Using Sendmail to stop Spammers
A quick and easy way to shut out hundreds of thousands of foreign spam havens with an addition to your Sendmail configuration
As spam becomes an increasing problem, many companies are hawking goofy, client-side, content-based filtering systems. These have proven to be ineffective and require constant updating. What has proven effective are blocking SMTP traffic from IP addresses of foreign ISPs that do not secure their networks, don't respond to abuse complaints, harbor spammers, or should not be running SMTP services.
Over the course of more than two years, we have been compiling a database of mostly Asia-pacific and third-world-country broadband IPs that are primary sources of spam. If you are running Sendmail, we've provided a format below that can be easily cut-and-pasted into your /etc/mail/access file that will block more than a million sources of unwanted e-mail and worm/virus-spreading systems.
A substantial portion of the IP space on this current list are from broadband IP addresses in countries like China and Korea, as well as select blocks of DSL pools all around the world that should NOT be running mail servers and 99.999% of their port 25 traffic is either viruses, worms or spam.
Why Use This Database?
Unlike other solutions, this stops spammers as soon as they connect to your server, saving bandwidth and system resources. It also lets the spammers know that your system is not interested in accepting their mail, and it let's ISPs that harbor spammers know that they need to get their act together. It's VERY effective and based on our analysis, almost no legitimate mail will likely be blocked. If you do a lot of legitimate communication with China or Korea, your results may vary but most of us in the U.S. don't have legitimate communication with these sites and until they control their spammers, should be blacklisted.
This RBL is much faster than DNS-based RBLs, and it's permanent, and logable. We recommend you still use DNS-based RBLs as a supplement, but you'll find the list below will stop a huge amount of spam (never all, there is no 100% solution).
DISCLAIMER: Use this list at your own risk. We have absolutely no liability. This is just a list of IP spaces that we have meticulously compiled that we feel are worthwhile to share with others.
Instructions for use:
- Make sure you're using the access database in Sendmail. You should have a file similar to this in your sendmail.mc file:
FEATURE(access_db)dnl
- Cut-and-paste the file below into your /etc/mail/access
- Do a search-and-replace and replace your.spam.page.here with a URL to a page on your system with a message for anyone who might have their mail blocked so they can contact you. It's advised that you use a web-based e-mail form on this page and ask any users to include the "error message" they get so you can track which rule might have stopped the mail. (NOTE: This database has been run for a long time and the liklihood of legitimate mail being blocked is slim, but this is a good safety net)
- Re-compile the access database, typically with a command such as "make" in the /etc/mail directory, or /usr/sbin/makemap hash /etc/mail/access < /etc/mail/access
- If necessary -HUP the main sendmail process
- You're good to go! You can monitor the spam blocked by grep'ing the word "REJECT" from /var/log/maillog and see how much spam you catch. It's very effective.
connect:12.102 550 REJECTED your network for spamming 12102att - See http://your.spam.page.here connect:12.211 550 REJECTED your network for spamming 31 - See http://your.spam.page.here connect:12.212 550 REJECTED your network for spamming 31cc - See http://your.spam.page.here connect:12.219 550 REJECTED your network for spamming 33 - See http://your.spam.page.here connect:12.226 550 REJECTED your network for spamming 33cc - See http://your.spam.page.here connect:12.232 550 REJECTED your network for spamming 32a - See http://your.spam.page.here connect:12.236 550 REJECTED your network for spamming 32 - See http://your.spam.page.here connect:12.239 550 REJECTED your network for spamming 32b - See http://your.spam.page.here connect:12.245 550 REJECTED your network for spamming 40a - See http://your.spam.page.here connect:12.251 550 REJECTED your network for spamming 32c - See http://your.spam.page.here connect:131.95.120 550 REJECTED your network for spamming 15 - See http://your.spam.page.here connect:140.22 550 REJECTED due to your ISP spamming - you must be whitelisted - See http://your.spam.page.here connect:144.138 550 REJECTED you network for spamming 144138au - See http://your.spam.page.here connect:144.16 550 REJECTED you network for spamming 14416in - See http://your.spam.page.here connect:145.98 550 REJECTED your network for spamming 14598nl - See http://your.spam.page.here connect:157.158 550 REJECTED you network for spamming due to spamming 157158.pl - See http://your.spam.page.here connect:192.115.128 550 REJECTED you network for spamming 192115128il - See http://your.spam.page.here connect:192.115.129 550 REJECTED you network for spamming 192115129il - See http://your.spam.page.here connect:192.115.130 550 REJECTED you network for spamming 192115130il - See http://your.spam.page.here connect:192.115.131 550 REJECTED you network for spamming 192115131il - See http://your.spam.page.here connect:192.115.132 550 REJECTED you network for spamming 192115132il - See http://your.spam.page.here connect:192.115.133 550 REJECTED you network for spamming 192115133il - See http://your.spam.page.here connect:192.115.134 550 REJECTED you network for spamming 192115134il - See http://your.spam.page.here connect:192.115.135 550 REJECTED you network for spamming 192115135il - See http://your.spam.page.here connect:193.194.65 550 REJECTED you network for spamming 04ag - See http://your.spam.page.here connect:193.194.66 550 REJECTED you network for spamming 05ag - See http://your.spam.page.here connect:193.194.67 550 REJECTED you network for spamming 06ag - See http://your.spam.page.here connect:193.194.68 550 REJECTED you network for spamming 07ag - See http://your.spam.page.here connect:193.194.69 550 REJECTED you network for spamming 08ag - See http://your.spam.page.here connect:193.194.70 550 REJECTED you network for spamming 09ag - See http://your.spam.page.here connect:193.194.71 550 REJECTED you network for s