Mailinglist Archive: opensuse (2831 mails)

< Previous Next >
Re: [SLE] Postfix UCE, rbl, cidr and ehlo
  • From: jfweber@xxxxxxxxxxxx
  • Date: Thu, 13 Jul 2006 13:18:51 -0400
  • Message-id: <200607131318.51632.jfweber@xxxxxxxxxxxx>
On July Thursday 13 2006 1:05 pm, david rankin wrote in an electronic
and somewhat quixotic manner:
> >From: "Per Jessen" <per@xxxxxxxxxxxx>
> >
> > Ken Schneider wrote:
> >> Yes, mail you send to the list goes through the list server and is
> >> therefore seen as coming from the list server IP address even
> >> though the return address is yours. If you mail him off list
> >> (directly) then that is a different story.
> >
> > Thanks Ken - all I wanted to point out was that Davids restrictions
> > are a little too restrictive IMO.
>
> Thanks to all that weighed in. Yes, I know the restrictions are
> way-way-way too restrictive. I have a separate domain with a fixed IP
> and stand-by mail server attached to it that I am experimenting with
> to find out how best to control UCE. The only mail that goes to that
> domain is spam so if I did rcpostfix stop, it wouldn't make any
> difference. But I wanted to figure out a good approach to controlling
> UCE before implementing what works on the production machine. It has
> been quite fun, really, to learn what can be done with Postfix to
> address the UCE problem. But my time to devote to it is limited so my
> progress is slow.
>
> The smtpd_client_restrictions = check_client_access
> hash:/etc/postfix/client_check parameter is a very good tool for
> blocking the ranges of IPs that produce most of the spam and the
> restriction can be controlled to allow acces from within the excluded
> block.
>
> Take Per's example:
> > 217.0.0.0/8 REJECT You are unwelcome here...
>
> "You won't be getting much email from me then - we're on
> 217.8.216.8/29."
>
> In /etc/postfix/client_check, that can be addressed by:
>
> [root@bonza postfix]# cat client_check
> 217.8.216.0/24 OK
> 217.0.0.0/8 REJECT You are unwelcome here...
>
> So Per's part of the IP range would get through, but the rest
> would not. I'm still working on this. I'll conduct a test without the
> hash:/etc/postfix/client_check just using the reject_rbl_client
> relays.ordb.org, reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client list.dsbl.org, reject_unknown_client and see how it
> works. Theoretically, the rbl lists should catch much of what I have
> rejected with the hash of client_check anyway.
>
> Thanks for your thoughts and advise. I'll keep you posted....

Just curious why not drop the message instead of reject it????Once you
do that the presence of your box is confirmed at that address, then w/
a bit more work <shrug> it winds up on someone's "todo" list when they
may make a series of attacks to see if they can get any more info.. I
would think that might be something you most especially wouldn't want
to do w/ a box w/ a ( more or less) permanent address

--
j

oh nevermind, it's only a randomly firing synaps anyway...

--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx


< Previous Next >
Follow Ups