Blocking email traffic with the access database

[Harold Johanssen]

In /etc/mail/access, entries like

biz REJECT
spammersareus@ REJECT

will result in connection attempts from the biz domain and from user name
spammersareus, at any domain, to be rejected immediately.

Would it be possible to use regular expressions instead of fixed
names? For example, I could have another line like

spammersinc@ REJECT

in addition to the spammersareus@ REJECT line above, but it would be
simpler and more powerful if I could replace those two lines with

spammer.*@ REJECT

I have tried that, but it does not seem to work in my environment. Is
this an intrinsic limitation, or do I have to pre-configure sendmail
differently?

[Mike A]

Harold Johanssen <noe...@please.net> wrote in <jvtt15$fbp$1...@news.albasani.net>:

As of sendmail 8.14.5, the access mechanism does not support regexes; I
don't know about later releases. There are milters that do support regexes,
and I use one of them to very good effect. Please feel free to write me
offline, unless other readers here would like to see the conversation.

--
Mike Andrews, W5EGO
mi...@mikea.ath.cx
Tired old sysadmin

[Harold Johanssen]

Any info that you can provide about such filtering mechanisms
will be much appreciated.

[Mike A]

Harold Johanssen <noe...@please.net> wrote in <jvu20o$pse$1...@news.albasani.net>:

I'd rather have taken this to E-mail, since it isn't directly related to
sendmail and hence is off-topic for this newsgroup, but I don't see a
usable E-mail address.

I use Daniel Hartmeier's milter-regex code, available at
<http://www.benzedrine.cx/milter-regex.html>. I found it useful to hack
on it slightly, increasing the max number of rule categories from 16 to
256, and inserting code to stop the body scan after a configurable
number of bytes (something like 50K is what I use).

Unless others want to see more here, I'd really prefer to take this to
E-mail to avoid the ire frequently provoked by off-topic posts.

[Mike Scott]

On 08/08/12 17:11, Mike A wrote:
...

>
> I use Daniel Hartmeier's milter-regex code, available at
> <http://www.benzedrine.cx/milter-regex.html>. I found it useful to hack
> on it slightly, increasing the max number of rule categories from 16 to
> 256, and inserting code to stop the body scan after a configurable
> number of bytes (something like 50K is what I use).

A useful piece of code, if prone to causing obscure operator errors -
but I've altered mine to use pcre rather than the standard regex library
- much more flexible, and a trivial change.



--
Mike Scott (unet2 <at> [deletethis] scottsonline.org.uk)
Harlow Essex England

[Harold Johanssen]

Thanks. This oretty much does what I need.

[terryc]

On 09/08/12 00:53, Mike A wrote:

> As of sendmail 8.14.5, the access mechanism does not support regexes;

Thank you, that answers a query.

Anoter
Is biz or .biz preferrable, or identical?
i.e would biz REJECT stop anythign with biz in the ident?
where .biz REJECT stops only those idents ending in .biz ?


T.I.A.

> There are milters that do support regexes,

Just as a comment, my personal preference is to not rely on milters as
that means I have to receive and then process the emails. This would
result in my email data going from 1Gb/month to about 20Gb/month. Thank
diety for spamhaus.

[Kees Theunissen]

terryc wrote:
> Just as a comment, my personal preference is to not rely on milters as
> that means I have to receive and then process the emails. This would
> result in my email data going from 1Gb/month to about 20Gb/month. Thank
> diety for spamhaus.

Either you're using a different implementation of the milter API than
the rest of the world does, or you don't understand how milters work.
;-)


Regartds,

Kees.

--
Kees Theunissen.

[terryc]

Possibly.