Thank you for the response Paul. I like the idea of blocking an IP range, as I'm already doing that for several spammers. However, when I blocked on IP, they changed IP to 200.206.123.10. I could try and block multiple IP ranges, but it's just a moving target I think. I block one and they move to another. I don't want to have to play that game. So if sendmail finds that it can't trust the name (DNS fails in some manner), is there a way to configure sendmail to REJECT the mail as it is coming in based on failed DNS, rather than block IP ranges? On Wed, 2005-12-07 at 17:55 +0000, Paul Howarth wrote: > Timothy Alberts wrote: > > Greetings, > > > > I am running a FC4 sendmail server and I've been trying forever to at > > least limit some of the spam. In this effort, I have been adding to the > > Access control (/etc/mail/access) domains that are known to be mail > > bombing my domain. A few continue to evade the sendmail filtering and > > are still getting through. I know this because LogWatch reports: > > > > Unknown Local Users > > invaliduser@xxxxxxxxxxxx > > from *.speedy.net.pe ... (may be forged) > > This means that reverse DNS for this IP points to > something.speedy.net.pe but a DNS lookup of something.speedy.net.pe does > not resolve back to the same IP address (usually because the name > doesn't resolve at all). So sendmail doesn't trust the name and won't > use it for anything, noting this as "may be forged". > > > where * contains the specific client that continues to change. My first > > attempt to block them, I added to /etc/mail/access > > > > speedy.net.pe REJECT > > > > to try and reject the problem domain. This doesn't work because > > LogWatch continues to report to me that mail is coming in. I've tried > > to reject on the IP as follows: > > > > 201.230.19.113 REJECT > > > > but of course, they just changed IP address. > > > > Can anyone explain to my the whole in my security that is allowing them > > to get through and how to plug it? > > Try blocking the entire network: > > Connect:201.230 REJECT > > Hope nobody in that part of Peru want to mail you though. > > Paul. > > >
