Hi All,
My server CentOS 4, Sendmail, MailScanner (SA & ClamAV) is being buried by
spoofed emails that are bounced back to my domain by the recipient's
servers. Virtually all these emails are being sent from a zombie at a single
IP.
i.e.: All the messages contain the following line somewhere wi
Nigel Frankcom-2 wrote:
>
> Can you not block them at your router or firewall? Then they are not
> taking up threads either. It's how I deal with heavy hitters.
>
> Nigel
>
No, I wish I could, but these bounced emails are not coming To Me from a
single IP. It goes like this:
1. Some doofus'
Joseph Brennan wrote:
>
>
> Why not just tell procmail to drop them?
>
> : 0
> * ^Received: .* 89.83.98.193
> /dev/null
>
> Joseph Brennan
> Columbia University Information Technology
>
I just tried, but it doesn't work either. Recall that the nasty IP is
wrapped as part of an attachment. I
Raymond Dijkxhoorn wrote:
>
> Hi!
>
> And exactly why dont you block those on your MTA? Bit waste on CPU cycles
> like this... first process then, and then trash it anyway.
>
> Bye,
> Raymond.
>
Well, mostly because I don't have any idea how to do so at the MTA level and
also I would think
John Hardin wrote:
>
>
> Another alternative if you're using sendmail is to use milter-regex to
> look for that IP in a Received: header and reject the message with a 550
> at SMTP time.
> --
>
That would certainly appear to be the best solution so far. However, I can't
get milter-regex to m
