On Mon, 1 Dec 1997, Remco Blaakmeer wrote:
> Some guy is relaying a huge lot of spam e-mail via my computer. My
> computer is normally only used by myself and I do receive a lot of e-mail
> through several lists, but this guy caused /var/log/smail/logfile to be 41
> MB (that's right, forty-one MEGABYTES) [1]. Does anyone know how to
> prevent such actions, apart from blocking smtp traffic from his computer
> [2]? I tried mailing his postmaster (using his IP address, not the From:
> line), but I got a 'message undeliverable' (or something like that) error.
>
> What I would want is a filter that blocks any attempt of sending an e-mail
> from another host to a user at a third host. I beleive this is called
> relaying. The filter should look at the 'rcpt to:' smtp command, not at
> the 'From:' or 'To:' headers. I know this can be done with sendmail, but
> how do I do it with smail?
>
> Remco
>
> [1] this file is rotated once a day like on any default Debian system
>
> [2] this doesn't prevent others from doing the same trick
>
Well, I have a solution; however, be warned that I haven't tested this,
so...:
At the top of your /etc/smail/routers file, add:
match_relaying:
driver=queryprogram,
transport=relay_trns;
cmd="/usr/bin/test X${if origin:remote f} = Xf"
Then, in your /etc/smail/transports file, add:
relay_trns:
driver=appendfile; file=/dev/null
This will then throw away all of the relayed messages.
You may also want to add the 'rfc931' option to whatever /etc/hosts.allow
line it is that accepts smtp connections. Not that the spammer is likely
to be running an identd, but just in case...
DANIEL MARTIN
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
