[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Blocking spam (was [cobalt-users] sendmail)

Subject: Blocking spam (was [cobalt-users] sendmail)
From: Parker Morse <morse@xxxxxxxxxxx>
Date: Thu Nov 29 09:16:06 2001
Organization: Sinauer Associates, Inc.
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

William Plunkett asked:
> How do I set up a filter to block Spam or mass mailings from outside
> sources. We run an ISP and are getting flooded with Spam mail that somehow
> manages to go to everyone.

That depends on how thorough you want to be.

If you want to block based on content, you're probably getting into
Procmail. The address for the procmail list was posted a few days ago; you
should also see the FAQ for this very question:
<http://www.ling.helsinki.fi/users/reriksso/procmail/mini-faq.html#spam>

If you want to block by source IP - IMHO the most effective method, and
since you used "sendmail" in the subject this is probably what you have in
mind - you have another choice to make. Do you want to maintain the block
list yourself, which involves a good chunk of work, or do you want to use
someone else's, and hope you agree with them about which sites to block?

If the first, you're using the Access map. Your Cobalt (you didn't say which
one) is probably already set up to use it. You'll find details about the
access map at <http://www.sendmail.org/m4/anti-spam.html>; start at
"FEATURE(access_db)". The thumbnail is that you edit the file
/etc/mail/access, adding IPs or domains you wish to refuse mail from, then
give the command
$ makemap hash /etc/mail/access < /etc/mail/access
and you're blocking those domains.
$ cat /var/log/maillog | grep -i reject | more
will show you your refusals.

If the second, you need to edit your sendmail.mc, which is subject to all
the "you'll void your warrantee" disclaimers. I used Charlie Summers'
excellent summary in the archives at
<http://list.cobalt.com/pipermail/cobalt-users/2001-August/049269.html>
and added the line,
FEATURE(`dnsbl', `inputs.orbz.org')dnl
Then you compile a new sendmail.cf, check to make sure you're not hosing
important settings, put it in place, etc. as Charlie details. Worked like a
charm, and I'm bouncing about 100 messages a day now.

Here's a brief list of places to look for black-hole lists:
<http://www.orbz.org/>
<http://www.spews.org/>
<http://www.spamhaus.org/>
<http://relays.osirusoft.com/>

You may want to use the access database AS WELL AS a black-hole list. And
you can use more than one FEATURE(`dnsbl') line, to mix-and-match
blacklists.

Be aware that you risk bouncing legitimate mail if you block by IP. IMHO
this is a necessary evil; users who can't get their email delivered will
whine to their sysadmins (if they understand why they've been blacklisted)
and the spammers will get cut off.

Good luck!

pjm

References:
- [cobalt-users] sendmail
  - From: William Plunkett

Prev by Date: [cobalt-users] Scoop in User Account on RaQ4
Next by Date: Re: [cobalt-users] FTP help
Previous by thread: [cobalt-users] sendmail
Next by thread: RE: [cobalt-users] sendmail

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index