Solved

Sendmail 8.8.8 Spam/Relay Question

Posted on 1998-10-22
3
353 Views
Last Modified: 2013-12-23
We have Sendmail 8.8.8 and we handle mail for a couple of different domains. But unfortunately some spammers misuse this and use us as a relay host. I used to bolck them off using the Ip address or the domain name via the firewall but unfortunately they get thro to some other ISP and still use us as a relay host ....I need to stop Relaying based on the To addr if it doesnot concern my domains which I handle I should not allow them to do so ...

Is there some way where in I can protect or accept mail to my domains for which I have a Cw entry and disallow mail to any other domains ..

By the way I have Solaris 2.5.1 Running ..

Please Help !!

Thanks in advance

Wilson
0
Comment
Question by:wilpak
3 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1582471
check for sendmail 8.9 at  http://www.sendmail.org/
It has some FEATURES for spam, for example using the Blacklist :-)
0
 
LVL 1

Accepted Solution

by:
Strange earned 100 total points
ID: 1582472
Here is an examples from FreeBSD: (sendmail 8.8.7)
***README***
      Filtering out SPAM from your site

Introduction:
      The FreeBSD Project filters spam, unsolicited commerical
e-mail, from its mailing lists.  The filter has two parts: databases
and rulesets.  We have added three rulesets to /etc/sendmail.cf,
check_relay and check_mail and xlat. (xlat is for testing only, as
explained in /etc/mail/sendmail.cf.additions.) These rulesets use
two databases.  The denyip, a list of IP addresses, and spamsites,
a list of domains.  We do not accept mail from any machine that
matches a entry in either database.

Filtering at your site:
      To filter spam at your site you need to:
      1. modify your /etc/sendmail.cf,
      2. retrieve the database source files from the master site,
      3. make the databases and
      4. finally signal sendmail that the configuration file has changed.

1. Modifying your /etc/sendmail.cf
      Add the database declarations and the rulesets contained
in /etc/mail/sendmail.cf.additions to your .mc file.  If you do
not use m4 to generate your /etc/sendmail.cf, add the database
declarations to your /etc/sendmail.cf.

2. Fetching the database source files:
      The database source files are available from Gulf Coast
Internet via anonymous FTP.  The Makefile in /etc/mail will retreive
the source files for you: as root, type "cd /etc/mail; make" at
the command line.  The previous version of the database source
files is moved to <filename>.0.  Local additions should be kept in
separate files.  We use spamsites.local and denyip.local.  You may
want to diff the new versions of the files against the previous
versions to see what has changed.

3. Make the databases:
      As root, type "cd /etc/mail; make install" will build the
two databases from the retrieved source files and the local additions
files.

4. Signaling sendmail:
      Sendmail will reread its configuration whenever sendmail
receives a HUP signal.  As root, type "kill -HUP `cat
/var/run/sendmail.pid`".  Check sendmail's log file to be sure that
it has restarted.  /var/log/maillog should contain the line:  "Oct
15 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on
signal".  Most likely, the date, time, hostname and process id will
be differ.

Testing the spam filter:

How can I tell if its working:
      The mail log file, /var/log/maillog, will contain a line
for every message filtered.  The lines will be similar to one of
these two log entries:

Check_mail rejects:
"Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail,
arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###],
reject=521 <announce@martianconsulate.com>"

Check_relay rejects:
Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay,
arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost,
reject=521 blocked.contact postmaster@FreeBSD.ORG

***sendmail.cf.additions***
# database declarations
Kdenyip hash -o -a.REJECT /etc/mail/denyip.db
Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db

# called with host.tld and IP address of connecting host.
# ip address must NOT be in the "denyip" database
Scheck_relay
R$* $| [$+            $1 $| $2                  should not be needed
R$* $| $+]            $1 $| $2                  same (bat 2nd ed p510)
R$* $| $*            $: $1 $| $(denyip $2 $)
R$* $| $*.REJECT      $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($2)
# host must *not* be in the "spamsites" database
R$+.$+.$+ $| $*            $2.$3 $| $4
R$+.$+ $| $*            $: $(spamsites $1.$2 $) $| $3
R$*.REJECT $| $*      $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($1)
# Host must be resolvable, currently not used at hub.freebsd.org
#R$* $| $*            $: <?> <$1 $| $2> $>3 foo@$1
#R<?> <$*> $*<@$*.>      $: $1
#R<?> <$*> $*<@$*>      $#error $: 451 Domain does not resolve ($1)

# called with envelope sender, "Mail From: xxx", of SMTP conversation
#
Scheck_mail
R$*                  $: <?> $>3 $1
R<?> $* < @ $+ . >      $: $2
# R<?> $* < @ $+ >      $#error $: "451 Domain does not resolve"
R<?> $* < @ $+ >      $: $2
R$+.$+.$+            $2.$3  
R$*                  $: $(spamsites $1 $: OK $)
ROK                  $@ OK
R$+.REJECT            $#error $: 521 $1

# for testing check_relay and check_mail
# if we type "$|", sendmail will split this into two tokens "$" and "|"
# this rule glues prevent sendmail from splitting "$|"
# to use:  /usr/sbin/sendmail -bt
#          host.domain.tld $| 111.222.333.444
Sxlat
R$* $$| $*            $: $1 $| $2
R$* $| $*            $@ $>check_relay $1 $| $2

0
 
LVL 7

Expert Comment

by:scdavis
ID: 1582473
Also check out www.dorkslayers.com.  They have other sendmail examples.

Do some net searches for other spam resources - there's a LOAD of material out there.  I've just fended the suckers off using Netscape Messenger 3.54 under NT.  Yucky, Yucky, Yucky..  Sendmail has much more documentation available.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
is there an export feature for easy reading in task scheduler 9 80
Nimble Storage 3 64
Dns issues 4 35
Current date-time from Available WiFi connections 10 29
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question