Syslog and sendmail - logging spam

[hirstys]

Hi Guys

Have a linux box hosting a few sites, one of the sites has a domain name similar to a well known porn site and a spammer has taken to spoofing mail from his domain name in an attempt to sell meds and the usual.

The problem is that we receive mail message bounces back to randomalias@clientdomain.com , the volume of these means that syslog is using a lot of resources logging bounces from clientdomain.com and the logfiles it generates are huge. This pi**es me off.

What I really want is a way of entering "clientdomain.com" into the syslog or sendmail configuration and having it excluded from the logging process.

Can someone explain how to do this?

Regards


James
hirstys@gmail.com

[ss2chef]

Syslog is too dumb to disclude NDR's about a specific domain AFAIK.

Sendmail will probably be in the same boat but you may be able to glue something together.

You may have to parse current log files and then rewrite them without lines containing
the NDR information for that domain or host.

Possible Helpful Links:

http://spamlinks.openrbl.org/filter-bounce.htm#cope

[karmine]

i know theres ways to block all traffic from a source.

[ss2chef]

Originally posted here by karmine
i know theres ways to block all traffic from a source.

NDRs about that domain could come from countless hosts depending on the delivering server.

Of couse there are ways to block traffic. Simply doing that then gets his router/firewall logs clogged with DENY entries and he is back to square one.