as being blocked.
Hope that is not too confusing.. think I confused myself, but in any case, things are in there that should be blocked and are not being.
Hints?
Sam
Sam Drinkard wrote:
I've noticed from the sendmail logs, certain IP's are being blocked via the known spammers configuration in the sendmail.cf. What I also note is in my access file, I have several TLD's that are listed, yet are NOT being blocked. Yes, I do call a make after each edit of the access list, and going by the timestamp on access.db, it appears to being updated, yet again, in the sendmail portion of the daily logs, those TLD's which are in the access list are not listed as being blocked.
Hope that is not too confusing.. think I confused myself, but in any case, things are in there that should be blocked and are not being.
Hints?
Sam
Hi Sam,
What do the entries look like? I mean how do they appear in the /etc/mail/access file?
On Mon, 2006-02-27 at 07:30 -0500, Mark Weaver wrote:
Sam Drinkard wrote:
I've noticed from the sendmail logs, certain IP's are being blocked via the known spammers configuration in the sendmail.cf. What I also note is in my access file, I have several TLD's that are listed, yet are NOT being blocked. Yes, I do call a make after each edit of the access list, and going by the timestamp on access.db, it appears to being updated, yet again, in the sendmail portion of the daily logs, those TLD's which are in the access list are not listed as being blocked.
Hope that is not too confusing.. think I confused myself, but in any case, things are in there that should be blocked and are not being.
Hints?
Sam
Hi Sam,
What do the entries look like? I mean how do they appear in the /etc/mail/access file?
Mark, the entries are like this....
24.245.42.191 REJECT 25.110.50 REJECT 30.120 REJECT 40 REJECT somedomain.com REJECT zw REJECT another-idea.com REJECT
etc... those just examples of the way the IP's and hostnames are in the access file. I've been using an access file for years, but just noticed these IP's were not being blocked, but some are being caught by the spamd/rtbl and other spam fighting tools.
Sam
Am Mo, den 27.02.2006 schrieb Sam Drinkard um 13:30:
On Mon, 2006-02-27 at 07:30 -0500, Mark Weaver wrote:
Sam Drinkard wrote:
I've noticed from the sendmail logs, certain IP's are being blocked via the known spammers configuration in the sendmail.cf. What I also note is in my access file, I have several TLD's that are listed, yet are NOT being blocked. Yes, I do call a make after each edit of the access list, and going by the timestamp on access.db, it appears to being updated, yet again, in the sendmail portion of the daily logs, those TLD's which are in the access list are not listed as being blocked.
Hope that is not too confusing.. think I confused myself, but in any case, things are in there that should be blocked and are not being.
Hints?
Sam
Hi Sam,
What do the entries look like? I mean how do they appear in the /etc/mail/access file?
Mark, the entries are like this....
24.245.42.191 REJECT 25.110.50 REJECT 30.120 REJECT 40 REJECT somedomain.com REJECT zw REJECT another-idea.com REJECT
etc... those just examples of the way the IP's and hostnames are in the access file. I've been using an access file for years, but just noticed these IP's were not being blocked, but some are being caught by the spamd/rtbl and other spam fighting tools.
Sam
Without detailed information about your sendmail.mc configuration, debug test output and maillog entries showing the problem it is hard to say why the mails go through.
Alexander
Alexander Dalloz wrote:
Am Mo, den 27.02.2006 schrieb Sam Drinkard um 13:30:
On Mon, 2006-02-27 at 07:30 -0500, Mark Weaver wrote:
Sam Drinkard wrote:
I've noticed from the sendmail logs, certain IP's are being blocked via the known spammers configuration in the sendmail.cf. What I also note is in my access file, I have several TLD's that are listed, yet are NOT being blocked. Yes, I do call a make after each edit of the access list, and going by the timestamp on access.db, it appears to being updated, yet again, in the sendmail portion of the daily logs, those TLD's which are in the access list are not listed as being blocked.
Hope that is not too confusing.. think I confused myself, but in any case, things are in there that should be blocked and are not being.
Hints?
Sam
Hi Sam,
What do the entries look like? I mean how do they appear in the /etc/mail/access file?
Mark, the entries are like this....
24.245.42.191 REJECT 25.110.50 REJECT 30.120 REJECT 40 REJECT somedomain.com REJECT zw REJECT another-idea.com REJECT
etc... those just examples of the way the IP's and hostnames are in the access file. I've been using an access file for years, but just noticed these IP's were not being blocked, but some are being caught by the spamd/rtbl and other spam fighting tools.
Sam
Without detailed information about your sendmail.mc configuration, debug test output and maillog entries showing the problem it is hard to say why the mails go through.
Alexander
Aside from relaying my own domain, the entire sendmail.cf is completely stock.
Sam Drinkard wrote:
Alexander Dalloz wrote:
Am Mo, den 27.02.2006 schrieb Sam Drinkard um 13:30:
On Mon, 2006-02-27 at 07:30 -0500, Mark Weaver wrote:
Sam Drinkard wrote:
I've noticed from the sendmail logs, certain IP's are being blocked via the known spammers configuration in the sendmail.cf. What I also note is in my access file, I have several TLD's that are listed, yet are NOT being blocked. Yes, I do call a make after each edit of the access list, and going by the timestamp on access.db, it appears to being updated, yet again, in the sendmail portion of the daily logs, those TLD's which are in the access list are not listed as being blocked. Hope that is not too confusing.. think I confused myself, but in any case, things are in there that should be blocked and are not being. Hints?
Sam
Hi Sam,
What do the entries look like? I mean how do they appear in the /etc/mail/access file?
Mark, the entries are like this....
24.245.42.191 REJECT 25.110.50 REJECT 30.120 REJECT 40 REJECT somedomain.com REJECT zw REJECT another-idea.com REJECT
etc... those just examples of the way the IP's and hostnames are in the access file. I've been using an access file for years, but just noticed these IP's were not being blocked, but some are being caught by the spamd/rtbl and other spam fighting tools.
Sam
Without detailed information about your sendmail.mc configuration, debug test output and maillog entries showing the problem it is hard to say why the mails go through.
Alexander
Aside from relaying my own domain, the entire sendmail.cf is completely stock.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
rather than using REJECT in the access file, you can also use DISCARD which then silently drops the mail rather than sending a 550 notice. This is useful in fighting spammers as often the from address is faked and then you get a delivery failure for the REJECT. A DISCARD nicely circumvents this by effectively placing the emails into the equivalent of /dev/null .....
You can also use more advanced entries like this...
from: email@domain.com DISCARD
You can force a db rebuild with the makemap command if you think the "make" isn't doing it, you can also do a "service sendmail restart"
P.
Am Mo, den 27.02.2006 schrieb Peter Farrow um 18:24:
You can also use more advanced entries like this...
from: email@domain.com DISCARD
There must be no space between "From:" (or "To:" or "Connect:") and the email address (or IP).
P.
Alexander
Sam Drinkard wrote:
On Mon, 2006-02-27 at 07:30 -0500, Mark Weaver wrote:
Sam Drinkard wrote:
I've noticed from the sendmail logs, certain IP's are being blocked via the known spammers configuration in the sendmail.cf. What I also note is in my access file, I have several TLD's that are listed, yet are NOT being blocked. Yes, I do call a make after each edit of the access list, and going by the timestamp on access.db, it appears to being updated, yet again, in the sendmail portion of the daily logs, those TLD's which are in the access list are not listed as being blocked.
Hope that is not too confusing.. think I confused myself, but in any case, things are in there that should be blocked and are not being.
Hints?
Sam
Hi Sam,
What do the entries look like? I mean how do they appear in the /etc/mail/access file?
Mark, the entries are like this....
24.245.42.191 REJECT 25.110.50 REJECT 30.120 REJECT 40 REJECT somedomain.com REJECT zw REJECT another-idea.com REJECT
etc... those just examples of the way the IP's and hostnames are in the access file. I've been using an access file for years, but just noticed these IP's were not being blocked, but some are being caught by the spamd/rtbl and other spam fighting tools.
Sam
Sam,
To my knowledge you need to use wildcards for incomplete entries such as ones you've listed above. I.e...
25.110.50.* REJECT 30.120.*.* REJECT 40.*.*.* REJECT
Am Mo, den 27.02.2006 schrieb Mark Weaver um 19:18:
Sam,
To my knowledge you need to use wildcards for incomplete entries such as ones you've listed above. I.e...
25.110.50.* REJECT 30.120.*.* REJECT 40.*.*.* REJECT
No. That is wrong syntax. The one used by Sam is proper. Please see cf/README
http://www.sendmail.org/m4/anti_spam.html
Alexander
-
Alexander Dalloz -
Mark Weaver -
Peter Farrow -
Sam Drinkard