Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: stopping spammers cold - at the front door
« previous next »
Pages: [1]   Go Down

stopping spammers cold - at the front door

  • 7 Replies
  • 1087 Views

Tom Carroll

stopping spammers cold - at the front door
« on: November 05, 2002, 08:46:11 AM »
Folks, I have seen some varied discussion here and other places about stopping spammers.  Most fokls use filters, like spam assasin and other spam filtering software.  As far as I can tell, this does not stop the use of the bandwidth.  Please correct me if I am wrong.

I see that most inexperienced pond-scum spammers do not know how to use a valid domain, which is stoppable at the front door by using reverse lookup.  This worked for me for several months.  However, there are those who are more experienced at spamming and wasting bandwidth by using an open SMTP server (in most cases) that has a valid reverse DNS, but yet claim to be someone else, thereby causing bounce messages to bounce back to the SMTP server, etc. and using more bandwidth.  To me this could be a vulnerability if a spammer wanted to flood a server on the SMTP port causing thousands of bounced messages to be generated and loading down the server...

I am using SME 5.1.2 and understand SME 5.5 has a less than favorable spam prevention system.  What I am wondering is if I would have to actually modify the SMTP server software to make it compare the actual valid DNS upon reverse lookup to the domain being claimed by the connection.  If the claimed domain is not found anywhere within the string returned on the reverse lookup, the connection would be closed with a 550 error to the SMTP server.

Maybe once 5.6 comes out I can lok at it and see if it will do what I want.

Thanks!

Tom Carroll
Logged

Nathan Fowler

Re: stopping spammers cold - at the front door
« Reply #1 on: November 05, 2002, 11:49:39 PM »
Tom, I think you can do that with SMTP_Check_rules, read the documentation here:

http://www.obtuse.com/juniper-docs/man/smtpd_address_check.html

As an FYI, in your previous post you asked me to look at your rules.  They look pretty good, below are my rules I'm using:

deny:UNKNOWN EXCEPT 216.191.234.126,216.79.168.196,127.0.0.1:ALL:ALL EXCEPT par5@domain.net,matthew.branch@domain.net,strick_9@anotherdomain.com:550 Your SMTP server's IP of %I does not have a reverse lookup or MX entry, as a result your message to %T was not delivered. Please contact your mail administrator and inform them of the problem.

deny:ALL:NS=UNKNOWN:ALL EXCEPT par5@domain.net,matthew.branch@domain.net,strick_9@anotherdomain.com:550 Your MAIL FROM address of %F does not have a reverse lookup or MX entry, as a result your message to %T was not delivered.  Please contact your mail administrator and inform them of the problem.


Hope this helped,
Nathan
Logged

Nathan Fowler

Re: stopping spammers cold - at the front door
« Reply #2 on: November 05, 2002, 11:50:10 PM »
Note those are all one line, the HTML wrapping prevented it from being one line.
Logged

Tom Carroll

Re: stopping spammers cold - at the front door
« Reply #3 on: November 06, 2002, 10:37:00 AM »
Thanks Nathan.  I found that my own domain was getting rejected with the last line because my own domain does not have a reverse lookup record.  I need to get in touch with my ISP to see if they will put in a reverse look up record.

I was also told that many legitimate mail servers may host several domains of of one smtp server and the domain may not match a reverse lookup or something along those lines.  IMO I don't think that should be an issue for me to bear, I think it should be the responsibility of the host...

I'll take a look at that web site to see what I can build.

Tom
Logged

Nathan Fowler

Re: stopping spammers cold - at the front door
« Reply #4 on: November 06, 2002, 05:13:38 PM »
Sounds good, let me know any rules that you're able to craft, I'm in the same boat as you, just using the above rules really cut down on a large amount of spam.

Thanks,
Nathan
Logged

Dennis

Re: stopping spammers cold - at the front door
« Reply #5 on: December 03, 2002, 10:48:06 PM »
Nathan Fowler wrote:
>
> Tom, I think you can do that with SMTP_Check_rules, read the
> documentation here:
>
> http://www.obtuse.com/juniper-docs/man/smtpd_address_check.html
>
> As an FYI, in your previous post you asked me to look at your
> rules.  They look pretty good, below are my rules I'm using:
>
> deny:UNKNOWN EXCEPT
> 216.191.234.126,216.79.168.196,127.0.0.1:ALL:ALL EXCEPT
> par5@domain.net,matthew.branch@domain.net,strick_9@anotherdomain.com:550 Your SMTP server's IP of %I does not have a reverse lookup or MX entry, as a result your message to %T was not delivered. Please contact your mail administrator and inform them of the problem.
>
> deny:ALL:NS=UNKNOWN:ALL EXCEPT
> par5@domain.net,matthew.branch@domain.net,strick_9@anotherdomain.com:550 Your MAIL FROM address of %F does not have a reverse lookup or MX entry, as a result your message to %T was not delivered.  Please contact your mail administrator and inform them of the problem.
>

Hi Nathan,

I' am a newbie to mailservers. Where do i put in this rule?

Should i use a custom-template or what?

I am running SME 5.5

/ Dennis
Logged

Nathan Fowler

Re: stopping spammers cold - at the front door
« Reply #6 on: December 03, 2002, 11:01:15 PM »
You can't use those rules in 5.5 :)
Logged

Cyrus Bharda

Re: stopping spammers cold - at the front door
« Reply #7 on: December 04, 2002, 05:42:51 AM »
There is an alpha rpm being developed for 5.5+ (mailfront) by Darrell May, hopefully it will be available soon :-)

Cyrus Bharda
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: stopping spammers cold - at the front door