procmail
[Top] [All Lists]

Re: Re: recipe problem

2001-10-15 08:22:48
At 8:57 AM +0300 10/11/01, Odhiambo Washington wrote:
* Justin Shore <listuser(_at_)neo(_dot_)pittstate(_dot_)edu> [20011010 18:07]: writing on the subject 'Re: Re: recipe problem'
| Thanks to all who helped out.  I have a working recipe now.  It's not
| the most streamlined but it works.  I'll hone it later.
| Unfortunately I ran into an MTA problem that will keep this recipe
| from being used.  I wanted to use it to redirect mail from a certain
| SWB DSL customer that is attempting to relay through our server.
Attempting really does not mean he succeeds, no? Firstly why don't you
just block his IP at the MTA level? Secondly, are you being an "Open
Relay"?

Definitely not an open relay. I'm big on anti-spam stuff and filter around 35k messages a week. I could very easily use my host-based firewall to block his IP. That wouldn't be hard at all. That also would solve the problem. That would treat the symptom of him banging away at Sendmail and filling my logs with Relaying denied messages but that wouldn't make his ISP fix the machine. It could very easily be sploited and in need to human interaction to fix it.

At my site, I do use Exim and I can block those people by their IP
or e-mail address. You need to have stringent relay controls on your
MTA but the details are really OT for this list.

I've thought about using another MTA. I may consider it more if I use a relay agent on a firewall I plan on installing soon. I can block people by domain, To:, From:, IP, and CIDR with a little addition. I'm good about not running an open relay. Sendmail out-of-the-box hasn't been an open relay since 8.9.x. My access list is around 1000 lines long and I use the DUL, RSS, and Osirusoft DNS blacklists.

| The problem lies with the keyword "relay".  It didn't hit me until I
| tested the script.  Procmail isn't touched unless the delivery
| attempt is local.  All this spam is being relayed through our server
| to points unknown, not local users.  Unless someone has a Sendmail
| trick to take all mail from an IP or From and direct it to a local
| user (so procmail rules apply), I'm SOL.  Nevertheless it was good to
| work up that recipe.  I needed the procmail practice.  Thanks again!


Close the relay in your Sendmail. Else, use procmail as your LDA and it will
handle that person via a global procmailrc.

The machine isn't a relay. Procmail is my LDA but that doesn't matter unfortunately. He's trying to use this particular server as if it were an open relay. He's not sending mail to my local users. He's trying to send mail everywhere else but to them. His mail never touches my LDA so procmail isn't used. If I could find a way to make Sendmail attempt to deliver all mail from his From: or IP to a local user, I could make the LDA do its thing. Unfortunately I don't see a way unless I write an app for Milter, which is beyond my means I'm sure.

Thanks for the reply,
  Justin
--

--
Justin Shore, ES-SS ES-SSR      Pittsburg State University
Network & Systems Manager       Kelce 157Q
Office of Information Systems   Pittsburg, KS 66762
Voice: (620) 235-4606           Fax: (620) 235-4545
http://www.pittstate.edu/ois/

Warning:  This message has been quadruple Rot13'ed for your protection.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>