On Tue, Jun 13, 2000 at 11:58:12AM -0700, Michael Boyiazis wrote:
> sorry. forget everyone doesn't have ESP...
> the following line appears in my "inrules" file
> which was compiled into a cdb...
>
> 209.244.137.13:deny
>
> tcprules inbound.cdb inbound.tmp < inrules
>
> there are other lines in there of course, but this
> is/was at the top and should have been read and
> executed immediately, right?
>
> There is nothing wrong w/ the tcpserver line.
> It works to prevent connection from other IPs
> blocked w/ denies. It just seems that in this case
> (and in a previous attack) that the spam, which is
> disquised as a bounce, (no "from" info) slips past
> tcpserver, perhaps because qmail considers the
> mail to be from the person receiving the mail
> instead of being from the spammer(?)
No. If everything is set up correctly and you have the above deny line in your
rules file, then connections from 209.244.137.13 will not be allowed, period.
There's no way for anything to "slip past" tcpserver. qmail-smtpd will never be
invoked if the connection is from 209.244.137.13, so no manipulation of
envelope sender or disguising something as a bounce or anything else will allow
mail from this IP address to get through.
As someone else said, tcpserver doesn't know anything about mail. All it can do
is either allow or deny a connection and set environment variables based on IP
address.
Chris
