Spammers using low priority MX record to send email.

[mrbean2766]

I'm receiving junk via my ISP - my low priority MX record for my domain comes in via my ISP. Since I trust my ISP, I've OK'd mail delivery from that domain via my access file.

How then can I sniff out the real senders ip address for mail coming in via my ISP and and run it through the blocklist lookup? If this can be done, will the bounce message go back to my ISP or will it be sent to the ip address I just looked up?

Cheers,
tkb.

 

[Hoyt75]

The access file is the key. All you have to do is make an entry in your access file for the spammerlike so:

badspammer@spam.com REJECT


It will drop the mail and issue an error message to the sender.

Hoyt75

 

[Hoyt75]

oh yeah and don't forget to run the makemap command and restart sendmail

makemap hash access.db < access

Hoyt75

 

[mrbean2766]

Thanks Hoyt75. My problem is that I'm getting spam mail from several users a day and these sender addresses change from day to day. As such, your suggestion will require me to manually add entries into the access file - that's just too much work for a couch potato considering that PC's ought to automate everything. I'm using "FEATURE(`dnsbl',...)dnl" which is doing a good job as I'm hardly getting any spam into my users' inboxes for mail sent directly to my mail server. However, mail coming in via my ISP is accepted (OK in access) and no dnsbl lookup is performed thus spam finds its way into my users' inboxes.

Cheers,
tkb.

 

[mrbean2766]

Since I have not received any more suggestions in here, I've succumbed to what you suggested Hoyt75 - I might have to get down and dirty and write me a sendmail script that will check any mail coming in from my ISP then run the next header through the relay checks.

Cheers,
tkb.