[CentOS] Re: spam control

Wed Oct 25 23:33:46 UTC 2006
Mike Kercher <mike at vesol.com>

centos-bounces at centos.org <> scribbled on Wednesday, October 25, 2006
3:51 PM:

> David Mackintosh spake the following on 10/25/2006 10:54 AM:
>> Jerry Geis wrote:
>>> Gents,
>>> 
>>> I have added the following to /etc/mail/sendmail.mc and rebuilt it
>>> trying to control spam. I still get about 25 spam messages a day.
>>> Is there something else that can help control spam?
>>> 
>>> Thanks
>>> 
>>> jerry
>>> ---------------------------
>>> dnl #
>>> dnl # dnsbl - DNS based Blackhole List/Black
> List/Rejection list dnl
>>> # See http://www.sendmail.org/m4/features.html#dnsbl
>>> dnl #
>>> FEATURE(`dnsbl', `bl.spamcop.net',     `"Spam blocked see:
>>> http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
>>> FEATURE(`dnsbl', `relays.ordb.org',    `"Spam blocked see:
>>> http://ordb.org/lookup/?host="$&{client_addr}')dnl
>>> FEATURE(`dnsbl', `cbl.abuseat.org',    `"Spam blocked see:
>>> http://cbl.abuseat.org/lookup.cgi?ip="$&{client_addr}')dnl
>>> FEATURE(`dnsbl', `sbl.spamhaus.org',   `"Spam blocked see:
>>> http://spamhaus.org/query/bl?ip="$&{client_addr}')dnl
>>> FEATURE(`dnsbl', `list.dsbl.org',      `"Spam blocked see:
>>> http://dsbl.org/listing?"$&{client_addr}')dnl
>>> dnl #
>>> 
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>> This question is probably inappropriate for this list, but maybe
>> someone can answer it.
>> 
>> Let's pretend I have a network behind a firewall. And let's pretend
>> that the users behind that firewall are both beyond my control, and
>> have a non-zero population of idiots.  And further, let's
> pretend that
>> these idiots have done something to land my firewall's
> internet IP on
>> a blacklist.
>> 
>> So now lets pretend I have a different system on the
> internet, running
>> sendmail, that I would like to use to relay mail out through, for
>> myself and a few carefully selected non-idiot users.  And
> lets further
>> pretend that this server is a secondary MX for a whole bunch of
>> domains and so gets pounded with spam.
>> 
>> OK, I set up this server so that it grants RELAY permission in
>> /etc/mail/access to the IP address that is on the blacklist and
>> everything works.
>> 
>> Now I see the above post and think that adding dnsbl
> features to this
>> sendmail might be a good way of reducing inbound spam.
>> 
>> So my question is: if my system has granted RELAY permission to a
>> system which is in a dnsbl used by the sendmail configuration, does
>> the sendmail RELAY, or does it deny the connection attempt?
>> 
>> Thanks for wading through this completely hypothetical situation.
>> 
>> :)
> If you allow in the access file, it should override the dns
> blacklist. So if you allowed an address in the blacklist, it
> should let it through.

I think this is true IF you have FEATURE(delay_checks) specified in your
sendmail.mc (thus your cf)

Mike