Solved

Sendmail 8.8.8 Spam/Relay Question

Posted on 1998-10-22
3
355 Views
Last Modified: 2013-12-23
We have Sendmail 8.8.8 and we handle mail for a couple of different domains. But unfortunately some spammers misuse this and use us as a relay host. I used to bolck them off using the Ip address or the domain name via the firewall but unfortunately they get thro to some other ISP and still use us as a relay host ....I need to stop Relaying based on the To addr if it doesnot concern my domains which I handle I should not allow them to do so ...

Is there some way where in I can protect or accept mail to my domains for which I have a Cw entry and disallow mail to any other domains ..

By the way I have Solaris 2.5.1 Running ..

Please Help !!

Thanks in advance

Wilson
0
Comment
Question by:wilpak
3 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1582471
check for sendmail 8.9 at  http://www.sendmail.org/
It has some FEATURES for spam, for example using the Blacklist :-)
0
 
LVL 1

Accepted Solution

by:
Strange earned 100 total points
ID: 1582472
Here is an examples from FreeBSD: (sendmail 8.8.7)
***README***
      Filtering out SPAM from your site

Introduction:
      The FreeBSD Project filters spam, unsolicited commerical
e-mail, from its mailing lists.  The filter has two parts: databases
and rulesets.  We have added three rulesets to /etc/sendmail.cf,
check_relay and check_mail and xlat. (xlat is for testing only, as
explained in /etc/mail/sendmail.cf.additions.) These rulesets use
two databases.  The denyip, a list of IP addresses, and spamsites,
a list of domains.  We do not accept mail from any machine that
matches a entry in either database.

Filtering at your site:
      To filter spam at your site you need to:
      1. modify your /etc/sendmail.cf,
      2. retrieve the database source files from the master site,
      3. make the databases and
      4. finally signal sendmail that the configuration file has changed.

1. Modifying your /etc/sendmail.cf
      Add the database declarations and the rulesets contained
in /etc/mail/sendmail.cf.additions to your .mc file.  If you do
not use m4 to generate your /etc/sendmail.cf, add the database
declarations to your /etc/sendmail.cf.

2. Fetching the database source files:
      The database source files are available from Gulf Coast
Internet via anonymous FTP.  The Makefile in /etc/mail will retreive
the source files for you: as root, type "cd /etc/mail; make" at
the command line.  The previous version of the database source
files is moved to <filename>.0.  Local additions should be kept in
separate files.  We use spamsites.local and denyip.local.  You may
want to diff the new versions of the files against the previous
versions to see what has changed.

3. Make the databases:
      As root, type "cd /etc/mail; make install" will build the
two databases from the retrieved source files and the local additions
files.

4. Signaling sendmail:
      Sendmail will reread its configuration whenever sendmail
receives a HUP signal.  As root, type "kill -HUP `cat
/var/run/sendmail.pid`".  Check sendmail's log file to be sure that
it has restarted.  /var/log/maillog should contain the line:  "Oct
15 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on
signal".  Most likely, the date, time, hostname and process id will
be differ.

Testing the spam filter:

How can I tell if its working:
      The mail log file, /var/log/maillog, will contain a line
for every message filtered.  The lines will be similar to one of
these two log entries:

Check_mail rejects:
"Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail,
arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###],
reject=521 <announce@martianconsulate.com>"

Check_relay rejects:
Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay,
arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost,
reject=521 blocked.contact postmaster@FreeBSD.ORG

***sendmail.cf.additions***
# database declarations
Kdenyip hash -o -a.REJECT /etc/mail/denyip.db
Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db

# called with host.tld and IP address of connecting host.
# ip address must NOT be in the "denyip" database
Scheck_relay
R$* $| [$+            $1 $| $2                  should not be needed
R$* $| $+]            $1 $| $2                  same (bat 2nd ed p510)
R$* $| $*            $: $1 $| $(denyip $2 $)
R$* $| $*.REJECT      $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($2)
# host must *not* be in the "spamsites" database
R$+.$+.$+ $| $*            $2.$3 $| $4
R$+.$+ $| $*            $: $(spamsites $1.$2 $) $| $3
R$*.REJECT $| $*      $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($1)
# Host must be resolvable, currently not used at hub.freebsd.org
#R$* $| $*            $: <?> <$1 $| $2> $>3 foo@$1
#R<?> <$*> $*<@$*.>      $: $1
#R<?> <$*> $*<@$*>      $#error $: 451 Domain does not resolve ($1)

# called with envelope sender, "Mail From: xxx", of SMTP conversation
#
Scheck_mail
R$*                  $: <?> $>3 $1
R<?> $* < @ $+ . >      $: $2
# R<?> $* < @ $+ >      $#error $: "451 Domain does not resolve"
R<?> $* < @ $+ >      $: $2
R$+.$+.$+            $2.$3  
R$*                  $: $(spamsites $1 $: OK $)
ROK                  $@ OK
R$+.REJECT            $#error $: 521 $1

# for testing check_relay and check_mail
# if we type "$|", sendmail will split this into two tokens "$" and "|"
# this rule glues prevent sendmail from splitting "$|"
# to use:  /usr/sbin/sendmail -bt
#          host.domain.tld $| 111.222.333.444
Sxlat
R$* $$| $*            $: $1 $| $2
R$* $| $*            $@ $>check_relay $1 $| $2

0
 
LVL 7

Expert Comment

by:scdavis
ID: 1582473
Also check out www.dorkslayers.com.  They have other sendmail examples.

Do some net searches for other spam resources - there's a LOAD of material out there.  I've just fended the suckers off using Netscape Messenger 3.54 under NT.  Yucky, Yucky, Yucky..  Sendmail has much more documentation available.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Internet Service Provider 3 55
Force a WIFI client onto a specific access point 7 28
Internet options/Settings 1 47
IR 1023 Scanning 4 25
Let’s list some of the technologies that enable smooth teleworking. 
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question