[Mailman-Users] SPAM getting through on moderated lists
John A. Martin
jam at jamux.com
Thu Aug 14 18:34:21 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Ed" == Ed Wilts
>>>>> "Re: [Mailman-Users] SPAM getting through on moderated lists"
>>>>> Thu, 14 Aug 2003 10:09:46 -0500
Ed> What would one look like to allow, for example, a mail message
Ed> to list at foo.com to only come from an MTA in the foo.com
Ed> domain?
I don't do Sendmail anymore. One way to do this with a recent Postfix
would be something like the following which is untested but should
work for a dedicated MTA on the same host as Mailman.
1. Check that 'postconf mynetworks' gives 127.0.0.0/8 plus whatever
IPs from which you do _not_ want to block SMTP 'mail from:
<list at foo.com>'. NB. If 'mynetworks' includes MX backup hosts mail
arriving therefrom will not be blocked by what follows.
2. Cause something like the following to be run as root either
whenever the Mailman aliases are modified or, less well,
periodically by cron. This converts the Mailman aliases file,
excluding the loop detection alias, into a Postfix access table.
egrep -v '^$|^#|^mailman-loop'</var/lib/mailman/data/aliases|
sed 's/^\([^:]*\):.*$/\1 550 Bogus Mail From/'>
/etc/postfix/check-list-bmf
postmap /etc/postfix/check-list-bmf
The above bash script assumes Mailman and Postfix installed from
recent Debian packages.
3. In /etc/postfix/main.cf
smtpd_recipient_restrictions =
...
permit_mynetworks
...
check_sender_access hash:/etc/postfix/check-list-bmf
...
permit
Something similar should be easy with Sendmail, right? :)
It still needs to be determined whether the above will do no harm.
HTH
jam
-----BEGIN PGP SIGNATURE-----
iD8DBQE/O7oJUEvv1b/iXy8RAsAxAJ9hjo902Pqpq2d58gmmQuBswKMVfQCfWDG4
/xVkiW9Iifs1jaSjzE2nC7Y=
=Z3mN
-----END PGP SIGNATURE-----
More information about the Mailman-Users
mailing list