[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SLUG] Spam creaping through



On Mon, Jun 04, 2001 at 10:20:23AM +1000, Peter McCarthy wrote:

Reply sent to slug because there may be others interested.

> > I have the filter inplace to block this address but it still manages to get
> > through.
> 
> How have you configured your filter?  Is it filtering on message header
> or envelope?
> 
> PMc
> I don't know how do I check ??
> PMc

You're using the access db, so that's filtering on envelope.

> The null address is a special case.  Are you *certain* that you're
> looking at the right log entry?
> 
> PMc
> Yes quite certain
> PMc

You're right:

    Note that Snow White actually uses the null envelope sender <>, so
    you can't block it in /etc/mail/access (and blocking the null
    envelope sender will also block bounce messages and violate RFCs
    1123 and 822, so don't do it).  Since it does consistently use the
    same From: header, the header check is the only way to effectively
    block it.

> /etc/sendmail.mc
> 
> define(`confTRY_NULL_MX_LIST',true)
> define(`confDONT_PROBE_INTERFACES',true)

Are you sure you need these two?  If you're not, read the descriptions
here:

    http://www.sendmail.org/m4/tweakingoptions.html

then decide.

> /etc/mail/access
> 
> hahaha@nospam.sexyfun.net              REJECT Bugger off will you !

These reject based on the *envelope* address.  They do nothing with the
`From:' header in any received email.  For that, you need something like
this in your sendmail.mc:

    LOCAL_CONFIG
    HFrom: $>CheckFrom

    LOCAL_RULESETS
    SCheckFrom
    R$* <hahaha@nospam.sexyfun.net> $*		$#error $@nospam. 5.5.3 $: "Rejecting probable Snow White virus message"
    R$*								$@nospam. OK



Cheers,

John
-- 
whois !JC774-AU@nospam.whois.aunic.net

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug