Anti spam solution for Sendmail

Posted on 2006-05-08
Last Modified: 2013-12-17

I would like to get some recommendations regarding an antispam solution for an sendmail/RHEL4 server running some 15000 users with about 500 virtual domains.
Today i am using some free RBL's to stomp spam but users are complaining about some legitimate email not being relayed through the server. I have checked these cases and found that they have been stopped by one of the RBL's configured.

What i am looking for is an antispam software that i can install on my mailserver which contains anti virus & anti spam filters which can be controlled by
an webinterface, for example if one user recives an email which is suspected to be spam he/she gets an email and the user can log into an webinterface and check some quarantine.

I am open to any suggestions, for the moment i have a huge amount of spam in some important mailboxes, for example the registry@...

I would also get some advice to enhance my sendmail configuration, this is my

VERSIONID(`setup for Red Hat Linux')dnl
dnl define(`confLOG_LEVEL', `9')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtuser.db')dnl
dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl
dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`enhdnsbl', `', `"Spam blocked see:"$&{client_addr}')dnl
FEATURE(`enhdnsbl', `',`"550 Mail From " $`'&{client_addr}" refused - see"')dnl
FEATURE(`enhdnsbl', `',`"550 Mail From " $`'&{client_addr}" refused - see"')dnl
dnl FEATURE(`enhdnsbl',`',`"554 Mail From " $&{client_addr}" refused see:"')dnl
FEATURE(`enhdnsbl', `',`"550 Mail From " $`'&{client_addr}" refused - see\#why_rejected"')dnl
define(`confCONNECTION_RATE_THROTTLE', `10')
define(`confTO_IDENT', `0')
define(`confMAX_RCPTS_PER_MESSAGE', `30')dnl
define(`MAX_MESSAGE_SIZE', `10000000')dnl
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
FEATURE(`greet_pause', `2000')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl
dnl INPUT_MAIL_FILTER(`clmilter',`S=local:/var/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:360s;R:360s;E:15m')
define(`confINPUT_MAIL_FILTERS', `mimedefang')dnl
dnl define(`confINPUT_MAIL_FILTERS', `clmilter')
dnl FEATURE(`accept_unresolvable_domains')dnl
dnl FEATURE(`relay_based_on_MX')dnl

I am running pop-before-smtp, the spam problem has not been worse after i started using it. It's about the same as before..

Best Regards, Rickard
Question by:r_svoren
    LVL 34

    Expert Comment

    Well, youj already have MIMEDefang (or at least the MILTER entry for it), and that's an excellent anti-SPAM tool. Check out the MIMEDefang website (, especially the wiki, for configuration tips and filter code. I've found HELO checks to be more effective than blacklists.

    I'll have some more info for you when I have a chance to sit down and write it. In the mean time, see if you also have Clam Anti-Virus (ClamAV, It may be used via MIMEDefang, and so would not show up in the sendmail configuration.

    Finally, before you go twiddling with your sendmail configuration, take some time to sit down and understand what it currently does, and document it. For some guideposts, see the Practical Modern sendmail Configuration article at -->, especially the sample file in the Resources section.
    LVL 26

    Expert Comment

    My first suggestion would be to stop using It is a very aggressive list and often legit servers get placed on it. I had to stop using it because many hotmail, yahoo, and mail servers were getting listed. Instead you could use just their dynamic IP list

    You might want to think about something like greylisting. It rejects all incoming mail *the first time* with a tempfail 40x error, forcing the sending server to retry. Nearly all legit servers will retry, while spammers do not. Once the message is resent  the sender (ip and email) are whitelisted and stored for a period of time. I'm on the research stage of implementing that now on my servers.
    LVL 34

    Expert Comment

    Actually, there's been some chatter recently on the MIMEDefang mailing list, specifically about how SPAMmers are on to greylisting and are starting to retry when TEMPFAILed. I'm not saying that greylisting is a bad idea or that it won't help, but it seems to be less effective than it once was.
    LVL 14

    Expert Comment

    I agree with PsiCop about clmilter line in your mc file (now u are processing mail twice)  mimedefang should do all the jobs (antivirus and antispam).
    Probably u don't need procmail (comment out...).
    Popauth (pop befor smtp) don't change nothing about spam...

    DSPAM is a possible solution to the quarantice check
    It has a quarantine folder so gives the user the ability to identify the occasional false positive and re-learn them as innocent emails, when your antispam is working well disable agressive rbl so u don loose mail.

    LVL 3

    Expert Comment

    try to add
    LVL 3

    Author Comment

    DSPAM looks nice, are you using the software ?
    LVL 14

    Expert Comment

    I'm using it in some productions site because  amavis-new has  the dspam support, now usually my mail servers are sendmail +clamv+bitdefender +spamassasin+dspam whith central quarantine, but I need quarantine per user. Probably in the next month I'll start to testing, something putting it behind of a standard installation.
    Production site (not really produtcion is my mail server) (MTA,amavis-new,clamv,bitdefender,spamassassin) ->forward all the mail to Test Site (MTA,clamv,bitdefender,Dspam native) and looking the differential mail passed and switch the test as frontend ... I need know very well before it to deploy my customers.
    My idea is also to try amavis a ligth spamassassin (tuned not aggresive) with central quarantine (nobody ask me for that mails) and  dspam as local delivery agent with user quarantine.    
    I think DSPAM  is interesting and emerging antispam software.


    LVL 7

    Expert Comment

    It is worth thinking a little about the configuration you've asked for. Your plan is to replace every spam message a user receives with a new email that informs them a spam message has been caught. Most users will then log in to the website to look at the message and determine if they want to delete it or not. This takes three times as long as actually deleting the message itself and seems worthless to me. It helps if you can include the sender and subject line on the alert email they get but still, they are receiving the same number of messages before and it is just as big a nuisance for most users. In environments I've been in where management asks for this feature, users have complained and eventually we stop sending the emails and users can just log in to check the web site for caught mail once a week or as often as they wish to or ignore it completely unless something they were expecting didn't get through.

    I agree with jar3817 about not using that particular RBL. I encounter a ton of these things built by people who don't have to support business critical installations where you can't get away with blocking all mail from AOL, etc. Most companies would find this disastrous.

    There is another spam solution worth looking at and that is offloading the workload to a third party. Fighting spam takes up a lot of your time. Postini provides a very good service that does everything you've mentioned and you don't have to futz with it constantly. Unless you want to, in which case there are plenty of options discussed above.
    LVL 3

    Author Comment

    Are you actually using Postini ?
    LVL 7

    Accepted Solution

    Yeah, we're using Postini. Typically t hey have been very good (I'm only a customer, no affiliation). Bad timing here, however, as they had a rough day yesterday with some rare slowdowns on their system that caused up to 30 minute delays for mail during the middle of the day. They communicated well during all of this with their customers but it still hurts. I still suspect their uptime is as good as most and as good as it would be if I were running it in-house.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    I have seen a lot of questions on EE where there have been problems sending out emails to one or more external email domains and most issues can be resolved fairly simply by checking to see that your Mail Server configuration is setup optimally and …
    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now