[CentOS] mail/access revisited

Mon Mar 13 19:52:25 UTC 2006
Sam Drinkard <sam at wa4phy.net>

Craig White wrote:
> On Mon, 2006-03-13 at 09:48 -0500, Sam Drinkard wrote:
>   
>> Craig White wrote:
>>     
>>> On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
>>>   
>>>       
>>>> Will McDonald wrote:
>>>>     
>>>>         
>>>>> On 12/03/06, Sam Drinkard <sam at wa4phy.net> wrote:
>>>>>   
>>>>>       
>>>>>           
>>>>>>  A while back, I posted a note asking if anyone had any ideas why the
>>>>>> /etc/mail/access file was not being parsed or utilized in the efforts to
>>>>>> stop spam and junk mail.  I just looked over things again, and have still
>>>>>> not found any reason why it still permits the TLD's I have listed to pass
>>>>>> thru.  I also thought perhaps there might be some "upper limit" to the
>>>>>> number of entries sendmail could handle.  What do the sendmail guru's think
>>>>>> about that idea?  I may reduce the number of entries from the current 275
>>>>>> +/- down to just the most offensive TLD's and see what happens.  Short of
>>>>>> that, are there any other thoughts ya'll might have as to why it still
>>>>>> passes the stuff I want blocked?
>>>>>>     
>>>>>>         
>>>>>>             
>>>>> I don't know the ins-and-outs of Sendmail access well but does it base
>>>>> its decision purely on the "From" address, which as we all know isn't
>>>>> necessarily where a message originates. Or could it be basing the
>>>>> access decision on the initial Received: from address, and/or that
>>>>> addresses reverse lookup, in the header?
>>>>>
>>>>> In which case, a spam could originate from mail.blah.com and access
>>>>> would accept it but the message itself would appear to come from
>>>>> spammers at domain.ru. You'd accept the message inspite of having .ru
>>>>> denied in your access.
>>>>>
>>>>> Just a thought.
>>>>>
>>>>> Will.
>>>>> _______________________________________________
>>>>> CentOS mailing list
>>>>> CentOS at centos.org
>>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>>
>>>>>
>>>>>   
>>>>>       
>>>>>           
>>>> As far as I know Will, sendmail looks at the access database, and will 
>>>> not allow a connection from the sending host if that particular IP or 
>>>> hostname happens to be in there.  The access list *used* to work, but as 
>>>> I mentioned, I'm wondering if perhaps I've hit an upper limit or 
>>>> exceeded a limit where nothing in there is being parsed now.  I don't go 
>>>> by hostname when blocking.   I look at the sending host IP and block 
>>>> that.  Headers from sendmail tell who or what connected to the port or 
>>>> tried to connect.
>>>>     
>>>>         
>>> ----
>>> it does if you use REJECT 
>>>
>>> it also does things like ALLOW
>>>
>>> and things like RELAY
>>>
>>> I have never had a sendmail 'access' file with more than a few lines and
>>> I don't think that it was actually intended to be a spam filter. There
>>> are other very good methodologies for managing spam and sendmail is
>>> quite capable of using them.
>>>
>>> Craig
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>>
>>>   
>>>       
>> I am using REJECT in all cases where it applies, and RELAY for my own 
>> little part of the world.  I've been using access for about 10 years 
>> with no problems till now.  I suppose the only way to tell if there is a 
>> limit would be to remove some, or create a new file and test it.  I am 
>> fully aware of the process of how it works, and a make must be done 
>> after any changes.  Sendmail does not need to be restarted to read the 
>> new file either.
>>     
> ----
> I agree that you should probably remove most of your 'REJECT' lines and
> rehash the db and see if that helps. It wasn't I who asked if you had
> restarted sendmail.
>
> My thinking is that putting specific entries into access file to block
> spam is an electronic form of the whack-a-mole game that isn't likely to
> be very effective and there are other much more effective methods of
> spam blocking.
>
> Craig
>
>   
I dunno Craig,  blocking the /8's to me is a pretty good method.  That 
way, you get ALL the ip's, and from my experience, 99% of all those that 
I have blocked, like 221, 222, etc, are coming from across the pond, and 
are the major source of junk mail and spam.  It's just always worked 
before. 

Sam