Solved

I want to DISCARD incoming mail that matches blacklist instead of REFUSING it. How to change sendmail for this?

Posted on 2006-07-08
7
607 Views
Last Modified: 2013-12-17
In sendmail.mc, I am using a blacklist feature to block CHINA, because this one server receives over 50,000 incoming mails on a daily basis that are refused as a result.

It reads:
FEATURE(`dnsbl', `cn.countries.nerd.dk', `"450 Mail from suspected spam source " $`'&{client_addr} " refused - using DNSBL countries.nerd.dk"')

In sendmail.mc, it then looks like this:
# DNS based IP address spam list cn.countries.nerd.dk
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.cn.countries.nerd.dk. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.cn.countries.nerd.dk. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "450 Mail from suspected spam source " $&{client_addr} " refused - using DNSBL countries.nerd.dk"

I would like to rewrite it so it DISCARDS matches instead of REFUSING them.

I assume this line needs to be rewritten:
R<?>$+                  $#error $@ 5.7.1 $: "450 Mail from suspected spam source " $&{client_addr} " refused - using DNSBL countries.nerd.dk"

and I need guidance in doing so.
0
Comment
Question by:innsites
  • 3
  • 2
  • 2
7 Comments
 
LVL 34

Accepted Solution

by:
PsiCop earned 250 total points
ID: 17065788
Using the "dnsbl" FEATURE of sendmail will result in a DISCARD instead of a REJECT. In order to change that behaviour you'll need to:

1) Hack cf/feature/dnsbl.m4 and replace the line that reads:

R<?>$+                  $#error $@ 5.7.1 $: _DNSBL_MSG_

with something like:

R<?>$+                  $#discard $@ 5.7.1 $: _DNSBL_MSG_

2) Don't use FEATURE(dnsbl) - instead, create a LOCAL_CONFIG section in sendmail.mc (at the bottom, after the MAILER statements) and copy cf/feature/dnsbl.m4 into there and change the "error" to "discard" in your version of it. Don't forget to set the RBL hostname correctly.

Method 2) takes a little more work, but can easily be ported between platforms and sendmail versions, whereas with method 1) you'll need to remember to re-hack cf/feature/dnsbl.m4 every time you upgrade or work on a different machine.
0
 
LVL 6

Expert Comment

by:anfi
ID: 17066054
Are you sure?

Discarding (takes place after accepting and) consumes more resources than refusing to accept.
Discarding is against spirit of "SMTP contract" to deliver or send back bounce message after giving ACK to the final dot of the message.
0
 

Author Comment

by:innsites
ID: 17066060
Thank you for your detailed response.

I modified dnsbl.m4 as suggested with this
R<?>$+                  $#discard $@ 5.7.1 $: _DNSBL_MSG_

But this error shows in maillog as a result:

Jul  8 16:49:00 mythos sendmail[8719]: NOQUEUE: SYSERR(root): /etc/sendmail.cf: line 1053: invalid rewrite line "R<?>^A+                  ^A#discard ^A@ 5.7.1 ^A: "450 Mail from suspected spam source " ^A&, " refused - using DNSBL countries.nerd.dk"" (tab expected)

Corrections?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:innsites
ID: 17066072
Response to anfi

The refusals are creating problems with resulting excessive mqueue sizes.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17066206
I don't know what tool you used to modify dnsbl.m4, but whatever you used, it was the wrong thing. Hopefully you retained an unaltered copy. Try using vi, pico, or nano... and remeber that TAB is the whitespace character in sendmail Rulesets, not spaces.
0
 
LVL 6

Assisted Solution

by:anfi
anfi earned 250 total points
ID: 17066208
FEATURE(`dnsbl',...) rejects message before DATA command (before message itself is transfered).
It does not put any message in your server queue.

Your server refuses to accept the message => it makes cinnecting host responsible for generating bounce messages (NOT YOUR HOST).
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17066222
anfi is right, by the way. Both about DISCARD being RFC-impolite, and about the point at which FEATURE(dnsbl) rejects the E-Mail.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

When it comes to providing great business solutions, IBM and Microsoft are the two top companies excelling in the art. Both launch similar products aimed at a wide audience set and have a good customer satisfaction rate. Since their products are qui…
Nearly six years ago I was hired by a company to be their senior server engineer. One of my first projects was to implement Exchange Server 2007 on a Windows Server 2008 Single Copy Cluster for high availability. That was the easy part; read on to l…
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now