Re: [cobalt-security] Blocking mail from ip/domain name etc.

[Mike Vanecek <clist.mtv@xxxxxxxxxxxx>]

On Mon, 01 Apr 2002 10:47:28 -0500, Parker Morse <morse@xxxxxxxxxxx> wrote:

:>> At 04:39 AM 4/1/2002, you wrote:
:>>> Hi, Im getting a lot of spam mail comming from various
:>>> address's is there any way of just blocking them?
:>> 
:>> unplug your computer
:>> 
:>> A lot of spam uses bogus names and addresses.
:>> Do you want to block the real users.
:>
:>Very helpful, thanks.
:>
:>It's not really practical to block spam by "address" since, as mentioned,
:>the address is often false. However, you can examine the "Received" headers
:>to find a "source" and any relays. Then you can block by IP and/or domain,
:>as you suggest in the subject line.
:>
:>To do this you use the access database feature of sendmail. Some Cobalts
:>have the turned on by default (the Qube3 does, for instance) but others
:>don't. You'll need to fiddle with the sendmail config to turn it on if it's
:>not. Then you can add domains or IP blocks to the /etc/mail/access file per
:>the instructions on sendmail.org.
:>
:>As implied above, you should be careful about who you block, particularly if
:>you're making mail decisions for paying users who may not appreciate it. If
:>you set mail policy for your company, though, block away!
:>
:>I'm trying to do up a FAQ for this in my (sparse) free time; the access db
:>part is not done yet but you can read up on DNSBLs at
:><http://bluebird.sinauer.com/~morse/cobalt/cobalt_email.html>. Anyone who
:>wants to pitch in, feel free to get in touch!
:>
:>Looking into Procmail isn't a bad idea either; see
:><http://www.impsec.org/email-tools/procmail-security.html> and
:><http://spamassassin.taint.org/> for procmail-based anti-spam and/or
:>anti-virus tools.


I use  http://junkfilter.zer0.org/  - it is easy to install and use and does a
pretty good job of filtering.