Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Sendmail - access.db file


On Thu, 2002-05-30 at 13:44, Steven Kerr wrote:
> Good afternoon
> 
> I am having heaps of issue with spam mail coming from hotmail.com and
> am attempting to stop the complete hotmail.com domain from send mail.
> 
> I have attempted the following in the /etc/mail/access file and have
> restarted the sendmail daemon confirming that access.db has been
> rebuilt.
> 
> 
> /etc/mail/access.db
> 
> hotmail.com         500 Domain rejects mail from/to HOTMAIL.COM
> fred@xxxxxxxxxxx    OK
> 
> What I am attempting is to stop all email from/to hotmail.com but
> still allow fred@xxxxxxxxxxx
> 
> Position of entries has no effect - mail to/from hotmail.com are all
> bounced with the '500' message
> 

The hotmail bit is likely to only be on the envelope, not on the low
level mail conversation that the MTA's have.  Thus blocking all hotmail
mail won't work as they are not saying they are hotmail people when
you're looking for it....

tgreen@cavey:~$ telnet 0 25
Trying 0.0.0.0...
Connected to 0.0.0.0.
Escape character is '^]'.
220 cavey.bandcamp.tv ESMTP
mail from:<>
250 2.1.0 <>... Sender ok
rcpt to:tgreen@xxxxxxxxxxx
250 2.1.5 tgreen@xxxxxxxxxxx... Recipient ok
data
354 Enter mail, end with "." on a line by itself
To: Tony Green <tgreen@xxxxxxxxxxx>
From: SEXY GIRL <sexygirl@xxxxxxxxxxx>
Subject: Test



As you can see from this conversation, the bit you're trapping is on the
line starting 'mail from:'.  Its very hard to trap things as most people
use either '<>' (usually only used for bounced messages) or a fake
random domain.

The envelope header (From: SEXY*) is something that a util like
spamassassin could help with.

SA will save you a lot of headaches trying to catch individual spammers.

Let me know if you need it explained in more detail.

TG
-- 
Tony Green <tgreen@xxxxxxxxxxx>
Tel       :   +61-(0)2-9500-9996    

Attachment: signature.asc
Description: This is a digitally signed message part