MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
       
12
 
2007
Months
Nov


Mon, Nov 12, 2007 9:02 pm

Silent Runners

Silent Runners is a Visual Basic script, which can be used to scan a system for software that starts automatically when Windows starts, which may aid you in determining if a system is infected with malware.

[ More Info ]

[/languages/vbs] permanent link

Mon, Nov 12, 2007 3:35 pm

Rejecting Email To a Specific Address in Sendmail

In checking the previous night's mail server log, I noticed a large number of messages addressed to someuser@frostdragon.com. There is an account, someuser on the system and email addressed to someuser@moonpoint.com should go through, but, though email for both domain names is processed by the server, email to someuser@frostdragon.com should not be delivered. Presumably, since someuser is acually a common male name, email addressed to someuser@frostdragon.com is from some spammer trying common names to deliver his spam.

I edited /etc/mail/access and added the line below:

someuser@frostdragon.com                  550 Mailbox disabled for this recipient

The 550 is a standard error code for an email server to return to an email client when email is rejected. You can specify whatever message you wish after it. In this case I chose "Mailbox disabled for this recipient". I could have just used the following line instead, if I didn't want to specify my own specific error message.

someuser@frostdragon.com                  REJECT

After executing the command makemap hash /etc/mail/access </etc/mail/access to rebuild the access database file, you can test the block by establishing a telnet connection to port 25 on the server, issuing an helo or ehlo command, then a mail from command with any address as the "from" address, and then a rcpt to command with the relevant recipient address.

mail from: someone@example.com
250 2.1.0 someone@example.com... Sender ok
rcpt to: someuser@frostdragon.com
550 5.0.0 someuser@frostdragon.com... Mailbox disabled for this recipient
rcpt to: someuser@moonpoint.com
250 2.1.5 someuser@moonpoint.com... Recipient ok
quit
221 2.0.0 frostdragon.com closing connection

From the above, I can see that email to the address I wanted marked as invalid is rejected immediately, but email to the same username at a different domain name gets through. Mail with a "from" address of someuser@frostdragon.com would still be accepted, even though it is now rejected as a "to" address.

Since I don't want the server to accept email if that address appears as a "from" address either, I added the line below to /etc/mail/access as well and rebuilt the access database with makemap hash /etc/mail/access </etc/mail/access.

From:someuser@frostdragon.com             550 We don't accept mail from spammers

If you try sending using a "from" address of someuser@frostdragon.com now, the message will be rejected. However, if you test the block by the telnet e.g. telnet frostdragon.com 25 and then issuing an ehlo or helo command followed by mail from and rcpt to commands, you won't see the rejection message until you've entered the rcpt to command, i.e. it doesn't occur when the mail from command is issued.

mail from:<someuser@frostdragon.com>
250 2.1.0 <someuser@frostdragon.com>... Sender ok
rcpt to:<myself@moonpoint.com>
550 5.0.0 <myself@moonpoint.com>... We don't accept mail from spammers

References:

  1. FEATUREs for check_* in sendmail 8.9
    Sendmail.Org
  2. Configuring sendmail to Reject Unsolicited Mail
    HP Technical Documentation
  3. Anti-Spam Configuration Control
    Sendmail.Org
  4. SMTP Service Extension for Returning Enhanced Error Codes
    The Internet Engineering Task Force (IETF)
  5. 22.6. The /etc/mail/access and access.db files
    Securing and Optimizing Linux
    RedHat Edition - A Hands on Guide

[/network/email/sendmail] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo