David Mackintosh spake the following on 10/25/2006 10:54 AM: > Jerry Geis wrote: >> Gents, >> >> I have added the following to /etc/mail/sendmail.mc and rebuilt it >> trying to control spam. I still get about 25 spam messages a day. >> Is there something else that can help control spam? >> >> Thanks >> >> jerry >> --------------------------- >> dnl # >> dnl # dnsbl - DNS based Blackhole List/Black List/Rejection list >> dnl # See http://www.sendmail.org/m4/features.html#dnsbl >> dnl # >> FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: >> http://spamcop.net/bl.shtml?"$&{client_addr}')dnl >> FEATURE(`dnsbl', `relays.ordb.org', `"Spam blocked see: >> http://ordb.org/lookup/?host="$&{client_addr}')dnl >> FEATURE(`dnsbl', `cbl.abuseat.org', `"Spam blocked see: >> http://cbl.abuseat.org/lookup.cgi?ip="$&{client_addr}')dnl >> FEATURE(`dnsbl', `sbl.spamhaus.org', `"Spam blocked see: >> http://spamhaus.org/query/bl?ip="$&{client_addr}')dnl >> FEATURE(`dnsbl', `list.dsbl.org', `"Spam blocked see: >> http://dsbl.org/listing?"$&{client_addr}')dnl >> dnl # >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos > This question is probably inappropriate for this list, but maybe someone > can answer it. > > Let's pretend I have a network behind a firewall. And let's pretend that > the users behind that firewall are both beyond my control, and have a > non-zero population of idiots. And further, let's pretend that these > idiots have done something to land my firewall's internet IP on a > blacklist. > > So now lets pretend I have a different system on the internet, running > sendmail, that I would like to use to relay mail out through, for myself > and a few carefully selected non-idiot users. And lets further pretend > that this server is a secondary MX for a whole bunch of domains and so > gets pounded with spam. > > OK, I set up this server so that it grants RELAY permission in > /etc/mail/access to the IP address that is on the blacklist and > everything works. > > Now I see the above post and think that adding dnsbl features to this > sendmail might be a good way of reducing inbound spam. > > So my question is: if my system has granted RELAY permission to a system > which is in a dnsbl used by the sendmail configuration, does the > sendmail RELAY, or does it deny the connection attempt? > > Thanks for wading through this completely hypothetical situation. > > :) If you allow in the access file, it should override the dns blacklist. So if you allowed an address in the blacklist, it should let it through. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!