MAIL FROM:<> & check_mail ruleset

MAIL FROM:<> & check_mail ruleset

Post by John Poltora » Mon, 29 Jan 2001 20:27:57



Looking through some logs I see a lot of SPAM mail coming from
SINAMAIL.COM with
entries in the log like this:-

220 ESMTP spoken here
837 S< HELO sinamail.com
837 S> 250 mail.eyup.org Hello dell5.sinamail.com, pleased to meet you
837 S< MAIL FROM:<>
837 S> 250 <>... Sender ok

How does Sendmail handle mail like this?

I have identified SINAMAIL.COM as a spammer and it is included in my
Spammers list
for use with Check_mail ruleset, but it does not seem to get invoked.

Can anyone explain this?

Is the mail getting accepted by some other ruleset?

BTW before anyone suggests it, this is my only option of blocking
spammers, as
I am unable to use a more uptodate version of Sendmail.

--
John

 
 
 

MAIL FROM:<> & check_mail ruleset

Post by Neil W Ricker » Tue, 30 Jan 2001 00:26:55



>Looking through some logs I see a lot of SPAM mail coming from
>SINAMAIL.COM with
>entries in the log like this:-
>220 ESMTP spoken here
>837 S< HELO sinamail.com
>837 S> 250 mail.eyup.org Hello dell5.sinamail.com, pleased to meet you
>837 S< MAIL FROM:<>
>837 S> 250 <>... Sender ok

>How does Sendmail handle mail like this?

In accordance with the RFCs (see RFC1123).

You should be able to block on the basis of the sending machine
being in the domain sinamail.com

Quote:>I have identified SINAMAIL.COM as a spammer and it is included in my
>Spammers list
>for use with Check_mail ruleset, but it does not seem to get invoked.

You probably need to block in check_relay.

 
 
 

MAIL FROM:<> & check_mail ruleset

Post by John Poltora » Tue, 30 Jan 2001 07:20:18




> >Looking through some logs I see a lot of SPAM mail coming from
> >SINAMAIL.COM with
> >entries in the log like this:-

> >220 ESMTP spoken here
> >837 S< HELO sinamail.com
> >837 S> 250 mail.eyup.org Hello dell5.sinamail.com, pleased to meet you
> >837 S< MAIL FROM:<>
> >837 S> 250 <>... Sender ok

> >How does Sendmail handle mail like this?

> In accordance with the RFCs (see RFC1123).

> You should be able to block on the basis of the sending machine
> being in the domain sinamail.com

> >I have identified SINAMAIL.COM as a spammer and it is included in my
> >Spammers list
> >for use with Check_mail ruleset, but it does not seem to get invoked.

> You probably need to block in check_relay.

From my understanding, this ruleset blocks by IP address.

Given that a domain can have 00's or 000's of IP addresses, how
does one go about setting up this rule?

--
John

 
 
 

MAIL FROM:<> & check_mail ruleset

Post by Neil W Ricker » Tue, 30 Jan 2001 11:37:31




>> >I have identified SINAMAIL.COM as a spammer and it is included in my
>> >Spammers list
>> >for use with Check_mail ruleset, but it does not seem to get invoked.
>> You probably need to block in check_relay.
>From my understanding, this ruleset blocks by IP address.
>Given that a domain can have 00's or 000's of IP addresses, how
>does one go about setting up this rule?

The access map entry

123.45          REJECT

should block all 65536 IP address of the form 123.45.*.*

With a little creativity, you can easily block entire
netblocks.

 
 
 

1. <<>> COMPUTER SOFTWARE / HARDWARE <<>>

<<<<<<<  COMPUTER SOFTWARE / HARDWARE  >>>>>>>

                            >>> UP  TO  90 % OFF <<<

                  http://www.quantcom.com/auctionfirst/ <><=<<>>==><><><=<<>

2. Similarities between Win95 and OS/2...

3. <<<<***FREE MOTOROLA PAGERS***>>>>

4. Interrupt handling

5. <<>> COMPUTER SOFTWARE / HARDWARE <<>>

6. BARGAINS in Mac-clones from MOTOROLA!

7. >>>>TIMESTAMP IN PINE<<<<

8. persistence database connection...

9. <<>> COMPUTER SOFTWARE / HARDWARE <<>>

10. ISP <<UUCP>> linux <<smtp>> mailhost

11. >>> F R E E <<<