Hello,

I have found some sendmail connections from spammers that use the accounts of my customers.

I want to know if I can deny connections to sendmail from all countries except Spain. This way most of foreigns spammers could not use the accounts of my customers to send spam.

My servers has Sendmail version 8.13.6.

Sometimes is easy to login in the email account of a customer. For example:

Account: peter@mydomain.com
Password: peter

and like most of mail servers use mail.mydomain.com for pop3 and smtp is easy to authenticate.

It´s hard to believe but some users are so stupid that put that type of passwords on their accounts, and spammers thanks them.

Any help would be greatly appreciated.

It doesn't seem like there's much help to be had here.

Maybe you can help The Planet come up with some ideas to enhance the forums a bit: http://forums.theplanet.com/index.php?showtopic=90912

Could you simply use a firewall like APF and close the smtp port 25 and any alternate ports. Then in allow_hosts.rules add all known IP blocks from spain access to port 25 and/or alternate smtp port using google to search for the CIDR ranges applicable. (I suspect though that no matter how much searching you do new ips will be allocated over time and you'll end up; with customers unable to connect.)

Another suggestion would be to enable brute force detection, cphulk, etc. so that after 3-5 failed logins the IP is banned.

Maybe the easiest is to look for a password checking script and require customers to set more secure passwords... or even an ultra-simple note on the page (cpanel for example color codes the password strength as it's entered indicating weak to strong) "if you set a weak password and a spammer brute forces it, you are responsible for the admin time to clean up the damage from your account, your service may be terminated, and no refund will be given. PLEASE enter a strong password.)