[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] raq4 sendmail lost input channel messages

Subject: RE: [cobalt-users] raq4 sendmail lost input channel messages
From: "Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>
Date: Fri Nov 7 16:12:13 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> Here are the lines regarding the second message:
> 
> Nov  6 05:23:37 foo sendmail[3847]: hA6ANbW03847: 
> <info@xxxxxxx>... No 
> such user here
> Nov  6 05:23:37 foo sendmail[3847]: hA6ANbW03847: lost input channel 
> from c-67-162-197-129.client.comcast.net [67.162.197.129] to 
> MTA after rcpt
> Nov  6 05:23:37 foo sendmail[3847]: hA6ANbW03847: 
> from=<586m@xxxxxxxx>, 
> size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, 
> relay=c-67-162-197-129.client.comcast.net [67.162.197.129]

I block *.client.comcat.net. I'm sure that was a spam attempt from an
open proxy. Yep, a spam source
http://openrbl.org/dnsbl?l=&i=67.162.197.129 blocked a whole bunch of
places.

> 
> It looks like spam to me, but I'm wondering if I shouldn't 
> filter these 
> out in case something "legitimate" doesn't get caught. Currently the 
> machine isn't blocking anything, it's mainly a default setup with 
> "necessary" packages (like SSH).

I edit /etc/mail/access all the time. 95% of the email connections to my
server are either no such user spam like that or spam attempts from
other proxies. 
# Put custom additions below (Do not change/remove this line).

> 
> I don't really know what you mean by "domain in access", but our 
> sendmail access file is default (localhost only?) with a few 
> computers 
> listed for other machines we run -- no "custom additions". I've been 
> hesitant to install BLs because we were recently put on a local ISP's 
> list without good reason or notification or anything. We were 
> removed a 
> couple days later, but it caused some problems for our users.

Blame the spammers, not the BL. I'd be surprised it there was no reason.
Most likely the ISP wasn't paying attention to their abuse@ address. If
it was a locally run list, there's not much you can do about that. Any
proper mail server sends a message back to the sender so they know why
they're mail was rejected.

> 
> I guess I just don't want any false positives incorrectly blocking 
> emails for our users, so if there is a conservative BL I 
> would consider 
> it. Since these mainly seem to be dial-up machines, using a 
> dial-up list 
> may fix a large part of the problem.

sbl.spamhaus.org is pretty conservative. An IP doesn't get listed unless
the spammer has been kicked off of 3 other ISPs in the past.

-- 
C2003 Dan Kriwitsky

Please reply to the list only. Off list replies are not read.

Follow-Ups:
- [cobalt-users] sendmail block list question
  - From: Josh Endries

References:
- Re: [cobalt-users] raq4 sendmail lost input channel messages
  - From: Josh Endries

Prev by Date: RE: [cobalt-users] maillog entry "does not resolve" - is spam getting through or being rejected?
Next by Date: [cobalt-users] Re: Has anyone converted a CacheRaQ 4 into a functional server?
Previous by thread: Re: [cobalt-users] raq4 sendmail lost input channel messages
Next by thread: [cobalt-users] sendmail block list question

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index