Re: Sendmail/LogWatch reports (may be forged)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2005-12-07 at 13:33, Timothy Alberts wrote:
> Thank you for the response Paul.
> 
> I like the idea of blocking an IP range, as I'm already doing that for
> several spammers.  However, when I blocked on IP, they changed IP to
> 200.206.123.10.  I could try and block multiple IP ranges, but it's just
> a moving target I think.  I block one and they move to another.  I don't
> want to have to play that game.
> 
> So if sendmail finds that it can't trust the name (DNS fails in some
> manner), is there a way to configure sendmail to REJECT the mail as it
> is coming in based on failed DNS, rather than block IP ranges?
> 
> 

When they change IP addresses are they using zombie systems to send the
spam?  If so greylisting will most likely take care of the problem no
matter which IP address the spam comes from.

You might also look into enabling the delay feature on sendmail.  Have
not used that myself but understand it can block most zombie spam
systems since they don't follow the RFC rules.  As I understand it
sendmail will delay several seconds responding to the initial connection
request.  Most spam tools just dump and run and don't really wait for
the conversation to take place.  At least that is the theory.




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux