Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sendmail 8.8.8 Spam/Relay Question

Posted on 1998-10-22
3
Medium Priority
?
362 Views
Last Modified: 2013-12-23
We have Sendmail 8.8.8 and we handle mail for a couple of different domains. But unfortunately some spammers misuse this and use us as a relay host. I used to bolck them off using the Ip address or the domain name via the firewall but unfortunately they get thro to some other ISP and still use us as a relay host ....I need to stop Relaying based on the To addr if it doesnot concern my domains which I handle I should not allow them to do so ...

Is there some way where in I can protect or accept mail to my domains for which I have a Cw entry and disallow mail to any other domains ..

By the way I have Solaris 2.5.1 Running ..

Please Help !!

Thanks in advance

Wilson
0
Comment
Question by:wilpak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1582471
check for sendmail 8.9 at  http://www.sendmail.org/
It has some FEATURES for spam, for example using the Blacklist :-)
0
 
LVL 1

Accepted Solution

by:
Strange earned 200 total points
ID: 1582472
Here is an examples from FreeBSD: (sendmail 8.8.7)
***README***
      Filtering out SPAM from your site

Introduction:
      The FreeBSD Project filters spam, unsolicited commerical
e-mail, from its mailing lists.  The filter has two parts: databases
and rulesets.  We have added three rulesets to /etc/sendmail.cf,
check_relay and check_mail and xlat. (xlat is for testing only, as
explained in /etc/mail/sendmail.cf.additions.) These rulesets use
two databases.  The denyip, a list of IP addresses, and spamsites,
a list of domains.  We do not accept mail from any machine that
matches a entry in either database.

Filtering at your site:
      To filter spam at your site you need to:
      1. modify your /etc/sendmail.cf,
      2. retrieve the database source files from the master site,
      3. make the databases and
      4. finally signal sendmail that the configuration file has changed.

1. Modifying your /etc/sendmail.cf
      Add the database declarations and the rulesets contained
in /etc/mail/sendmail.cf.additions to your .mc file.  If you do
not use m4 to generate your /etc/sendmail.cf, add the database
declarations to your /etc/sendmail.cf.

2. Fetching the database source files:
      The database source files are available from Gulf Coast
Internet via anonymous FTP.  The Makefile in /etc/mail will retreive
the source files for you: as root, type "cd /etc/mail; make" at
the command line.  The previous version of the database source
files is moved to <filename>.0.  Local additions should be kept in
separate files.  We use spamsites.local and denyip.local.  You may
want to diff the new versions of the files against the previous
versions to see what has changed.

3. Make the databases:
      As root, type "cd /etc/mail; make install" will build the
two databases from the retrieved source files and the local additions
files.

4. Signaling sendmail:
      Sendmail will reread its configuration whenever sendmail
receives a HUP signal.  As root, type "kill -HUP `cat
/var/run/sendmail.pid`".  Check sendmail's log file to be sure that
it has restarted.  /var/log/maillog should contain the line:  "Oct
15 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on
signal".  Most likely, the date, time, hostname and process id will
be differ.

Testing the spam filter:

How can I tell if its working:
      The mail log file, /var/log/maillog, will contain a line
for every message filtered.  The lines will be similar to one of
these two log entries:

Check_mail rejects:
"Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail,
arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###],
reject=521 <announce@martianconsulate.com>"

Check_relay rejects:
Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay,
arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost,
reject=521 blocked.contact postmaster@FreeBSD.ORG

***sendmail.cf.additions***
# database declarations
Kdenyip hash -o -a.REJECT /etc/mail/denyip.db
Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db

# called with host.tld and IP address of connecting host.
# ip address must NOT be in the "denyip" database
Scheck_relay
R$* $| [$+            $1 $| $2                  should not be needed
R$* $| $+]            $1 $| $2                  same (bat 2nd ed p510)
R$* $| $*            $: $1 $| $(denyip $2 $)
R$* $| $*.REJECT      $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($2)
# host must *not* be in the "spamsites" database
R$+.$+.$+ $| $*            $2.$3 $| $4
R$+.$+ $| $*            $: $(spamsites $1.$2 $) $| $3
R$*.REJECT $| $*      $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($1)
# Host must be resolvable, currently not used at hub.freebsd.org
#R$* $| $*            $: <?> <$1 $| $2> $>3 foo@$1
#R<?> <$*> $*<@$*.>      $: $1
#R<?> <$*> $*<@$*>      $#error $: 451 Domain does not resolve ($1)

# called with envelope sender, "Mail From: xxx", of SMTP conversation
#
Scheck_mail
R$*                  $: <?> $>3 $1
R<?> $* < @ $+ . >      $: $2
# R<?> $* < @ $+ >      $#error $: "451 Domain does not resolve"
R<?> $* < @ $+ >      $: $2
R$+.$+.$+            $2.$3  
R$*                  $: $(spamsites $1 $: OK $)
ROK                  $@ OK
R$+.REJECT            $#error $: 521 $1

# for testing check_relay and check_mail
# if we type "$|", sendmail will split this into two tokens "$" and "|"
# this rule glues prevent sendmail from splitting "$|"
# to use:  /usr/sbin/sendmail -bt
#          host.domain.tld $| 111.222.333.444
Sxlat
R$* $$| $*            $: $1 $| $2
R$* $| $*            $@ $>check_relay $1 $| $2

0
 
LVL 7

Expert Comment

by:scdavis
ID: 1582473
Also check out www.dorkslayers.com.  They have other sendmail examples.

Do some net searches for other spam resources - there's a LOAD of material out there.  I've just fended the suckers off using Netscape Messenger 3.54 under NT.  Yucky, Yucky, Yucky..  Sendmail has much more documentation available.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question