On Wed, 7 Jun 2006, Steven W. Orr wrote:
> On Wednesday, Jun 7th 2006 at 09:53 -0700, quoth John D. Hardin:
>
> =>On Wed, 7 Jun 2006, Screaming Eagle wrote:
> =>
> =>> country, other than USA? How would you look up the network block
> =>> on country such as Romania, China, Taiwan,Thailand, Korea, and so
> =>> on...
> =>
> =>describe BL_COUNTRY_TW_1 Mail client in Taiwan
> =>header BL_COUNTRY_TW_1 eval:check_rbl('taiwan', 'tw.countries.nerd.dk')
> =>score BL_COUNTRY_TW_1 0.5
> =>tflags BL_COUNTRY_TW_1 net
>
> I'm running a sendmail server and I already block a few countries
> in my mc file. e.g.,
>
> FEATURE(enhdnsbl,`kr.countries.nerd.dk', `SPAM from Korea:$&{client_addr}
> rejected',`t')dnl
> FEATURE(enhdnsbl,`cn.countries.nerd.dk', `SPAM from China:$&{client_addr}
> rejected',`t')dnl
>
> Are there any pros or cons to doing the checks in the mc file vs
> sa config? In the case of sa I am using spamass-milter so the
> message will be rejected either way.
>
> TIA
The greatest drawback is that using the RBL within sendmail is an
all-or-nothing proposition. What if you *do* have legitimate
correspondents in those countries?
When I was doing that as postmaster for my company, it was only
because we did not do business in those countries at all, and I was
finding myself poking holes through for things like: one of our major
programming tool suppliers has their home office in Europe; I would
ask questions on Usenet or other online sites and get relevant replies
from other countries; some of our employees corresponded with
relatives in other countries.
It's more reasonable to do the country tests in SA, where they can
contribute to the score rather than being a pass-fail test.
However, the ISP dynamic address tests *do* belong in the MTA RBL
checks. The fraction of legitimate emails received from dynamic-IP
hosts is vanishingly small compared to the tens or hundreds of
thousands of compromised Windows boxen spewing spam and viruses...
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
[EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Look at the people at the top of both efforts. Linus Torvalds is a
university graduate with a CS degree. Bill Gates is a university
dropout who bragged about dumpster-diving and using other peoples'
garbage code as the basis for his code. Maybe that has something to
do with the difference in quality/security between Linux and
Windows. -- anytwofiveelevenis on Y! SCOX
----------------------------------------------------------------------
11 days until SWMBO's Birthday
