?
Solved

blocking sendmail from spam

Posted on 2003-03-26
6
Medium Priority
?
1,668 Views
Last Modified: 2007-12-19
Hey guys,
look at the following lines of my ~/usr/log/messages file

<XX>Mar 26 15:40:02 sendmail[74024]: h2Q6G4De071670: to=user@isp.com, delay=09:23:57, xdelay=00:00:25, mailer=remote, pri=3483305, relay=mx4.uol.com.br. [200.221.4.30], dsn=4.2.0, stat=Deferred: 450 <oporsec76@siliconhysr.com>: Sender address rejected: Domain not found

<XX>Mar 26 15:40:16 sendmail[74024]: h2Q6G4De071670: to=user@isp.com, delay=09:24:11, xdelay=00:00:39, mailer=remote, pri=3483305, relay=mx5.uol.com.br. [200.221.4.32], dsn=4.2.0, stat=Deferred: 450 <oporsec76@siliconhysr.com>: Sender address rejected: Domain not found

<XX>Mar 26 15:40:19 sendmail[74024]: h2Q6G4De071670: to=user@isp.com, delay=09:24:14, xdelay=00:00:42, mailer=remote, pri=3483305, relay=mx7.uol.com.br. [200.221.4.55], dsn=4.2.0, stat=Deferred: 450 <oporsec76@siliconhysr.com>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:38 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:41, xdelay=00:00:03, mailer=remote, pri=3661732, relay=mx9.uol.com.br. [200.221.4.51], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:43 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:46, xdelay=00:00:08, mailer=remote, pri=3661732, relay=mx13.uol.com.br. [200.221.4.64], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:46 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:49, xdelay=00:00:11, mailer=remote, pri=3661732, relay=mx5.uol.com.br. [200.221.4.32], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:50 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:53,
xdelay=00:00:15, mailer=remote, pri=3661732, relay=mx7.uol.com.br. [200.221.4.55], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:53 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:56, xdelay=00:00:18, mailer=remote, pri=3661732, relay=mx4.uol.com.br. [200.221.4.30], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:56 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:49:59, xdelay=00:00:21, mailer=remote, pri=3661732, relay=mx10.uol.com.br. [200.221.4.21], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:41:59 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:50:02, xdelay=00:00:24, mailer=remote, pri=3661732, relay=mx6.uol.com.br. [200.221.4.25], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:42:04 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:50:07, xdelay=00:00:29, mailer=remote, pri=3661732, relay=mx3.uol.com.br. [200.221.4.23], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

<XX>Mar 26 15:42:07 sendmail[74024]: h2Q5puQo067717: to=user@isp.com, delay=09:50:10, xdelay=00:00:32, mailer=remote, pri=3661732, relay=mx11.uol.com.br. [200.221.4.38], dsn=4.2.0, stat=Deferred: 450 <supermarketing@mdb.admin.br>: Sender address rejected: Domain not found

Regarding to these lines, I have several questions...

1) Is there a way to block this spammer from even trying to access my sendmail?

2) I have tryed the method of "scf" and did not worked for this guy, as I feel he is using a diferent relay each mail. I have tryed to block for uol.com.br, but did not work too... I don't know why... Can you tell me what is the best method to block?

3) if a message is queued is that a signal that the spammer was successfull in trying to send a mail?

4) is there a way to void sendmail from queueing a message when an error is detected as "Sender address rejected: Domain not found"?

5) where can I find a list of the detailed sendmail messages and meanings?

6) where can I find a sendmail log analyzer that really works? The logs were generated on FreeBsd/Apache and I need to analyze it on Winblows 2000.

So that's it... lots of questions for 100 points!  :-)

regards and thanks.
0
Comment
Question by:mikelima
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 2

Expert Comment

by:san-deep
ID: 8218253
hi mikelima.

answer to all your questions lies here:

Sendmail Installation and Operation guide

http://www.uwsg.iu.edu/usail/mail/op/op.html


Sandy...

Note: Several major changes were introduced in version 8.7. You should not attempt to use this document for prior versions of sendmail

0
 

Expert Comment

by:martijnt
ID: 8218624
Hi,

you had best configure your sendmail to either require authentication from the users connecting to it, or limiting the IP-address range which is allowed to connect to it.

If you want to require authentication, search the sendmail documentation for "SASL".

Good luck,

Martijn Tigchelaar.
0
 
LVL 2

Author Comment

by:mikelima
ID: 8224571
Thanks Sandy, but the document you have pointed do not mentions a single line of what I have asked.

Martijn, how can I limit the IP's allowed to connect to it, using scf.conf? I have tryed it but did not works. I have not seen any difference with or without it.

Can you guys tell me a pratical way to block all that wonderful spammers from accessing my sendmail?

pleaseeeeeeee :-)
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Expert Comment

by:SpideyMod
ID: 8272800
A request for a refund has been made.  Experts, you have 72 hours to object.

SpideyMod
Community Support Moderator @Experts Exchange
0
 

Expert Comment

by:winstarman
ID: 8276112
I can't believe you haven't gotten more responses to this.  Relaying is normally a big issue with sendmail.  Check out some of the following links:

http://docsrv.caldera.com/MM_admin/mmadminC.spam_forge.html

http://www.sendmail.org/antispam.html

http://hexadecimal.uoregon.edu/antirelay/

log analyser:

http://www.klake.org/sma/

Question 3: yes.

For a list of messages, try sendmail.org or download the ebook of Oreilly's Sendmail.

Not a complete answer, but it's more complete than others ;-)
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
ID: 8292872
PAQ'd and all 100 points refunded.

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month8 days, 6 hours left to enroll

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question