Sendmail/LogWatch reports (may be forged)
Scot L. Harris
webid at cfl.rr.com
Wed Dec 7 19:50:31 UTC 2005
On Wed, 2005-12-07 at 13:33, Timothy Alberts wrote:
> Thank you for the response Paul.
>
> I like the idea of blocking an IP range, as I'm already doing that for
> several spammers. However, when I blocked on IP, they changed IP to
> 200.206.123.10. I could try and block multiple IP ranges, but it's just
> a moving target I think. I block one and they move to another. I don't
> want to have to play that game.
>
> So if sendmail finds that it can't trust the name (DNS fails in some
> manner), is there a way to configure sendmail to REJECT the mail as it
> is coming in based on failed DNS, rather than block IP ranges?
>
>
When they change IP addresses are they using zombie systems to send the
spam? If so greylisting will most likely take care of the problem no
matter which IP address the spam comes from.
You might also look into enabling the delay feature on sendmail. Have
not used that myself but understand it can block most zombie spam
systems since they don't follow the RFC rules. As I understand it
sendmail will delay several seconds responding to the initial connection
request. Most spam tools just dump and run and don't really wait for
the conversation to take place. At least that is the theory.
More information about the users
mailing list