Solved

I want to DISCARD incoming mail that matches blacklist instead of REFUSING it. How to change sendmail for this?

Posted on 2006-07-08
7
614 Views
Last Modified: 2013-12-17
In sendmail.mc, I am using a blacklist feature to block CHINA, because this one server receives over 50,000 incoming mails on a daily basis that are refused as a result.

It reads:
FEATURE(`dnsbl', `cn.countries.nerd.dk', `"450 Mail from suspected spam source " $`'&{client_addr} " refused - using DNSBL countries.nerd.dk"')

In sendmail.mc, it then looks like this:
# DNS based IP address spam list cn.countries.nerd.dk
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.cn.countries.nerd.dk. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.cn.countries.nerd.dk. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "450 Mail from suspected spam source " $&{client_addr} " refused - using DNSBL countries.nerd.dk"

I would like to rewrite it so it DISCARDS matches instead of REFUSING them.

I assume this line needs to be rewritten:
R<?>$+                  $#error $@ 5.7.1 $: "450 Mail from suspected spam source " $&{client_addr} " refused - using DNSBL countries.nerd.dk"

and I need guidance in doing so.
0
Comment
Question by:innsites
  • 3
  • 2
  • 2
7 Comments
 
LVL 34

Accepted Solution

by:
PsiCop earned 250 total points
ID: 17065788
Using the "dnsbl" FEATURE of sendmail will result in a DISCARD instead of a REJECT. In order to change that behaviour you'll need to:

1) Hack cf/feature/dnsbl.m4 and replace the line that reads:

R<?>$+                  $#error $@ 5.7.1 $: _DNSBL_MSG_

with something like:

R<?>$+                  $#discard $@ 5.7.1 $: _DNSBL_MSG_

2) Don't use FEATURE(dnsbl) - instead, create a LOCAL_CONFIG section in sendmail.mc (at the bottom, after the MAILER statements) and copy cf/feature/dnsbl.m4 into there and change the "error" to "discard" in your version of it. Don't forget to set the RBL hostname correctly.

Method 2) takes a little more work, but can easily be ported between platforms and sendmail versions, whereas with method 1) you'll need to remember to re-hack cf/feature/dnsbl.m4 every time you upgrade or work on a different machine.
0
 
LVL 6

Expert Comment

by:anfi
ID: 17066054
Are you sure?

Discarding (takes place after accepting and) consumes more resources than refusing to accept.
Discarding is against spirit of "SMTP contract" to deliver or send back bounce message after giving ACK to the final dot of the message.
0
 

Author Comment

by:innsites
ID: 17066060
Thank you for your detailed response.

I modified dnsbl.m4 as suggested with this
R<?>$+                  $#discard $@ 5.7.1 $: _DNSBL_MSG_

But this error shows in maillog as a result:

Jul  8 16:49:00 mythos sendmail[8719]: NOQUEUE: SYSERR(root): /etc/sendmail.cf: line 1053: invalid rewrite line "R<?>^A+                  ^A#discard ^A@ 5.7.1 ^A: "450 Mail from suspected spam source " ^A&, " refused - using DNSBL countries.nerd.dk"" (tab expected)

Corrections?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:innsites
ID: 17066072
Response to anfi

The refusals are creating problems with resulting excessive mqueue sizes.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17066206
I don't know what tool you used to modify dnsbl.m4, but whatever you used, it was the wrong thing. Hopefully you retained an unaltered copy. Try using vi, pico, or nano... and remeber that TAB is the whitespace character in sendmail Rulesets, not spaces.
0
 
LVL 6

Assisted Solution

by:anfi
anfi earned 250 total points
ID: 17066208
FEATURE(`dnsbl',...) rejects message before DATA command (before message itself is transfered).
It does not put any message in your server queue.

Your server refuses to accept the message => it makes cinnecting host responsible for generating bounce messages (NOT YOUR HOST).
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17066222
anfi is right, by the way. Both about DISCARD being RFC-impolite, and about the point at which FEATURE(dnsbl) rejects the E-Mail.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft has released various new features which are capable of handling various tasks. One of these tasks is ‘Migration from pop3 to Exchange Server’. Pop3 data stores various data along mailboxes like contacts, tasks, etc. So, it becomes the need…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question