Shell question

cpghost cpghost at
Wed Oct 25 16:32:34 UTC 2006

On Wed, Oct 25, 2006 at 09:53:47AM -0500, Jack Stone wrote:
> I have managed to piece together a shell script that is able to retrieve 
> the domains from the spams of the day and summarize those in a special file 
> that can then be added to the sendmail's rejects in the access.db. But, 
> first I have to eyeball the list and remove any obvious good-guy domains.

The domains from the spams? That's almost always pretty useless:

1. The only reliable information is what's in the SMTP envelope.
Headers like From: etc... are always spoofed and almost always
pointing to either inexistant or innocent victim domains (which
then get flooded by bounces).

2. The IP-Addresses from the senders (from the SMTP envelope or
at most the last Received: header, if you don't operate your own
MTA), will almost always point to PTR of some big broadband ISPs
hosting some infected Windows spam drones. Blocking the *domain*
name of the ISP (esp. the big ones) would be is silly, because
that would lock out a lot of legitimate users that send mails
through their (ISPs) mailers.

The bottom line: you'll end up banning 99% of innocent domains,
and still get flooded with spams, since spammers can and do fake
a HUGE amount of domain names.

However, blocking IP addresses using RBLs like,
greylisting, and, to a lesser extent, using SPF (once it gets
more widely adopted) can do wonders, if you operate your own MTA.

E.g. the following Postfix configuration in
/usr/local/etc/postfix/ is a bit tight, but very effective
in most setups:

smtpd_recipient_restrictions = 
    # check_sender_access hash:/usr/local/etc/postfix/sender_access,
    # check_recipient_access hash:/usr/local/etc/postfix/recipient_access,
    # check_helo_access hash:/usr/local/etc/postfix/secondary_mx_access,
    # reject_rbl_client,
    # reject_rbl_client,
    check_policy_service unix:private/spfpolicy,
    check_policy_service inet:,
    # The following are a bit tight, but they won't do any harm
    # check_client_access hash:/usr/local/etc/postfix/client_access,

One can do even more, but that should be enough for now,
considerung the current "state of the art" of the spam engines.

If you prefer sendmail, a sendmail guru will certainly help translating
most directives from this config... ;)

> Jack

Good luck,

Cordula's Web.

More information about the freebsd-questions mailing list