On Mon, 2006-03-13 at 09:48 -0500, Sam Drinkard wrote:
> Craig White wrote:
> > On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
> >
> >> Will McDonald wrote:
> >>
> >>> On 12/03/06, Sam Drinkard <sam@xxxxxxxxxx> wrote:
> >>>
> >>>
> >>>> A while back, I posted a note asking if anyone had any ideas why the
> >>>> /etc/mail/access file was not being parsed or utilized in the efforts to
> >>>> stop spam and junk mail. I just looked over things again, and have still
> >>>> not found any reason why it still permits the TLD's I have listed to pass
> >>>> thru. I also thought perhaps there might be some "upper limit" to the
> >>>> number of entries sendmail could handle. What do the sendmail guru's think
> >>>> about that idea? I may reduce the number of entries from the current 275
> >>>> +/- down to just the most offensive TLD's and see what happens. Short of
> >>>> that, are there any other thoughts ya'll might have as to why it still
> >>>> passes the stuff I want blocked?
> >>>>
> >>>>
> >>> I don't know the ins-and-outs of Sendmail access well but does it base
> >>> its decision purely on the "From" address, which as we all know isn't
> >>> necessarily where a message originates. Or could it be basing the
> >>> access decision on the initial Received: from address, and/or that
> >>> addresses reverse lookup, in the header?
> >>>
> >>> In which case, a spam could originate from mail.blah.com and access
> >>> would accept it but the message itself would appear to come from
> >>> spammers@xxxxxxxxxx You'd accept the message inspite of having .ru
> >>> denied in your access.
> >>>
> >>> Just a thought.
> >>>
> >>> Will.
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS@xxxxxxxxxx
> >>> http://lists.centos.org/mailman/listinfo/centos
> >>>
> >>>
> >>>
> >>>
> >> As far as I know Will, sendmail looks at the access database, and will
> >> not allow a connection from the sending host if that particular IP or
> >> hostname happens to be in there. The access list *used* to work, but as
> >> I mentioned, I'm wondering if perhaps I've hit an upper limit or
> >> exceeded a limit where nothing in there is being parsed now. I don't go
> >> by hostname when blocking. I look at the sending host IP and block
> >> that. Headers from sendmail tell who or what connected to the port or
> >> tried to connect.
> >>
> > ----
> > it does if you use REJECT
> >
> > it also does things like ALLOW
> >
> > and things like RELAY
> >
> > I have never had a sendmail 'access' file with more than a few lines and
> > I don't think that it was actually intended to be a spam filter. There
> > are other very good methodologies for managing spam and sendmail is
> > quite capable of using them.
> >
> > Craig
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
> >
> >
> >
> I am using REJECT in all cases where it applies, and RELAY for my own
> little part of the world. I've been using access for about 10 years
> with no problems till now. I suppose the only way to tell if there is a
> limit would be to remove some, or create a new file and test it. I am
> fully aware of the process of how it works, and a make must be done
> after any changes. Sendmail does not need to be restarted to read the
> new file either.
----
I agree that you should probably remove most of your 'REJECT' lines and
rehash the db and see if that helps. It wasn't I who asked if you had
restarted sendmail.
My thinking is that putting specific entries into access file to block
spam is an electronic form of the whack-a-mole game that isn't likely to
be very effective and there are other much more effective methods of
spam blocking.
Craig
