[vox-tech] rejecting spam using tcpwrappers
Peter Jay Salzman
vox-tech@lists.lugod.org
Fri, 30 Nov 2001 12:23:33 -0800
ok, i think i figured this out. in inetd.conf, i modified the smtp line to
read:
smtp stream tcp nowait mail /usr/sbin/tcpd /usr/sbin/exim -bs
whenever spam arrives, i simply drop the offending host in /etc/hosts.deny.
the reason for this is it seems nicer to reject spam, rather than ignore it
(as you would with a procmail filter). that way, the spammers know that
you're not listening to them. by filtering, they never know the difference.
anyway, the only tweak i think i need to make is with logcheck:
Nov 30 11:25:24 exim[7763]: connect from murphy.debian.org
Nov 30 11:26:34 exim[7776]: connect from murphy.debian.org
Nov 30 11:27:19 exim[7787]: connect from foobar.math.fu-berlin.de
Nov 30 11:29:43 exim[7804]: connect from murphy.debian.org
Nov 30 11:32:45 exim[7811]: connect from murphy.debian.org
Nov 30 11:36:28 exim[7822]: connect from murphy.debian.org
Nov 30 11:41:01 exim[7846]: connect from dcn251-11.dcn.davis.ca.us
Nov 30 11:51:49 exim[7870]: connect from ig25.optinrewards.com
Nov 30 11:56:11 exim[7985]: refused connect from femail8.sdc1.sfba.home.com
the wrapper reports each mail connect (and reject). if anything, i'm only
interested in what sessions get rejected.
other than this, i think this works...
pete
--
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
PGP Public Key: finger p@dirac.org