From owner-freebsd-isp  Fri Feb  6 16:27:01 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA28454
          for freebsd-isp-outgoing; Fri, 6 Feb 1998 16:27:01 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from Rigel.orionsys.com (dbabler@rigel.orionsys.com [205.148.224.9])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA28449
          for <isp@FreeBSD.ORG>; Fri, 6 Feb 1998 16:26:59 -0800 (PST)
          (envelope-from dbabler@Rigel.orionsys.com)
Received: from localhost (dbabler@localhost)
	by Rigel.orionsys.com (8.8.8/8.8.8) with SMTP id QAA25495;
	Fri, 6 Feb 1998 16:27:01 -0800 (PST)
	(envelope-from dbabler@Rigel.orionsys.com)
Date: Fri, 6 Feb 1998 16:27:00 -0800 (PST)
From: David Babler <dbabler@Rigel.orionsys.com>
Reply-To: David Babler <dbabler@Rigel.orionsys.com>
To: "Darrin R. Woods" <dwoods@netgazer.com>
cc: isp@FreeBSD.ORG
Subject: Re: spammer problem - help!
In-Reply-To: <3.0.32.19980206142216.00694dfc@netgazer.net>
Message-ID: <Pine.BSF.3.96.980206161116.11157F-100000@Rigel.orionsys.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe freebsd-isp"



On Fri, 6 Feb 1998, Darrin R. Woods wrote:

> I have applied the spammer patches found at sendmail.org, they include
> disallowing relaying and blocking of hosts.  The spammers db file has the
> following entry:
> 
> mail.t-1net.com	550 Access Denied
> 
> realizing that the "550..." is pretty much ignored and not really sent.  I
> build the db file with the following command:

AFAIK, if you use the key 'mail.t-1net.com', sendmail will get 3 tokens:
'550' 'Access' and 'Denied'. If you want the string back, enclose it in
quotes. 

I *do* recall a similar problem I had - and sendmail.org told me that maps
don't work properly on sendmial 8.8.5. Upgrading to 8.8.7 (and now 8.8.8)
made that problem go away. It seems to me that when I tested the rules,
using sendmail -bt, the map lookups seemed to work okay but when sendmail
was actually running, the lookups would fail. 

If you run 'sendmail -bt' and then do a map lookup:

	sendmail -bt
	> /map spammers mail.t-1net.com

You should get:

	map_lookup: spammers (mail.t-1net.com) returns 550 Access Denied

As others have mentioned, this mail is NOT coming from t-1net.com at all;
the example you showed came from a UU.net dialup. Nevertheless, you should
be able to trap the envelope address, bogus or not. A far more useful rule
to apply is to require the sender's address to validate.

-Dave