Craig White wrote: > On Mon, 2006-03-13 at 09:48 -0500, Sam Drinkard wrote: > >> Craig White wrote: >> >>> On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote: >>> >>> >>>> Will McDonald wrote: >>>> >>>> >>>>> On 12/03/06, Sam Drinkard <sam at wa4phy.net> wrote: >>>>> >>>>> >>>>> >>>>>> A while back, I posted a note asking if anyone had any ideas why the >>>>>> /etc/mail/access file was not being parsed or utilized in the efforts to >>>>>> stop spam and junk mail. I just looked over things again, and have still >>>>>> not found any reason why it still permits the TLD's I have listed to pass >>>>>> thru. I also thought perhaps there might be some "upper limit" to the >>>>>> number of entries sendmail could handle. What do the sendmail guru's think >>>>>> about that idea? I may reduce the number of entries from the current 275 >>>>>> +/- down to just the most offensive TLD's and see what happens. Short of >>>>>> that, are there any other thoughts ya'll might have as to why it still >>>>>> passes the stuff I want blocked? >>>>>> >>>>>> >>>>>> >>>>> I don't know the ins-and-outs of Sendmail access well but does it base >>>>> its decision purely on the "From" address, which as we all know isn't >>>>> necessarily where a message originates. Or could it be basing the >>>>> access decision on the initial Received: from address, and/or that >>>>> addresses reverse lookup, in the header? >>>>> >>>>> In which case, a spam could originate from mail.blah.com and access >>>>> would accept it but the message itself would appear to come from >>>>> spammers at domain.ru. You'd accept the message inspite of having .ru >>>>> denied in your access. >>>>> >>>>> Just a thought. >>>>> >>>>> Will. >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> >>>>> >>>>> >>>>> >>>>> >>>> As far as I know Will, sendmail looks at the access database, and will >>>> not allow a connection from the sending host if that particular IP or >>>> hostname happens to be in there. The access list *used* to work, but as >>>> I mentioned, I'm wondering if perhaps I've hit an upper limit or >>>> exceeded a limit where nothing in there is being parsed now. I don't go >>>> by hostname when blocking. I look at the sending host IP and block >>>> that. Headers from sendmail tell who or what connected to the port or >>>> tried to connect. >>>> >>>> >>> ---- >>> it does if you use REJECT >>> >>> it also does things like ALLOW >>> >>> and things like RELAY >>> >>> I have never had a sendmail 'access' file with more than a few lines and >>> I don't think that it was actually intended to be a spam filter. There >>> are other very good methodologies for managing spam and sendmail is >>> quite capable of using them. >>> >>> Craig >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >>> >>> >>> >> I am using REJECT in all cases where it applies, and RELAY for my own >> little part of the world. I've been using access for about 10 years >> with no problems till now. I suppose the only way to tell if there is a >> limit would be to remove some, or create a new file and test it. I am >> fully aware of the process of how it works, and a make must be done >> after any changes. Sendmail does not need to be restarted to read the >> new file either. >> > ---- > I agree that you should probably remove most of your 'REJECT' lines and > rehash the db and see if that helps. It wasn't I who asked if you had > restarted sendmail. > > My thinking is that putting specific entries into access file to block > spam is an electronic form of the whack-a-mole game that isn't likely to > be very effective and there are other much more effective methods of > spam blocking. > > Craig > > I dunno Craig, blocking the /8's to me is a pretty good method. That way, you get ALL the ip's, and from my experience, 99% of all those that I have blocked, like 221, 222, etc, are coming from across the pond, and are the major source of junk mail and spam. It's just always worked before. Sam