[Mediawiki-l] spam attack avoids captcha

Marcin Cieslak saper at saper.info
Fri Mar 18 16:01:15 UTC 2011


>> Kay Diederichs <Kay.Diederichs at gmx.de> wrote:
> I found that
> To:gmail.com REJECT
> (with one or multiple tabs where the blank appears in the line above) 
> seems to work well when appended to /etc/mail/access which is used by 
> sendmail on my CentOS-5.5 machine. Nota bene: only wikis are on this 
> machine, so it's ok to not confirm account creation to gmail users - 
> they can be told to subscribe with different emails.
>
> I have not yet been able to find out why on my SL-6 machines
> gmail.com REJECT
> as the last line /etc/postfix/access does not seem to work - at least I 
> see no "reject" message in /var/log/maillog.

Typically /etc/postfix/access is associated with smtpd_client_restrictions,
to check just do:

postconf | grep access 

and you may see something like:

smtpd_client_restrictions = check_client_access hash:/etc/postfix/access

The manual[1] says, that check_client_access means:

    Search the specified access database for the client hostname,
    parent domains, client IP address, or networks obtained by
    stripping least significant octets. See the access(5) manual
    page for details.

To check for outgoing email domain names (this is the equivalent
of sendmail's "To:" in the accessdb) you need to use 
"smtpd_recipient_restrictions" parameter with possibly a different
file. 

Something like

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/rcpt_access 

will let you use another postfix map for the RCPT To: addresses. See[2]

Note: this will work only if you submit mail externally (i.e. via SMTP
port) and not via local submission not handled by smtpd. 

Sendmail allows you to put different kinds of rules and restrictions
in the access file, with Postfix you should be careful and possible
keep separate access maps.

//Marcin

[1] http://www.postfix.org/postconf.5.html#smtpd_client_restrictions
[2] http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions




More information about the MediaWiki-l mailing list