[Techtalk] block spam

hobbit at aloss.ukuu.org.uk hobbit at aloss.ukuu.org.uk
Thu May 16 23:34:36 EST 2002


On Thu, May 16, 2002 at 05:33:40PM -0400 or thereabouts, Jeff Dike wrote:
> kansas_kennedy at phreaker.net said:
> > Now, I want to block anything and everything from that particular
> > domain  coming to my machine through K-mail and instead, if possible,
> > bouce that mail  back to the root at thatdomain with the full header.
> 
> > Anyone knows how can I do this? 
> 
> procmail is the traditional way of doing this sort of thing.  You need
> to be happy with writing funky regexes'n'stuff, but it's fairly simple.

Whilst procmail has made my life easier, if you are on a slow modem
or getting deluged, it may not be the answer. Procmail deals with
the mail which has arrived on your machine. So it's wasting space
and bandwidth allowing it on. You may want to tell your mail transport 
agent (exim, sendmail, postfix, qmail...) to drop all mail connections 
from that site before they even get onto your machine. You may be 
able to set it up so it gives a response. I'm not sure. 

The MTA will vary depending on what distro you use (they use different
ones by default) or on what you decided to put on if you changed the
default.

I can post a sample exim rule, but it's from a very dated exim (ahem).
I don't have anything like that set up on the sendmail-using box.

As to bouncing back to "that domain", I would be very very careful 
to ensure that you are complaining to the right person. There are 
few things more annoying than getting complaints about spam when 
your machine had nothing to do with it. I have a friend who admins 
a very large site. His site's name was forged to appear to be the 
"From" address. The rest of the headers made it clear it wasn't. 
But he got hundreds (literally) of emails that were either bounces 
to root or postmaster at that site or complaints to him about the spam.
It did not make his day; and his responses became quite curt.

Telsa



More information about the Techtalk mailing list