On Sun Mar 19 23:53:27 2006 Professional Software Engineering wrote:
At 02:12 2006-03-19 -0800, Wm. Vance wrote:
Howdy folks;
Is there a way to capture _ALL_ sendmail output to the internet, pipe it
through procmail, and then pipe it back to sendmail for output to the net?
Yes.
Is this the appropriate thing to do given the problem you are describing?
No.
Why not? It would permanently lose all spam/virii/etc., trying to reach other
systems through mine. As far as the internet is concerned, this is basically a
leaf node, and shouldn't have to worry about relaying anyway.
I'd still like to know how to accomplish it.
Apperently a bunch of spammers have been back dooring my site for some
time now,
Er, why not simply secure your MTA (and your server while you're at it)? A
common setup is that only local users (those originating messages via the
shell) can sent with impunity, and remote users (those connecting via SMTP)
can only send IN (to domains which your mail server accepts mail for). If
you want remote users to be able to relay, compile in SASL support to your
MTA, or if you want to be cheap about it, allow only specific source IPs
(say, from within your LAN) to relay. If you want to email while you're
out on the road, you can set up an SSH tunnel with port forwarding and
email as if you were originating right on the mailhost (which requires a
valid login to the host to establish).
It would help if I had the foggiest notion of how to do any of that. It might
also help if my CDRW drives weren't going TU, blocking access to my source code,
too, but thats another problem, not that I'm any kind of programmer to begin
with. Unfortunately, being stuck on Social Security Disability, with lots of
bills, means I'm not going to be able to deal with it for some time to come.
to the point where some sites have blacklisted me.
If you're operating an open relay, this seems like an appropriate
action. I can't say that it's a shame to hear they're being effective...
Part of my solution so far, has been to block outside access through my
router. Something I'd overlooked through ignorance.
Your source IP is a broadband IP from verizon.net. There are entire DNSBLs
dedicated to blocking crap which issues directly from consumer broadband
networks. I even have procmail filters which match for messages relaying
to me which come through broadband-ish hostnames (often incorporating IP
octet formations within the hostname).
Verizon is the phone company here. Unfortunately, I have to sign up for the
year to get the mildly cheaper rate.
Oh yeah, I'm doing UUCP over TCP to pick up my mail on an hourly basis.
I get it - you're on a dynamic IP and all that, but there are
solutions... Why not issue an ETRN to your upline mail provider and have
them set up as a mail secondary?
I don't even know what an ETRN is. The seaslug part of my addr, is the Seattle
Unix Users Group, which is hosted by Celestial Systems. They're a fairly busy
commercial outfit, and I'm not sure they'd even want to consider it, as they
have their own, fairly complex security issues to deal with.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail