Gone on to long (caps lock edit)

[AlaskanWolf]

For those who want to block email from getting to your server (sorta like a global spam list)

Check out http://www.rhyolite.com/anti-spam/freemail-adb

i added this to the /etc/exim.conf, when i put the domain list in, i could only put domain.com (not domain.com DCC:etc..)

bounce_spam_master:
driver = smartuser
require_files = /etc/spammers
senders = /etc/spammers
new_address = :fail: \"unknown local-part \\\"$local_part\\\" in domain \\\"$domain\\\"\"

 

[moronhead]

Mike,[quote:c7d81785ff]run

/scripts/initsuexec

I believe that turns it on, then you will have usernames in your exim log file.[/quote:c7d81785ff]Can you disable it at will after enabling it?

I also can\'t see the binary /usr/local/apache/bin/suexec which seems to be required by /scripts/initsuexec.

 

[bdraco]

You might want to checkout /var/log/sendmail.log
--

Also to get suexec grab buildapache.sea from layer1.cpanel.net

 

[Vince]

The CWD in /var/log/sendmail.log isn\'t always correct.
Which makes it worthless.
An I with a accent over it doesn\'t help me in tracking a spammer. =|

12/17/2001 3:19: 1 sendmail[18985]: called by pid 18656 uid 99 () CWD Ì
That really didn\'t tell me much I didn\'t know already...

Vince.

 

[bdraco]

[quote:b3246c9648]The CWD in /var/log/sendmail.log isn\'t always correct.
Which makes it worthless.
An I with a accent over it doesn\'t help me in tracking a spammer. =|

12/17/2001 3:19: 1 sendmail[18985]: called by pid 18656 uid 99 () CWD Ì
That really didn\'t tell me much I didn\'t know already...

Vince. [/quote:b3246c9648]

Yea .. you can just chdir(\"/\"); to avoid it .. The only real solution is to force suexec

 

[Domenico]

[quote:9f73cb479c]host_accept_relay = +allow_address : lsearch;/etc/relayhosts : localhost

change this to

host_accept_relay = +allow_address : lsearch;/etc/relayhosts

that will stop people relaying from localhost,
[/quote:9f73cb479c]

Can you explain this a little bit further? I don\'t understand the localhost relaying part very good. What will be different for the normal user on your box ???

 

[shaun]

well most of the time when i find out about spam i use this tool (this is for qmail) called qmHandle. Basically that tool will let you show the number or mail items in the queue. Sendmail has a cheap version of it\'s own called mailq. For somereason cpanel does have this mailq binary but from what i\'ve read it\'s the same as running sendmail -bp. I tested it out and it looks alittle diffrent but it\'s basically the same. Anyway my point is that most of the time spammers load up the queue. So why not just write a script that runs somthing like this.

mailcount=`expr `sendmail -bp|wc -l` / 3`

or somthing like that. That wont give you the exact number because it\'s just a crap version of counting the lines it puts out but it should only be off by 5 messages +/-.
anyway have a cron job run this every 5 min of somthing and if mailcount > \"1000\" or how ever many you want it to be sent to have it mail you or somthing.

Or if you just wanted to count the people who send **** with the return address of [email protected] then just do somthing like

mailcount=`sendmail -bp |grep nobody|wc -l`


hmmm maybe if i get bord tonight i\'ll just write it.

 

[rpmws]

Please Please do ..please !!!!! and share it please???

 

[shaun]

I\'ll see what i can do, i gotta hang out with the gf tonight and you now how that goes...

 

[shaun]

ok, it\'s not 4:00 in the morning and i have to go to work tomarrow luckily not till 11:00 but still, it\'s late. I started on the script and well right now it will just display how many messages are in the queue total and how many are from bad address\'s (ex: [email protected] ) you can set the badaddress\'s in the script.

I\'m still trying to figure out how i\'m going to write the part that will email people because i figure if you have this script run every 5 minutes in cron and it emails you every time the queue is greater than what ever number it could cause your mail box to become quite full. I was thinking on having it write a file somewhere with a data/time of the last time it emailed you and have it only allow\'s to send 1 each hour or somthing but the problem with that is, what if the spammer starts again right after you delete all the mail in the queue. Any Suguestions would help....