[NTLUG:Discuss] Spam question

Neil Aggarwal neil at JAMMConsulting.com
Wed Jan 22 10:05:19 CST 2003 

Wayne:

Our solution was to create a dns-based blacklist that our mail
servers use to block incoming spam.  The beauty of this solution
is that all of our mail servers can use it without having to
keep the blacklist on each of them.  The all pull the information
from a central location.

Most spam comes from outside to US.  It is very easy to blacklist
the offending blocks of addresses.
ISPs within the US are very responsive to spam complaints and we
have had no problems with them.

This solution works very well for us.  I hope you find it useful
as well.

Here is what I did to set it up:

On the primary DNS server for JAMMConsulting.com, added nameserver records
for the zone name dnsbl.JAMMConsulting.com that point to the primary and
secondary nameservers.

Created a new master zone (forward) in the primary name server with the
domain dnsbl.JAMMConsulting.com.

On the secondary dns server, created a slave zone for
dnsbl.JAMMConsulting.com
that copies its records from the primary server.

On the primary nameserver, for each IP address to block, add an address
record for the reversed IP address that maps to one of these addresses:
127.0.0.2 for spammers
127.0.0.3 for open relays
127.0.0.4 for insecure formmail scripts

Can use wildcards for any prefix to a record.  For example:
*.3.2.1.dnsbl.JAMMConsulting.com
*.2.1.dnsbl.JAMMConsulting.com
and so on.

Also can use the generate command to specify a range.  For example:
$generate 160-175 *.$.44.196.dnsbl.JAMMConsulting.com.     A 127.0.0.2
This command will blacklist all addresses from 196.44.160.0 to
196.44.175.255

vi /etc/mail/sendmail.mc and add this line:
FEATURE(`dnsbl',`dnsbl.JAMMConsulting.com',`"Your IP address "
$&{client_addr} " was found in our spam filter"')dnl
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

Restart sendmail with this command:
service sendmail restart

If you would like help setting this up, would like to use our dns blacklist
for your email server, or would like to use our mail server, please let
me know if I can be of any assistance.

Thanks,
	Neil.

--
Neil Aggarwal
JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development    Websites, Ecommerce, Java, databases


> -----Original Message-----
> From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org]On
> Behalf Of Wayne Dahl
> Sent: Tuesday, January 21, 2003 10:39 PM
> To: NTLUG
> Subject: [NTLUG:Discuss] Spam question
>
>
> Ok guys, here's a good question for the group.  I'm sure you've all
> gotten spam that you've written filters for, but it seems the latest
> batch of junk is written specifically to bypass filters.  For example,
> if you write a filter to delete messages containing the word fizgig,
> inevitably, someone wanting to bypass your filters will write the email
> in html with something like this crap in it....fiz<-!---12354->gig and
> the filter merrily passes it by.
>
> So...what have you guys done to kill this garbage when there is nothing
> else in the email to key on?
>
> Wayne
>
>
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list