Solved

Sendmail 8.8.8 Spam/Relay Question

Posted on 1998-10-22
3
350 Views
Last Modified: 2013-12-23
We have Sendmail 8.8.8 and we handle mail for a couple of different domains. But unfortunately some spammers misuse this and use us as a relay host. I used to bolck them off using the Ip address or the domain name via the firewall but unfortunately they get thro to some other ISP and still use us as a relay host ....I need to stop Relaying based on the To addr if it doesnot concern my domains which I handle I should not allow them to do so ...

Is there some way where in I can protect or accept mail to my domains for which I have a Cw entry and disallow mail to any other domains ..

By the way I have Solaris 2.5.1 Running ..

Please Help !!

Thanks in advance

Wilson
0
Comment
Question by:wilpak
3 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
check for sendmail 8.9 at  http://www.sendmail.org/
It has some FEATURES for spam, for example using the Blacklist :-)
0
 
LVL 1

Accepted Solution

by:
Strange earned 100 total points
Comment Utility
Here is an examples from FreeBSD: (sendmail 8.8.7)
***README***
      Filtering out SPAM from your site

Introduction:
      The FreeBSD Project filters spam, unsolicited commerical
e-mail, from its mailing lists.  The filter has two parts: databases
and rulesets.  We have added three rulesets to /etc/sendmail.cf,
check_relay and check_mail and xlat. (xlat is for testing only, as
explained in /etc/mail/sendmail.cf.additions.) These rulesets use
two databases.  The denyip, a list of IP addresses, and spamsites,
a list of domains.  We do not accept mail from any machine that
matches a entry in either database.

Filtering at your site:
      To filter spam at your site you need to:
      1. modify your /etc/sendmail.cf,
      2. retrieve the database source files from the master site,
      3. make the databases and
      4. finally signal sendmail that the configuration file has changed.

1. Modifying your /etc/sendmail.cf
      Add the database declarations and the rulesets contained
in /etc/mail/sendmail.cf.additions to your .mc file.  If you do
not use m4 to generate your /etc/sendmail.cf, add the database
declarations to your /etc/sendmail.cf.

2. Fetching the database source files:
      The database source files are available from Gulf Coast
Internet via anonymous FTP.  The Makefile in /etc/mail will retreive
the source files for you: as root, type "cd /etc/mail; make" at
the command line.  The previous version of the database source
files is moved to <filename>.0.  Local additions should be kept in
separate files.  We use spamsites.local and denyip.local.  You may
want to diff the new versions of the files against the previous
versions to see what has changed.

3. Make the databases:
      As root, type "cd /etc/mail; make install" will build the
two databases from the retrieved source files and the local additions
files.

4. Signaling sendmail:
      Sendmail will reread its configuration whenever sendmail
receives a HUP signal.  As root, type "kill -HUP `cat
/var/run/sendmail.pid`".  Check sendmail's log file to be sure that
it has restarted.  /var/log/maillog should contain the line:  "Oct
15 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on
signal".  Most likely, the date, time, hostname and process id will
be differ.

Testing the spam filter:

How can I tell if its working:
      The mail log file, /var/log/maillog, will contain a line
for every message filtered.  The lines will be similar to one of
these two log entries:

Check_mail rejects:
"Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail,
arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###],
reject=521 <announce@martianconsulate.com>"

Check_relay rejects:
Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay,
arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost,
reject=521 blocked.contact postmaster@FreeBSD.ORG

***sendmail.cf.additions***
# database declarations
Kdenyip hash -o -a.REJECT /etc/mail/denyip.db
Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db

# called with host.tld and IP address of connecting host.
# ip address must NOT be in the "denyip" database
Scheck_relay
R$* $| [$+            $1 $| $2                  should not be needed
R$* $| $+]            $1 $| $2                  same (bat 2nd ed p510)
R$* $| $*            $: $1 $| $(denyip $2 $)
R$* $| $*.REJECT      $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($2)
# host must *not* be in the "spamsites" database
R$+.$+.$+ $| $*            $2.$3 $| $4
R$+.$+ $| $*            $: $(spamsites $1.$2 $) $| $3
R$*.REJECT $| $*      $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($1)
# Host must be resolvable, currently not used at hub.freebsd.org
#R$* $| $*            $: <?> <$1 $| $2> $>3 foo@$1
#R<?> <$*> $*<@$*.>      $: $1
#R<?> <$*> $*<@$*>      $#error $: 451 Domain does not resolve ($1)

# called with envelope sender, "Mail From: xxx", of SMTP conversation
#
Scheck_mail
R$*                  $: <?> $>3 $1
R<?> $* < @ $+ . >      $: $2
# R<?> $* < @ $+ >      $#error $: "451 Domain does not resolve"
R<?> $* < @ $+ >      $: $2
R$+.$+.$+            $2.$3  
R$*                  $: $(spamsites $1 $: OK $)
ROK                  $@ OK
R$+.REJECT            $#error $: 521 $1

# for testing check_relay and check_mail
# if we type "$|", sendmail will split this into two tokens "$" and "|"
# this rule glues prevent sendmail from splitting "$|"
# to use:  /usr/sbin/sendmail -bt
#          host.domain.tld $| 111.222.333.444
Sxlat
R$* $$| $*            $: $1 $| $2
R$* $| $*            $@ $>check_relay $1 $| $2

0
 
LVL 7

Expert Comment

by:scdavis
Comment Utility
Also check out www.dorkslayers.com.  They have other sendmail examples.

Do some net searches for other spam resources - there's a LOAD of material out there.  I've just fended the suckers off using Netscape Messenger 3.54 under NT.  Yucky, Yucky, Yucky..  Sendmail has much more documentation available.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I was recently sitting at a desk at work with one of my colleagues and needed some information on my home computer. He watched as I turned on my home computer, established a remote session into it, got the information I needed and then shut it down …
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now