Sendmail Expert

FredrikN · 12-27-2002, 05:57 AM

Hi

I'm using Sendmail at home
My problem is that I'm receiving a lot of spam from addresses like

u.34.net
r.4.net
j.98.net

and more.

I have written an small script that take cares of this, the script generates an file that looks like this

a.01.net 550 No spam allowed
a.02.net 550 No spam allowed
.....
a.98.net 550 No spam allowed
b.01.net 550 No spam allowed

and so on until z.98.net is reached.

But this generates a big blocklist just for one spamsender.

My question is, does anyone know how/if ? I can use regexp in sendmail to block these addresses with only one row ?

Ex

[?].[01-98].net 550 No spam allowed

(the ? will match anychar, such as a-z and 0-9 is simply 0-9)

It would be great so I can reduce the size of my spamlist :-)

an example of my spamlist right now
www.thegate.nu/tmp/access_db

peter_robb · 12-27-2002, 09:07 AM

I'm just wondering if you could approach this from another angle...
Some of the FROM domains you gave don't even resolve, eg 4.net no dns server allocated..
34.net is the WTC in New York, and everything at 98.net resolves to the same ip address...
I would also be sure any REPY TO address is different from the FROM address.. as this data is very easily forged...
This is handled inside Sendmail filters with ip source verification and blackhole lookups.
It will avoid having a monster accessdb list for each site that doesn't regex to a number format...

FredrikN · 12-28-2002, 10:23 AM

"I would also be sure any REPY TO address is different from the FROM address.."

Yes, that's right.

Thanks 4 your reply

mcleodnine · 12-28-2002, 02:03 PM

I don't know how to do it in sendmail, but I'm using some RBL (blackhole lists) in my posffix configuration. It's managed to tag and refuse a few messages so far.

Code:

maps_rbl_domains =
        relays.ordb.org,
        inputs.relays.osirusoft.com,
        spews.relays.osirusoft.com
*
*
*
smtpd_recipient_restrictions=
       reject_maps_rbl,