> > Add this to your sendmail.mc and you will get no mail from china.
> >
> > FEATURE(dnsbl,`cn.countries.nerd.dk', `SPAM from
> China:$&{client_addr} rejected' )dnl
>
> Except that Joe's relaying out via a Postfix server ;)
The most efficient way would be to block using Postfix then. It is a little
more tedious than blocking .cn domain but much better for your resources. I
found that blocking only a couple of very large IP blocks and using the
smtpd_??_restrictions works very well. It really seems a bit extreme to
block an entire country.
Example:
# SMTPd restrictions
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/access_client,
reject_unauth_pipelining
smtpd_helo_restrictions =
check_helo_access hash:/etc/postfix/access_helo,
reject_invalid_hostname
reject_non_fqdn_hostname
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/access_sender,
reject_unknown_sender_domain,
reject_non_fqdn_sender
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/access_recipient,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
permit_mynetworks,
reject_unauth_destination
#access_client includes the following:
#HINET-IP.hinet.net - China: 61.228-61.231
61.230 550 Rejected due to past spamming offense!
I get a lot of spam from 61.230 so I nixed it. However, reject_non_fqdn_??
works the best. It seems most are using non_fqdn_hostname configurations as
they appear send from MS machines that are incapable of fqdn format or
misconfigured *nix hosts. This is obviously not 100% but it is easier on
your resources.
--Larry
<<application/ms-tnef>>
