[LIST ADMIN] reply is not going back to the list - requires "reply all" & Cc: to To: swap
On Fri, Jan 9, 2009 at 11:08 AM, Etaoin Shrdlu <[email protected]> wrote: > Etaoin Shrdlu wrote: > > Okay, I'll try again. I guess I'm asking this question wrong. For the > kind folk that replied privately, I am uninterested in outsourcing > anything, especially my mail servers. > >> My current approach is to kill -9 sendmail on the machines until the >> automated scanners give up and go away, and then go back in and restart >> it. This is a bit cumbersome, and very annoying. > > I had actually been very hopeful that someone would hand me a nice > Sendmail solution, dang it. > >> Ideas? > > Okay, here it is. Almost any email directed at the machines is not > valid. I don't care about stopping spam (because if it was actually > directed at a legitimate user, it almost certainly would not be spam), I > care about slowing or stopping the automated attacks. I note Scott's > response on the pf rule, and that's actually not bad, except that the > machines only have Sendmail in common. I have Slackware, Fedora, > FreeBSD, and OpenBSD, all running various versions of sendmail. > > Spamd sounds pretty close to what I had in mind. If I can figure out how > to get it going on the ancient Slackware install that I'm fond of, it > may just be the ticket. Still, I'm open to other stuff, if there's > something more generic. > The OpenBSD spamd (not the same as spamd on Linux) sits at the firewall level, so you are looking at adopting OBSD - on which you would then be running your MTA - Sendmail or in my case Postfix. OpenBSD comes with Sendmail out of the box and like other "core" applications it receives a good deal of security attention. That said, the key to spamd's function is tarpitting at the firewall level, which is PF for OBSD (and other BSDs). If you are committed to Slackware/Fedora etc as your primary email servers, you might think about setting up a gateway server in front of your primary(s) - you could off load some of that attachment scanning and a transparent tarpitting firewall might be a nice project (hint - just because you bridge two NICs doesn't mean you can't run PF against the traffic) - it sounds like you have servers on site, so an extra box (no heavy Iron needed) might not be a problem. HTH Ed _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
