On Mon, 27 Sep 1999, Abel Lucano wrote:
> Under qmail, i was able (until yesterday) to filter undesirable spam
> mostly with /var/qmail/control/badmailfrom
>
> The question here arises in one spammer (206.221.224.187)
> who's spamming aol.com from one ppp session with a bogus domain "ba.net"
> that doesn't belongs to him.
> (from ba.net (ppp187.champaign.advancenet.net [206.221.224.187]))
>
> AOL's DNS "resolves" ba.net (badly in my opinion) and the aol's
> relays were sending tons of bounce emails to my mailserver. (the
> real ba.net domain).
>
> I'll try at first with @rly-yc04.mx.aol.com in badmailfrom.
> If this interest you, see one of the bounces below.
> Aol's relays rotates, then i tried (one domain by line obviously)
>
> @[205.188.156.79], [EMAIL PROTECTED], @[205.188.156.78],@rly-bza01.mx.aol.com
> @rly-yb05.mx.aol.com, @rly-yd01.mx.aol.com ,@rly-yc05.mail.aol.com
>
> I've put the line @aol.com in badmailfrom; i couldn't stop the bombing
> with this approach.
>
> Finally i give up and i use ipfwadm (a UNIX tool, not an QMAIL tool) (as
> you and other kind guys advise to me in this list);
If you can get their IP, which by my understanding you have, you can do
what I do.
I have my resolve.conf set up to look in my hosts file first, and then
DNS (order hosts,bind). I put their IP address in my /etc/hosts as:
206.221.224.187 zero.spammer.dom
and in my smtpd script (which checks incoming IPs against known bad ones),
I deny SMTP service to *.spammer.dom
Assigning our own internal name to the spammer's IP bypasses any DNS
checks.
But he's using a dialup, so this prolly won't work in your exact case
(dynamic ips). I'd bring the issue up with his provider, and get him cut
off.
.Shawn