On Tue, 23 Nov 1999 [EMAIL PROTECTED] wrote:
>
> In order to stop spam, I want to refuse all connections to the smtp port
> for certain machines and domains. As I understand it, I can have sendmail
> bounce the mail, or just use tcp wrappers to deny connections from the
> machine/domain.
Another option is to use ipfw/ipchains to deny the connection. I don't
think sendmail checks hosts.deny or hosts.allow by default (unless it is
compiled with the -DTCPWRAPPERS option)so it might involve some extra
effort to get it to use tcp_wrappers. Using inetd/tcpd this would be
trivial but usually sendmail is run stand-alone rather than from inetd.
> Is one way considered better? I think sendmail would be better because
> they would probably get a bounce message, rather than a connection
> refused. Banning with TCP wrappers would prolly be easier, tho.
>
> Any thoughts?
See http://www.sendmail.org/m4/anti-spam.html for several anti-spam
rulesets. One advantage of using this method is that you can get a deny
list that is updated regularly. 8.9.x also has an rbl feature to use the
Realtime Blackhole List database (see http://maps.vix.com/rbl/) A denied
host would get a 550 or 571 error message and the originating server would
take care of sending any bounce messages. This might also consume less
resources than having a large number of ipfw rules or many entries in
hosts.deny
--
-Peter Frouman | [EMAIL PROTECTED]
the excuse server says:
..disk or the processor is on fire.
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
