On Friday, May 28, 2004, 6:55:23 AM, Doc Schneider wrote:
I got a whole bunch of open relays doing rumpelstiltskin(sic) attacks on both my main mailserver and my seconary MX server... hitting the secondary and making it throttle the main one.
Anyway is there a way to use some of these RBLs to basically deny these open relays to be able to even attempt these attacks?
I'm running Sendmail 8.12.11 on Linux... both these boxen run RH 6.2 and are really locked down against other attacks.
Many people use and recommend list.dsbl.org and xbl.spamhaus.org (or sbl-xbl.spamhaus.org) to block open relays at the MTA level. (sbl-xbl is a combined list of sbl and xbl. ;-)
We find them quite effective.
Here are my mailserver.mc (m4) confs:
FEATURE(dnsbl,`sbl.spamhaus.org',`"Address "$&{client_addr}" blocked. See http://www.spamhaus.org/sbl/%22%27)dnl FEATURE(dnsbl,`xbl.spamhaus.org',`"Address "$&{client_addr}" blocked. See http://www.spamhaus.org/xbl/%22%27)dnl FEATURE(dnsbl,`list.dsbl.org',`"Open relay "$&{client_addr}" blocked. See http://dsbl.org/sender%22%27)dnl
Jeff C.