Jake McHenry wrote: > I'm not running iptables ... on the old setup I had mailscanner > running and another utility that gave me stats on email that could > add spammers to the access db, maybe I'll just configure all that > again. The only problem was some addresses entered into the access db > were legitimate people. Can anyone recommend a better solution? Jake, I no longer use sendmail (I now use postfix), but I had a similar problem with dictionary attacks because my sendmail MTA was a frontend for an exchange server. To insure that sendmail "only" accepted/relayed e-mail for valid accounts on the exchange server, I used the following approach (trick) in /etc/mail/access. Maybe it will work for you. I have copy/pasted a backup copy of my previous sendmail access file configuration (with a few edits). As always, you milage may vary based on how sendmail is configured at your end, so be sure to make a backup of your current access file -and- be sure to run an open relay checker against any changes you make. I've always used the following site for testing: http://www.abuse.net/relay.html <copy/paste /etc/mail/access> # If this is both an inbound and outbound MTA, then add the systems that # are allowed to relay e-mail through this system. 192.168.1 RELAY # Reject both envelope sender (mail from) and recipients (rcpt to) # that contain mydomain.com mydomain.com REJECT # To negate the above reject, add only "valid" recipients for mydomain.com scowles@xxxxxxxxxxxx OK postmaster@xxxxxxxxxxxx OK etc... Note 1: The above implementation was based on reading: http://www.sendmail.org/m4/anti_spam.html#access_db The really confusing part about sendmail (versus postfix) is understanding in which context the access file is consulted. i.e. is the test done against the envelope sender or recipient or both. What a PITA. Postfix does a lot better job at implementing these types of tests. Note 2: Maintaining a valid list of exchange recipients (mailboxes) on the sendmail server was accomplished by writing a shell script that did an LDAP query against the exchange server to build an access formatted list of valid mailboxes. This script was run as an hourly cronjob. This way, when I made a change (add/delete) on the exchange server, it was replicated to the sendmail frontend. In fact, I still do this with postfix as a frontend. Note 3: When an invalid recipient was specifed (like during a dictionary attack), it was rejected after the "rcpt to"; thus no DSN/bounce was generated by sendmail. i.e. The rejection occurs before the inbound e-mail is submitted to the queue for delivery. Nice!!! Hope the above solution at least points you in the right direction for achieving your goal. Steve Cowles
