[CentOS] mail/access revisited

Craig White craigwhite at azapple.com
Mon Mar 13 15:48:14 UTC 2006 

On Mon, 2006-03-13 at 09:48 -0500, Sam Drinkard wrote:
> Craig White wrote:
> > On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
> >   
> >> Will McDonald wrote:
> >>     
> >>> On 12/03/06, Sam Drinkard <sam at wa4phy.net> wrote:
> >>>   
> >>>       
> >>>>  A while back, I posted a note asking if anyone had any ideas why the
> >>>> /etc/mail/access file was not being parsed or utilized in the efforts to
> >>>> stop spam and junk mail.  I just looked over things again, and have still
> >>>> not found any reason why it still permits the TLD's I have listed to pass
> >>>> thru.  I also thought perhaps there might be some "upper limit" to the
> >>>> number of entries sendmail could handle.  What do the sendmail guru's think
> >>>> about that idea?  I may reduce the number of entries from the current 275
> >>>> +/- down to just the most offensive TLD's and see what happens.  Short of
> >>>> that, are there any other thoughts ya'll might have as to why it still
> >>>> passes the stuff I want blocked?
> >>>>     
> >>>>         
> >>> I don't know the ins-and-outs of Sendmail access well but does it base
> >>> its decision purely on the "From" address, which as we all know isn't
> >>> necessarily where a message originates. Or could it be basing the
> >>> access decision on the initial Received: from address, and/or that
> >>> addresses reverse lookup, in the header?
> >>>
> >>> In which case, a spam could originate from mail.blah.com and access
> >>> would accept it but the message itself would appear to come from
> >>> spammers at domain.ru. You'd accept the message inspite of having .ru
> >>> denied in your access.
> >>>
> >>> Just a thought.
> >>>
> >>> Will.
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS at centos.org
> >>> http://lists.centos.org/mailman/listinfo/centos
> >>>
> >>>
> >>>   
> >>>       
> >> As far as I know Will, sendmail looks at the access database, and will 
> >> not allow a connection from the sending host if that particular IP or 
> >> hostname happens to be in there.  The access list *used* to work, but as 
> >> I mentioned, I'm wondering if perhaps I've hit an upper limit or 
> >> exceeded a limit where nothing in there is being parsed now.  I don't go 
> >> by hostname when blocking.   I look at the sending host IP and block 
> >> that.  Headers from sendmail tell who or what connected to the port or 
> >> tried to connect.
> >>     
> > ----
> > it does if you use REJECT 
> >
> > it also does things like ALLOW
> >
> > and things like RELAY
> >
> > I have never had a sendmail 'access' file with more than a few lines and
> > I don't think that it was actually intended to be a spam filter. There
> > are other very good methodologies for managing spam and sendmail is
> > quite capable of using them.
> >
> > Craig
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> >
> >   
> I am using REJECT in all cases where it applies, and RELAY for my own 
> little part of the world.  I've been using access for about 10 years 
> with no problems till now.  I suppose the only way to tell if there is a 
> limit would be to remove some, or create a new file and test it.  I am 
> fully aware of the process of how it works, and a make must be done 
> after any changes.  Sendmail does not need to be restarted to read the 
> new file either.
----
I agree that you should probably remove most of your 'REJECT' lines and
rehash the db and see if that helps. It wasn't I who asked if you had
restarted sendmail.

My thinking is that putting specific entries into access file to block
spam is an electronic form of the whack-a-mole game that isn't likely to
be very effective and there are other much more effective methods of
spam blocking.

Craig

More information about the CentOS mailing list