[PLUG-TALK] Is it just me, or...

Russ Johnson russj at dimstar.net
Tue Sep 16 02:29:53 UTC 2003 

On 15 Sep 2003 15:52:11 -0700
"Michael C. Robinson" <michael at goose.robinson-west.com> wrote:


> I'm using sendmail-8.12.9 and I have the sendmail book 
> from O'Reilly that my brother left to me, does anyone 
> know where I need to look for information on how to set 
> up requiring a positive domain lookup before accepting 
> a connection?  I've been happy with this version of 
> sendmail, it's a little unusual because it doesn't 
> run as root, though that should help with security.

I quit using sendmail many years ago, because it's too unwieldy to configure. Some also say it's too laiden with security flaws. 

I use postfix, which on my system was literally a drop in replacement for sendmail. Most of the hash tables convert cleanly. The config file in postfix makes sense, and telling it to do this thing that you want is as simply as adding a line to the config file, and restarting postfix. With sendmail, you have to add it to the config file, compile the config file, then restart the process.

> I figure if spammers spam from MTA substitutes that 
> checking registration before allowing inbound connections 
> should help significantly in keeping spam out.

There's a whole section to this. 98+% of my spam is properly identified and filtered. I use a couple of methods to do this.

1> I have postfix check every spam against a list of known spammers. I get this list from http://abuse.easynet.nl/spamstats.html. They maintain a list that's nearly 200,000 lines long. Postfix and sendmail can both use this list. Just compile it into your access.db, and sendmail starts rejecting mail from those sites. 

2> I use spamassassin (www.spamassassin.org). It will take the mail that gets by the list in #1, and classify it based on content, headers, and various other tests. Look at the spamassassin website for details. 

3> Finally, if I'm getting a lot of stuff from one site, I simply add a rule to my firewall to block connections on port 25 from that system. I usually only do this if I'm getting over 75 in one day from site, as that usually means they're infected with blaster, and all the mail coming from them is bogus anyway. 

I've had this email address for 8 years. I get a fair amount of spam, but only 1 or 2 in my inbox, thanks to spamassassin and procmail. I use this email address as my listed address in the whois database, but I don't think many spammers scan whois anymore. There's many more addresses gotten by scanning newsgroups, and by simply scanning mailing list archives.

-- 
Russ Johnson
Dimension 7/Stargate Online
http://www.dimstar.net

Top post? http://www.caliburn.nl/topposting.html

Random thought #1 (Collect all 20)
"The only thing necessary for the triumph of evil is for good men to do nothing." - Edmund Burke

More information about the PLUG-talk mailing list