Unwanted Sendmail connections

[normntwrk]

At times I see connections from sites that I know are spammers . These hang on for hours at times and show up when I do a ps -eaf |grep sendmail. I don't really understand what they are doing as I've checked my mail server for an open relay several times and it checks out OK. I'm running RedHat 8 and sendmail 8.12.8-9. I also have these spammer sites listed in my access.db as DISCARD and some of them still get through.

Any Ideas?

Thanks
Norm

 

[Rhinokiller]

You can add an RBL check in the sendmail.mc which queries the spamhaus RBLs. This is done during the initial smtp conversation so the overhead is minimal. Add the following to your sendmail.mc:
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"571 ACCESS DENIED to <"$&f"> thru "$&{client_name}" by /spamhaus/ ;Please see

http://www.spamhaus.org/sbl/'")dnl

Recompile sendmail with the m4 preprocessor and restart the sendmail daemon.
SpamAssassin is also a great tool for identifying spam and you can tune it to suit your environment. I run both the RBL check and SpamAssassin with great results. I also added a Fortinet FG400 to scan incomming traffic for viruses (viri ?) and spam and I have basically eliminated spam/viri from my network. I highly recommend the Fortinet (I'm not a rep for them either) if you're serious about stopping this crap at the front door. If anyone has any questions about the FG400 I'll be happy to answer them.

Cogito Ergo Sum - Non Compos Mentis

 

[BitFuzzy]

you may want to look into

popbeforesmtp or sendmails smtp_auth