Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

blocking sendmail from spam

Posted on 2003-03-26
6
Medium Priority
?
1,678 Views
Last Modified: 2007-12-19
Hey guys,
look at the following lines of my ~/usr/log/messages file

<XX>Mar 26 15:40:02 sendmail[74024]: h2Q6G4De071670: to=user@isp.com, delay=09:23:57, xdelay=00:00:25, mailer=remote, pri=3483305, relay=mx4.uol.com.br. [200.221.4.30], dsn=4.2.0, stat=Deferred: 450 <oporsec76@siliconhysr.com>: Sender address rejected: Domain not found

<XX>Mar 26 15:40:16 sendmail[74024]: h2Q6G4De071670: to=user@isp.com, delay=09:24:11, xdelay=00:00:39, mailer=remote, pri=3483305, relay=mx5.uol.com.br. [200.221.4.32], dsn=4.2.0, stat=Deferred: 450 <oporsec76@siliconhysr.com>: Sender address rejected: Domain not found

<XX>Mar 26 15:40:19 sendmail[74024]: h2Q6G4De071670: to=user@isp.com, delay=09:24:14, xdelay=00:00:42, mailer=remote, pri=3483305, relay=mx7.uol.com.br. [200.221.4.55], dsn=4.2.0, stat=Deferred: 450 <oporsec76@siliconhysr.com>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:38 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:41, xdelay=00:00:03, mailer=remote, pri=3661732, relay=mx9.uol.com.br. [200.221.4.51], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:43 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:46, xdelay=00:00:08, mailer=remote, pri=3661732, relay=mx13.uol.com.br. [200.221.4.64], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:46 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:49, xdelay=00:00:11, mailer=remote, pri=3661732, relay=mx5.uol.com.br. [200.221.4.32], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:50 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:53,
xdelay=00:00:15, mailer=remote, pri=3661732, relay=mx7.uol.com.br. [200.221.4.55], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:53 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:56, xdelay=00:00:18, mailer=remote, pri=3661732, relay=mx4.uol.com.br. [200.221.4.30], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:56 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:59, xdelay=00:00:21, mailer=remote, pri=3661732, relay=mx10.uol.com.br. [200.221.4.21], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:59 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:50:02, xdelay=00:00:24, mailer=remote, pri=3661732, relay=mx6.uol.com.br. [200.221.4.25], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:42:04 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:50:07, xdelay=00:00:29, mailer=remote, pri=3661732, relay=mx3.uol.com.br. [200.221.4.23], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:42:07 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:50:10, xdelay=00:00:32, mailer=remote, pri=3661732, relay=mx11.uol.com.br. [200.221.4.38], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

Regarding to these lines, I have several questions...

1) Is there a way to block this spammer from even trying to access my sendmail?

2) I have tryed the method of "scf" and did not worked for this guy, as I feel he is using a diferent relay each mail. I have tryed to block for uol.com.br, but did not work too... I don't know why... Can you tell me what is the best method to block?

3) if a message is queued is that a signal that the spammer was successfull in trying to send a mail?

4) is there a way to void sendmail from queueing a message when an error is detected as "Sender address rejected: Domain not found"?

5) where can I find a list of the detailed sendmail messages and meanings?

6) where can I find a sendmail log analyzer that really works? The logs were generated on FreeBsd/Apache and I need to analyze it on Winblows 2000.

So that's it... lots of questions for 100 points!  :-)

regards and thanks.
0
Comment
Question by:mikelima
6 Comments
 
LVL 2

Expert Comment

by:san-deep
ID: 8218253
hi mikelima.

answer to all your questions lies here:

Sendmail Installation and Operation guide

http://www.uwsg.iu.edu/usail/mail/op/op.html


Sandy...

Note: Several major changes were introduced in version 8.7. You should not attempt to use this document for prior versions of sendmail

0
 

Expert Comment

by:martijnt
ID: 8218624
Hi,

you had best configure your sendmail to either require authentication from the users connecting to it, or limiting the IP-address range which is allowed to connect to it.

If you want to require authentication, search the sendmail documentation for "SASL".

Good luck,

Martijn Tigchelaar.
0
 
LVL 2

Author Comment

by:mikelima
ID: 8224571
Thanks Sandy, but the document you have pointed do not mentions a single line of what I have asked.

Martijn, how can I limit the IP's allowed to connect to it, using scf.conf? I have tryed it but did not works. I have not seen any difference with or without it.

Can you guys tell me a pratical way to block all that wonderful spammers from accessing my sendmail?

pleaseeeeeeee :-)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Expert Comment

by:SpideyMod
ID: 8272800
A request for a refund has been made.  Experts, you have 72 hours to object.

SpideyMod
Community Support Moderator @Experts Exchange
0
 

Expert Comment

by:winstarman
ID: 8276112
I can't believe you haven't gotten more responses to this.  Relaying is normally a big issue with sendmail.  Check out some of the following links:

http://docsrv.caldera.com/MM_admin/mmadminC.spam_forge.html

http://www.sendmail.org/antispam.html

http://hexadecimal.uoregon.edu/antirelay/

log analyser:

http://www.klake.org/sma/

Question 3: yes.

For a list of messages, try sendmail.org or download the ebook of Oreilly's Sendmail.

Not a complete answer, but it's more complete than others ;-)
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
ID: 8292872
PAQ'd and all 100 points refunded.

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month11 days, 14 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question