[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Blocking mail from ip/domain name etc.
- Subject: Re: [cobalt-security] Blocking mail from ip/domain name etc.
- From: Parker Morse <morse@xxxxxxxxxxx>
- Date: Mon, 01 Apr 2002 10:47:28 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> At 04:39 AM 4/1/2002, you wrote:
>> Hi, Im getting a lot of spam mail comming from various
>> address's is there any way of just blocking them?
>
> unplug your computer
>
> A lot of spam uses bogus names and addresses.
> Do you want to block the real users.
Very helpful, thanks.
It's not really practical to block spam by "address" since, as mentioned,
the address is often false. However, you can examine the "Received" headers
to find a "source" and any relays. Then you can block by IP and/or domain,
as you suggest in the subject line.
To do this you use the access database feature of sendmail. Some Cobalts
have the turned on by default (the Qube3 does, for instance) but others
don't. You'll need to fiddle with the sendmail config to turn it on if it's
not. Then you can add domains or IP blocks to the /etc/mail/access file per
the instructions on sendmail.org.
As implied above, you should be careful about who you block, particularly if
you're making mail decisions for paying users who may not appreciate it. If
you set mail policy for your company, though, block away!
I'm trying to do up a FAQ for this in my (sparse) free time; the access db
part is not done yet but you can read up on DNSBLs at
<http://bluebird.sinauer.com/~morse/cobalt/cobalt_email.html>. Anyone who
wants to pitch in, feel free to get in touch!
Looking into Procmail isn't a bad idea either; see
<http://www.impsec.org/email-tools/procmail-security.html> and
<http://spamassassin.taint.org/> for procmail-based anti-spam and/or
anti-virus tools.
pjm