I was getting MANY emails from XXX.hinet.net - kind of filled my mqueue directory. I stopped sendmail. removed all the files in mqueue, added to sendmail access a REJECT for hinet.net This certainly seems to help - but is that the correct way to take care of this sort of thing? Thanks, Jerry
On Sat, 2010-05-15 at 10:45 -0400, Jerry Geis wrote:> I was getting MANY emails from XXX.hinet.net - kind of filled my > mqueue > directory. > I stopped sendmail. removed all the files in mqueue, added to > sendmail > access a REJECT for hinet.net > This certainly seems to help - but is that the correct way to take > care > of this sort of thing?That's the way that I do it. # Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... localhost.localdomain RELAY localhost RELAY 142.165.59.200 RELAY 24.72.131.56 RELAY 24.89.105.7 RELAY 192.168.0.6 RELAY 192.168.1.6 RELAY manashosting.name REJECT lowratemarketing.net REJECT superbservers.com REJECT jlineresults.com REJECT hinet.net REJECT casksand.com REJECT adobeacier.com REJECT spcsdns.net REJECT smallcapmining02.net REJECT tops-1.com REJECT calpop.com REJECT ae REJECT ar REJECT at REJECT be REJECT bg REJECT biz REJECT br REJECT by REJECT cl REJECT cn REJECT co REJECT cz REJECT do REJECT es REJECT hu REJECT id REJECT in REJECT it REJECT mx REJECT nl REJECT pe REJECT pk REJECT pl REJECT pt REJECT ro REJECT ru REJECT sa REJECT sg REJECT sk REJECT th REJECT tr REJECT tw REJECT tv REJECT ua REJECT za REJECT eekeer.com REJECT -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
Jerry Geis wrote:> I was getting MANY emails from XXX.hinet.net - kind of filled my mqueue > directory. > I stopped sendmail. removed all the files in mqueue, added to sendmail > access a REJECT for hinet.net > This certainly seems to help - but is that the correct way to take care > of this sort of thing? >You probably need to do something more drastic like setting up spam/virus scanning and maybe graylisting. This sort of thing happens a lot. But, unless these were addressed to actual users, they shouldn't have been accepted and queued anyway. Are you running a relay that accepts anything for a domain and forwards it? -- Les Mikesell lesmikesell at gmail.com
Jerry Geis a ?crit :> I was getting MANY emails from XXX.hinet.net - kind of filled my mqueue > directory. > I stopped sendmail. removed all the files in mqueue, added to sendmail > access a REJECT for hinet.net > This certainly seems to help - but is that the correct way to take care > of this sort of thing? >you can reject clients whose name ends in .dynamic.hinet.net .HINET-IP.hinet.net but that won't stop the noise. I prefer firewalling them: $ cat /etc/fw.nosmtp ## hinet.net junk sources #59.112.0.0 - 59.127.255.255 59.112.0.0/12 #61.220.0.0 - 61.231.255.255 61.220.0.0/14 61.224.0.0/14 61.228.0.0/14 #111.240.0.0 - 111.255.255.255 111.240.0.0/12 #114.32.0.0 - 114.47.255.255 114.32.0.0/12 #118.160.0.0 - 118.167.255.255 118.160.0.0/13 #118.168.0.0 - 118.171.255.255 118.168.0.0/14 #122.120.0.0 - 122.127.255.255 122.120.0.0/13 #218.160.0.0 - 218.175.255.255 218.160.0.0/12 #220.128.0.0 - 220.143.255.255 220.128.0.0/12 then smtp="-p tcp --dport 25" grep -v "^#" /etc/fw.nosmtp | while read _subnet _anything; do if [ ! -z ${_subnet} ]; then iptables -A INPUT -s ${_subnet} ${smtp} DROP fi done