[Mediawiki-l] spam attack avoids captcha
Marcin Cieslak
saper at saper.info
Fri Mar 18 16:01:15 UTC 2011
>> Kay Diederichs <Kay.Diederichs at gmx.de> wrote:
> I found that
> To:gmail.com REJECT
> (with one or multiple tabs where the blank appears in the line above)
> seems to work well when appended to /etc/mail/access which is used by
> sendmail on my CentOS-5.5 machine. Nota bene: only wikis are on this
> machine, so it's ok to not confirm account creation to gmail users -
> they can be told to subscribe with different emails.
>
> I have not yet been able to find out why on my SL-6 machines
> gmail.com REJECT
> as the last line /etc/postfix/access does not seem to work - at least I
> see no "reject" message in /var/log/maillog.
Typically /etc/postfix/access is associated with smtpd_client_restrictions,
to check just do:
postconf | grep access
and you may see something like:
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
The manual[1] says, that check_client_access means:
Search the specified access database for the client hostname,
parent domains, client IP address, or networks obtained by
stripping least significant octets. See the access(5) manual
page for details.
To check for outgoing email domain names (this is the equivalent
of sendmail's "To:" in the accessdb) you need to use
"smtpd_recipient_restrictions" parameter with possibly a different
file.
Something like
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/rcpt_access
will let you use another postfix map for the RCPT To: addresses. See[2]
Note: this will work only if you submit mail externally (i.e. via SMTP
port) and not via local submission not handled by smtpd.
Sendmail allows you to put different kinds of rules and restrictions
in the access file, with Postfix you should be careful and possible
keep separate access maps.
//Marcin
[1] http://www.postfix.org/postconf.5.html#smtpd_client_restrictions
[2] http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
More information about the MediaWiki-l
mailing list