Blocking mail from certain domains....

Blocking mail from certain domains....

[Daniel W]

although a bit more tricky than that perhaps.


Say i own domain1.com and domain2.com

My users on each domain are getting emails from admin@domain1.com and
admin@domain2.com which are viruses but actually quite believeable. these
originate outside of my server but from various IP addresses.

Is there some way to make a rule:

Block all email from admin@*
where the sending IP is not [list of ip addresses that I own]


Where would I put this rule and how would it be activated? I think i have
procmail...or am i barking up the wrong tree?

Thanks for helping this newbie.

Regards,
Daniel

Re: Blocking mail from certain domains....

[Tommy Tovbin]

On Fri, 10 Oct 2003, Daniel W wrote:

> although a bit more tricky than that perhaps.
> 
> 
> Say i own domain1.com and domain2.com
> 
> My users on each domain are getting emails from admin@domain1.com and
> admin@domain2.com which are viruses but actually quite believeable. these
> originate outside of my server but from various IP addresses.
> 
> Is there some way to make a rule:
> 
> Block all email from admin@*
> where the sending IP is not [list of ip addresses that I own]
> 
> 
> Where would I put this rule and how would it be activated? I think i have
> procmail...or am i barking up the wrong tree?
If you have procmail, you can do it like this:

in .procmailrc or in global procmailrc put the next rules:
:0 :
* ^From: admin@*
<folder-where-u-want-save-these-messages> or /dev/null

by the way, see http://piology.org/.procmailrc.html or google.com+ 
.procmailrc

> 
> Thanks for helping this newbie.
> 
> Regards,
> Daniel
> 
> 
> 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

-- 
"This is UNIX country.    //=\  Tommy Tovbin
 if you listen carefully, \=//
 you can hear            //=\  tovbin at niisi dot msk dot ru
 Windows reboot..."      \=//  http://m1.sm.bmstu.ru

Re: Blocking mail from certain domains....

[urgrue]

i think its even easier to just put:
bad_domain.com	REJECT
in your access table. this is usually /etc/mail/access.
you may need to hash that table:
makemap hash /etc/mail/access.db < /etc/mail/access
but i am under the impression that most sendmails these days are 
configured to hash tables on start, so it may be sufficient to just 
restart sendmail.



On 2003.10.10 11:15, Tommy Tovbin wrote:
> On Fri, 10 Oct 2003, Daniel W wrote:
> 
> > although a bit more tricky than that perhaps.
> >
> >
> > Say i own domain1.com and domain2.com
> >
> > My users on each domain are getting emails from admin@domain1.com
> and
> > admin@domain2.com which are viruses but actually quite believeable.
> these
> > originate outside of my server but from various IP addresses.
> >
> > Is there some way to make a rule:
> >
> > Block all email from admin@*
> > where the sending IP is not [list of ip addresses that I own]
> >
> >
> > Where would I put this rule and how would it be activated? I think i
> have
> > procmail...or am i barking up the wrong tree?
> If you have procmail, you can do it like this:
> 
> in .procmailrc or in global procmailrc put the next rules:
> :0 :
> * ^From: admin@*
> <folder-where-u-want-save-these-messages> or /dev/null
> 
> by the way, see http://piology.org/.procmailrc.html or google.com+
> .procmailrc
> 
> >
> > Thanks for helping this newbie.
> >
> > Regards,
> > Daniel
> >
> >
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe
> linux-admin" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >
> 
> --
> "This is UNIX country.    //=\  Tommy Tovbin
>  if you listen carefully, \=//
>  you can hear            //=\  tovbin at niisi dot msk dot ru
>  Windows reboot..."      \=//  http://m1.sm.bmstu.ru
> 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-
> admin"
> in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 

Re: Blocking mail from certain domains....

[Sven Pfeifer]

Hi,

urgrue <urgrue@tumsan.fi> wrote:
> i think its even easier to just put:
> bad_domain.com	REJECT
> in your access table. this is usually /etc/mail/access.

but it only works if you have all the bad_domains.tld, not for
admin@some-domain.tld.

> you may need to hash that table:
> makemap hash /etc/mail/access.db < /etc/mail/access
> but i am under the impression that most sendmails these days are 
> configured to hash tables on start, so it may be sufficient to just 
> restart sendmail.

If i guess right, Daniel uses exim, then he can´t restart sendmail.
In this case i think procmail, or an exim-mailinglist would be the
better choice.

[...]

Cheers

	Sven

-- 
7. When I've captured my adversary and he says, "Look, before you
   kill me, will you at least tell me what this is all about?"
   I'll say, "No." and shoot him. No, on second thought I'll shoot
   him then say "No."
   --Peter Anspach's list of things to do as an Evil Overlord
------------------------------------------------------[rand. sig. #13]
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Blocking mail from certain domains....

[Joakim Ryden]

On Friday 10 October 2003 04:06 am, Sven Pfeifer wrote:
SP> Hi,
SP>
SP> urgrue <urgrue@tumsan.fi> wrote:
SP> > i think its even easier to just put:
SP> > bad_domain.com	REJECT
SP> > in your access table. this is usually /etc/mail/access.
SP>
SP> but it only works if you have all the bad_domains.tld, not for
SP> admin@some-domain.tld.
SP>
SP> > you may need to hash that table:
SP> > makemap hash /etc/mail/access.db < /etc/mail/access
SP> > but i am under the impression that most sendmails these days are
SP> > configured to hash tables on start, so it may be sufficient to just
SP> > restart sendmail.
SP>
SP> If i guess right, Daniel uses exim, then he can´t restart sendmail.
SP> In this case i think procmail, or an exim-mailinglist would be the
SP> better choice.

Letting an e-mail enter into your mail system(s) instead of rejeceting it in 
the SMTP conversation is usually NOT a good choice.

--Jo

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html