Will McDonald wrote: > On 12/03/06, Sam Drinkard <sam at wa4phy.net> wrote: > >> A while back, I posted a note asking if anyone had any ideas why the >> /etc/mail/access file was not being parsed or utilized in the efforts to >> stop spam and junk mail. I just looked over things again, and have still >> not found any reason why it still permits the TLD's I have listed to pass >> thru. I also thought perhaps there might be some "upper limit" to the >> number of entries sendmail could handle. What do the sendmail guru's think >> about that idea? I may reduce the number of entries from the current 275 >> +/- down to just the most offensive TLD's and see what happens. Short of >> that, are there any other thoughts ya'll might have as to why it still >> passes the stuff I want blocked? >> > > I don't know the ins-and-outs of Sendmail access well but does it base > its decision purely on the "From" address, which as we all know isn't > necessarily where a message originates. Or could it be basing the > access decision on the initial Received: from address, and/or that > addresses reverse lookup, in the header? > > In which case, a spam could originate from mail.blah.com and access > would accept it but the message itself would appear to come from > spammers at domain.ru. You'd accept the message inspite of having .ru > denied in your access. > > Just a thought. > > Will. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > > As far as I know Will, sendmail looks at the access database, and will not allow a connection from the sending host if that particular IP or hostname happens to be in there. The access list *used* to work, but as I mentioned, I'm wondering if perhaps I've hit an upper limit or exceeded a limit where nothing in there is being parsed now. I don't go by hostname when blocking. I look at the sending host IP and block that. Headers from sendmail tell who or what connected to the port or tried to connect. Sam