?
Solved

I want to DISCARD incoming mail that matches blacklist instead of REFUSING it. How to change sendmail for this?

Posted on 2006-07-08
7
Medium Priority
?
630 Views
Last Modified: 2013-12-17
In sendmail.mc, I am using a blacklist feature to block CHINA, because this one server receives over 50,000 incoming mails on a daily basis that are refused as a result.

It reads:
FEATURE(`dnsbl', `cn.countries.nerd.dk', `"450 Mail from suspected spam source " $`'&{client_addr} " refused - using DNSBL countries.nerd.dk"')

In sendmail.mc, it then looks like this:
# DNS based IP address spam list cn.countries.nerd.dk
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.cn.countries.nerd.dk. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.cn.countries.nerd.dk. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "450 Mail from suspected spam source " $&{client_addr} " refused - using DNSBL countries.nerd.dk"

I would like to rewrite it so it DISCARDS matches instead of REFUSING them.

I assume this line needs to be rewritten:
R<?>$+                  $#error $@ 5.7.1 $: "450 Mail from suspected spam source " $&{client_addr} " refused - using DNSBL countries.nerd.dk"

and I need guidance in doing so.
0
Comment
Question by:innsites
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 34

Accepted Solution

by:
PsiCop earned 1000 total points
ID: 17065788
Using the "dnsbl" FEATURE of sendmail will result in a DISCARD instead of a REJECT. In order to change that behaviour you'll need to:

1) Hack cf/feature/dnsbl.m4 and replace the line that reads:

R<?>$+                  $#error $@ 5.7.1 $: _DNSBL_MSG_

with something like:

R<?>$+                  $#discard $@ 5.7.1 $: _DNSBL_MSG_

2) Don't use FEATURE(dnsbl) - instead, create a LOCAL_CONFIG section in sendmail.mc (at the bottom, after the MAILER statements) and copy cf/feature/dnsbl.m4 into there and change the "error" to "discard" in your version of it. Don't forget to set the RBL hostname correctly.

Method 2) takes a little more work, but can easily be ported between platforms and sendmail versions, whereas with method 1) you'll need to remember to re-hack cf/feature/dnsbl.m4 every time you upgrade or work on a different machine.
0
 
LVL 6

Expert Comment

by:anfi
ID: 17066054
Are you sure?

Discarding (takes place after accepting and) consumes more resources than refusing to accept.
Discarding is against spirit of "SMTP contract" to deliver or send back bounce message after giving ACK to the final dot of the message.
0
 

Author Comment

by:innsites
ID: 17066060
Thank you for your detailed response.

I modified dnsbl.m4 as suggested with this
R<?>$+                  $#discard $@ 5.7.1 $: _DNSBL_MSG_

But this error shows in maillog as a result:

Jul  8 16:49:00 mythos sendmail[8719]: NOQUEUE: SYSERR(root): /etc/sendmail.cf: line 1053: invalid rewrite line "R<?>^A+                  ^A#discard ^A@ 5.7.1 ^A: "450 Mail from suspected spam source " ^A&, " refused - using DNSBL countries.nerd.dk"" (tab expected)

Corrections?
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 

Author Comment

by:innsites
ID: 17066072
Response to anfi

The refusals are creating problems with resulting excessive mqueue sizes.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17066206
I don't know what tool you used to modify dnsbl.m4, but whatever you used, it was the wrong thing. Hopefully you retained an unaltered copy. Try using vi, pico, or nano... and remeber that TAB is the whitespace character in sendmail Rulesets, not spaces.
0
 
LVL 6

Assisted Solution

by:anfi
anfi earned 1000 total points
ID: 17066208
FEATURE(`dnsbl',...) rejects message before DATA command (before message itself is transfered).
It does not put any message in your server queue.

Your server refuses to accept the message => it makes cinnecting host responsible for generating bounce messages (NOT YOUR HOST).
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17066222
anfi is right, by the way. Both about DISCARD being RFC-impolite, and about the point at which FEATURE(dnsbl) rejects the E-Mail.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question