[CentOS] spam control

Wed Oct 25 17:54:18 UTC 2006
David Mackintosh <David.Mackintosh at xdroop.com>

Jerry Geis wrote:
> Gents,
> I have added the following to /etc/mail/sendmail.mc and rebuilt it
> trying to control spam. I still get about 25 spam messages a day.
> Is there something else that can help control spam?
> Thanks
> jerry
> ---------------------------
> dnl #
> dnl # dnsbl - DNS based Blackhole List/Black List/Rejection list
> dnl # See http://www.sendmail.org/m4/features.html#dnsbl
> dnl #
> FEATURE(`dnsbl', `bl.spamcop.net',     `"Spam blocked see: 
> http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
> FEATURE(`dnsbl', `relays.ordb.org',    `"Spam blocked see: 
> http://ordb.org/lookup/?host="$&{client_addr}')dnl
> FEATURE(`dnsbl', `cbl.abuseat.org',    `"Spam blocked see: 
> http://cbl.abuseat.org/lookup.cgi?ip="$&{client_addr}')dnl
> FEATURE(`dnsbl', `sbl.spamhaus.org',   `"Spam blocked see: 
> http://spamhaus.org/query/bl?ip="$&{client_addr}')dnl
> FEATURE(`dnsbl', `list.dsbl.org',      `"Spam blocked see: 
> http://dsbl.org/listing?"$&{client_addr}')dnl
> dnl #
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
This question is probably inappropriate for this list, but maybe someone 
can answer it.

Let's pretend I have a network behind a firewall. And let's pretend that 
the users behind that firewall are both beyond my control, and have a 
non-zero population of idiots.  And further, let's pretend that these 
idiots have done something to land my firewall's internet IP on a blacklist.

So now lets pretend I have a different system on the internet, running 
sendmail, that I would like to use to relay mail out through, for myself 
and a few carefully selected non-idiot users.  And lets further pretend 
that this server is a secondary MX for a whole bunch of domains and so 
gets pounded with spam.

OK, I set up this server so that it grants RELAY permission in 
/etc/mail/access to the IP address that is on the blacklist and 
everything works.

Now I see the above post and think that adding dnsbl features to this 
sendmail might be a good way of reducing inbound spam.

So my question is: if my system has granted RELAY permission to a system 
which is in a dnsbl used by the sendmail configuration, does the 
sendmail RELAY, or does it deny the connection attempt?

Thanks for wading through this completely hypothetical situation.